DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Software

FedEx Will Pay You $5 To Install Flash (theregister.co.uk) 90

FedEx's Office Print department is offering customers $5 to enable Adobe Flash in their browsers. Why would they do such a thing you may ask? It's because they want customers to design posters, signs, manuals, banners and promotional agents using their "web-based config-o-tronic widgets," which requires Adobe Flash. The Register reports: But the web-based config-o-tronic widgets that let you whip and order those masterpieces requires Adobe Flash, the enemy of anyone interested in security and browser stability. And by anyone we mean Google, which with Chrome 56 will only load Flash if users say they want to use it, and Microsoft which will stop supporting Flash in its Edge browser when the Windows 10 Creators Update debuts. Mozilla's Firefox will still run Flash, but not for long. The impact of all that Flash hate is clearly that people are showing up at FedEx Office Print without the putrid plug-in. But seeing as they can't use the service without it, FedEx has to make the offer depicted above or visible online here. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring yourself a $5 discount could therefore cost you plenty in future.
Firefox

Firefox for Linux is Now Netflix Compatible (betanews.com) 71

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!
Microsoft

WikiLeaks Won't Tell Tech Companies How To Patch CIA Zero-Days Until Demands Are Met (fortune.com) 228

"WikiLeaks has made initial contact with us via secure@microsoft.com," a Microsoft spokesperson told Motherboard -- but then things apparently stalled. An anonymous reader quotes Fortune: Wikileaks this week contacted major tech companies including Apple and Google, and required them to assent to a set of conditions before receiving leaked information about security "zero days" and other surveillance methods in the possession of the Central Intelligence Agency... Wikileaks' demands remain largely unknown, but may include a 90-day deadline for fixing any disclosed security vulnerabilities. According to Motherboard's sources, at least some of the involved companies are still in the process of evaluating the legal ramifications of the conditions.
Julian Assange announced Friday that Mozilla had already received information after agreeing to their "industry standard responsible disclosure plan," then added that "most of these lagging companies have conflicts of interest due to their classified work for U.S. government agencies... such associations limit industry staff with U.S. security clearances from fixing security holes based on leaked information from the CIA." Assange suggested users "may prefer organizations such as Mozilla or European companies that prioritize their users over government contracts. Should these companies continue to drag their feet we will create a league table comparing company responsiveness and government entanglements so users can decided for themselves."
Firefox

Will WebAssembly Replace JavaScript? (medium.com) 235

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."
Firefox

Firefox 52 Is The Last Version of Firefox For Windows XP and Vista (mspoweruser.com) 119

Mozilla has confirmed that Firefox 52, the new version of its browser it made available earlier this week, will be the last major version to support two legacy operating systems - Windows XP and Windows Vista. The company said future versions will require Windows users to be on a machine that has at a minimum Windows 7 running on it.
Firefox

Developer Proclaims Death of Cyberfox Web Browser (ghacks.net) 52

In a forum entitled "Cyberfox and its future direction," the lead developer of Cyberfox proclaimed the death of their web browser. The lead developer, Toady, writes: "Over the years the Cyberfox project has grown immensely and its thanks to all the amazing support of our users and has been an amazing couple of years this however has demanded far more of my time causing me to drop allot of projects and passions id like to pursue, the time factor this project has demanded has also take a toll lifestyle wise as have the changes made by Mozilla requiring more and more time to maintain so its come to a point where i recently had to assess the direction of this project and the direction i wish to head for the future. This has being no easy choice and the last few months allot of thinking about the direction of this project has taken place." He continues, "This project has been amazing no one could ask for a better project or community sadly as much as i love this project my heart is no longer fully in it, dreams of pursuing game development were pushed aside and lifestyle steadily declined ultimately slowly coming to this point where changes and choices have to be made ones that will affect this project and the future of what i have spent all these years building." Ghacks Technology News reports: The death of Cyberfox, or more precisely, the announcement of end of life for the web browser may come as a shock to users who run it. It should not be too much of a surprise though for users who keep an eye on the browser world and especially Mozilla and Firefox. Mozilla announced major changes to Firefox, some of which landed already, some are in process, and others are announced for 2017. [Some of the critical changes:] Multi-process Firefox is almost done, plugins are out except for Flash and Firefox ESR, Windows XP and Vista users are switched to Firefox ESR so that the operating systems are supported for eight additional releases, and WebExtensions will replace all other add-on systems of the browser. That's a lot of change, especially for projects that are maintained by a small but dedicated group of developers such as Cyberfox. The author of Cyberfox made the decision to switch the browser's release channel to Firefox 52.0 ESR. This means that Cyberfox will be supported with security updates for the next eight release cycles, but new features that Mozilla introduces in Firefox Stable won't find their way into the browser anymore. UPDATE 3/07/17: We have updated the headline to clarify that Cyberfox, specifically, is the browser that will be coming to an end. We have also added an excerpt from the developer's post. Toady clarified at the end of his post: "The largest factor was lifestyle a nicer way of saying health issues without making it to personalized."
Firefox

Mozilla Firefox 52 Released As ESR Branch, Will Receive Security Updates Until 2018 (softpedia.com) 91

prisoninmate quotes a report from Softpedia: Back in January, we told you that the development of the Mozilla Firefox 52.0 kicked off with the first Beta release and promised to let users send and open tabs from one device to another, among numerous other improvements and new features. Nine beta builds later, Mozilla has pushed today, March 7, the final binary and source packages of the Mozilla Firefox 52.0 web browser for all supported platforms, including GNU/Linux, macOS, and Windows. The good news is that Firefox 52.0 is an ESR (Extended Support Release) branch that will be supported until March-April 2018. Prominent features of the Mozilla Firefox 52.0 ESR release include support for the emerging WebAssembly standard to boost the performance of Web-based games and apps without relying on plugins, the ability to send and open tabs from one device to another, as well as multi-process for Windows users with touchscreens. With each new Firefox release, Mozilla's developers attempt to offer new ways to improve the security of the widely-used web browser across all supported platforms. Firefox 52.0 ESR implements a "This connection is not secure" warning for non-secure pages that require user logins, along with a new Strict Secure Cookies specification.
Chrome

Microsoft Browser Usage Drops 50% As Chrome Soars (networkworld.com) 205

An anonymous reader quotes Network World's report about new statistics from analytics vendor Net Applications: From March 2015 to February 2017, the use of Microsoft's IE and Edge on Windows personal computers plummeted. Two years ago, the browsers were run by 62% of Windows PC owners; last month, the figure had fallen by more than half, to just 27%. Simultaneous with the decline of IE has been the rise of Chrome. The user share of Google's browser -- its share of all browsers on all operating systems -- more than doubled in the last two years, jumping from 25% in March 2015 to 59.5% last month. Along the way, Chrome supplanted IE to become the world's most-used browser...

In the last 24 months, Mozilla's Firefox -- the other major browser alternative to Chrome for macOS users -- has barely budged, losing just two-tenths of a percentage point in user share. [And] in March 2015, an estimated 69% of all Mac owners used Safari to go online. But by last month, that number had dropped to 56%, a drop of 13 percentage points -- representing a decline of nearly a fifth of the share of two years prior.

Mozilla

After 19 Years, DMOZ Will Close, Announces AOL 60

Its volunteer-edited web directory formed the basis for early search offerings from Netscape, AOL, and Google. But 19 years later, there's some bad news. koavf writes: As posted on the DMOZ homepage, the Open Directory Project's web listing will go offline on March 14, 2017. Founded in 1998 as "Gnuhoo", the human-curated directory once powered Google and served as a model for Wikipedia.
A 1998 Slashdot editorial prompted Richard Stallman and the Free Software Foundation to complain about how "Gnu" was used in the site's name. "We renamed GnuHoo to NewHoo," a blog post later explained, "but then Yahoo objected to the 'Hoo' (and our red letters, exclamation point, and 'comical font')." After being acquired for Netscape's "Open Directory Project," their URL became directory.mozilla.org, which was shortened to DMOZ. Search Engine Land predicts the memory of the Open Directory Project will still be kept alive by the NOODP meta tag.

The site was so old that its hierarchical categories were originally based on the hierarchy of Usenet newsgroups. As it nears its expiration date, do any Slashdot readers have thoughts or memories to share about DMOZ?
Businesses

Mozilla Acquires Pocket and Its More Than 10 Million Users (recode.net) 82

An anonymous reader quotes a report from Recode: Mozilla, the company behind the Firefox web browser, is buying Pocket, the read-it-later service, for an undisclosed amount. Pocket, which is described by Mozilla as its first strategic acquisition, will continue to operate as a Mozilla subsidiary. Founder Nate Weiner will continue to run Pocket, along with his team of about 25 people. Pocket, previously known as Read It Later, lets users bookmark articles, videos and other content to read or view later on the web or a mobile device. It's great for things like saving offline copies of web articles to read on plane rides or subway commutes, especially where internet access is sparse. Pocket, which was founded in 2007, has more than 10 million monthly active users, according to a rep. That's not bad, but suggests it's still a fairly niche service, especially as big firms like Facebook and Apple build simple "reading list" features into their platforms.
Debian

Mozilla Thunderbird Finally Makes Its Way Back Into Debian's Repos (softpedia.com) 47

prisoninmate quotes a report from Softpedia: A year ago, we told you that, after ten long years, the Debian Project finally found a way to switch their rebranded Iceweasel web browser back to Mozilla Firefox, both the ESR (Extended Support Release) and normal versions, but one question remained: what about the Mozilla Thunderbird email, news, and calendar client? Well, that question has an official answer today, as the Mozilla Thunderbird packages appear to have landed in the Debian repositories as a replacement for Icedove, the rebranded version that Debian Project was forced to use for more than ten years due to trademark issues. "Thunderbird is back in Debian! We also renamed other related packages to use official names, e.g. iceowl-extension -> lightning. For now, we need testers to catch existing issues and things we haven't seen until now," said Christoph Goehre in the mailing list announcement. You can find out how to migrate your Icedove profiles to Thunderbird via Softpedia's report.
Mozilla

Mozilla Will Deprecate XUL Add-ons Before the End of 2017 225

Artem Tashkinov writes: Mozilla has published a plan of add-ons deprecation in future Firefox releases. Firefox 53 will run in multi process mode by default for all users with some exceptions. Most add ons will continue to function, however certain add ons have already ceased to function because they don't expect multi user mode under the hood. Firefox 54-56 will introduce even more changes which will ultimately break even more addons. Firefox 57, which will be preliminarily released on the 28th of Novermber, 2017, will only run WebExtensions: which means no XUL (overlay) add ons, no bootstrapped extensions, no SDK extensions and no Embedded WebExtensions. In other words by this date the chromification of Firefox will have been completed. If you depend on XUL add ons your only choice past this date will be Pale Moon.
Netscape

Mozilla To Drop Support For All NPAPI Plugins In Firefox 52 Except Flash (bleepingcomputer.com) 163

The Netscape Plugins API is "an ancient plugins infrastructure inherited from the old Netscape browser on which Mozilla built Firefox," according to Bleeping Computer. But now an anonymous reader writes: Starting March 7, when Mozilla is scheduled to release Firefox 52, all plugins built on the old NPAPI technology will stop working in Firefox, except for Flash, which Mozilla plans to support for a few more versions. This means technologies such as Java, Silverlight, and various audio and video codecs won't work on Firefox.

These plugins once helped the web move forward, but as time advanced, the Internet's standards groups developed standalone Web APIs and alternative technologies to support most of these features without the need of special plugins. The old NPAPI plugins will continue to work in the Firefox ESR (Extended Support Release) 52, but will eventually be deprecated in ESR 53. A series of hacks are available that will allow Firefox users to continue using old NPAPI plugins past Firefox 52, by switching the update channel from Firefox Stable to Firefox ESR.

Firefox

Mozilla Binds Firefox's Fate To The Rust Language (infoworld.com) 236

An anonymous reader quotes InfoWorld: After version 53, Firefox will require Rust to compile successfully, due to the presence of Firefox components built with the language. But this decision may restrict the number of platforms that Firefox can be ported to -- for now... Rust depends on LLVM, which has dependencies of its own -- and all of them would need to be supported on the target platform. A discussion on the Bugzilla tracker for Firefox raises many of these points...

What about proper support for Linux distributions with long-term support, where the tools available on the distro are often frozen, and where newer Rust features might not be available? What about support for Firefox on "non-tier-1" platforms, which make up a smaller share of Firefox users? Mozilla's stance is that in the long run, the pain of transition will be worth it. "The advantage of using Rust is too great," according to maintainer Ted Mielczarek. "We normally don't go out of our way to make life harder for people maintaining Firefox ports, but in this case we can't let lesser-used platforms restrict us from using Rust in Firefox."

InfoWorld points out most Firefox users won't be affected, adding that those who are should "marshal efforts to build out whatever platforms need Rust support." Since most users just want Mozilla to deliver a fast and feature-competitive browser, the article concludes that "The pressure's on not only to move to Rust, but to prove the move was worth it."
Mozilla

Firefox Fail: Layoffs Kill Mozilla's Push Beyond the Browser (cnet.com) 319

So much for Mozilla's quest to bring Firefox to new and different places. From a report on CNET: The nonprofit organization told employees Thursday that it is eliminating the team tasked with bringing Firefox to connected devices. The cuts affect about 50 people. Ari Jaaksi, the senior vice president in charge of the effort, is leaving, and Bertrand Neveux, director of the group's software, has told coworkers he will depart too. Mozilla had about 1,000 employees at the end of 2016. The layoffs greatly curtail the nonprofit organization's ability to make Firefox relevant again. Once a dominant choice for internet browsing, it has long been overshadowed by Google's Chrome. Mozilla tried to take the web technology powering Firefox to other devices, but struggled to get acceptance. Its shrinking influence comes at a time when more people are browsing the internet on their phones -- an area where Firefox is particularly weak.
Security

HTTPS Adoption Has Reached the Tipping Point (troyhunt.com) 85

Security expert Troy Hunt, who is perhaps best known for creating Have I Been Pwned data breach service, argues that adoption of HTTPS has reached the tipping point, citing "some really significant things" that have happened in the past few months. From a blog post: We've already passed the halfway mark for requests served over HTTPS -- This was one of the first signs that we'd finally hit that tipping point and it came a few months ago. This is really significant -- Mozilla is now seeing more secure traffic than it is non-secure traffic. Now that doesn't mean that most sites are now HTTPS because that figure above has a huge portion of traffic served from a small number of big sites. Twitter, Facebook, Gmail etc. all do all their things over HTTPS and that keeps that number quite high. Hunt also cited security aficionado Scott Helme's recent analysis which found that the number of websites listed in Alexa's top one million websites that have adopted to HTTPS has more than doubled year from August 2015 to August 2016. Troy adds: Browsers are holding non-secure sites more accountable. Chrome 56 is now holding sites using bad security practices to account (by flagging a "not secure" label in the address bar when you visit such websites). Many sites you wouldn't expect are now going HTTPS by default. (He cites websites such as ArsTechnica, NYTimes as examples). Making more cases for his argument, Hunt adds that HTTPS sites are not slow as they used to be, and that services such as Let's Encrypt and Cloudflare have made it free and east to bring this security feature.
Chrome

Chrome Now Reloads Pages 28% Faster (techcrunch.com) 124

Google has announced that it has worked with Facebook and Mozilla to make page reloads in Chrome for desktop and mobile significantly faster. According to Google's data, reloading sites with the latest version of Chrome should now be about 28 percent faster. From a report: Typically, when you reload a page, the browser ends up making hundreds of network requests just to see if the images and other resources it cached the first time you went to a site are still valid. As Google engineer Takashi Toyoshima notes in today's announcement, users typically reload pages because they either look broken or because the content looks like it should have been updated (think old-school live blogs). He argues that when browser developers first added this feature, it was mostly because broken pages were common. Today, users mostly reload pages because the content of a site seems stale.
Firefox

Firefox 51 Arrives With HTTP Warning, WebGL 2 and FLAC Support (venturebeat.com) 130

Reader Krystalo writes: Mozilla today launched Firefox 51 for Windows, Mac, Linux, and Android. The new version includes a new warning for websites which collect passwords but don't use HTTPS, WebGL 2 support for better 3D graphics, and FLAC (Free Lossless Audio Codec) playback. Mozilla doesn't break out the exact numbers for Firefox, though the company does say "half a billion people around the world" use the browser. In other words, it's a major platform that web developers target -- even in a world increasingly dominated by mobile apps.
Mozilla

Mozilla Releases New Open Source 'Internet Health Report' (venturebeat.com) 69

Slashdot reader Krystalo shared this VentureBeat article: Fresh off its brand redesign, Mozilla has released The Internet Health Report, an open-source initiative to document the state of the internet, combining research and reporting from multiple sources... Mozilla's goal is to start a constructive discussion about the health of the internet by exploring what is currently healthy and unhealthy, as well as what lies ahead...

One notable statistic is the number of people who can't get online in the first place. The report shows that 57.8% of the world's population cannot afford broadband internet, and 39.5% cannot afford an internet connection on their mobile device. Other findings include the fact that there were 51 intentional internet shutdowns across 18 countries in the first 10 months of 2016; almost one-third of the world's population has no data protection rights; and 52% of all websites are in English, even though only 25% of the global population understands the language.

They're now gathering feedback and choosing which metrics to revisit every year, but five key topics include "decentralization: who controls the internet" and "open innovation: how open is it?" as well as security, web literacy, and digital inclusion. But Mozilla says their ultimate goal is very simple: to identify what's helping -- and what's hurting -- the internet.
Firefox

The SHA-1 End Times Have Arrived (threatpost.com) 50

"Deadlines imposed by browser makers deprecating support for the weakened SHA-1 hashing algorithm have arrived," writes Slashdot reader msm1267. "And while many websites and organizations have progressed in their migrations toward SHA-2 and other safer hashing algorithms, pain points and potential headaches still remain." Threatpost reports: Starting on Jan. 24, Mozilla's Firefox browser will be the first major browser to display a warning to its users who run into a site that doesn't support TLS certificates signed by the SHA-2 hashing algorithm... "SHA-1 deprecation in the context of the browser has been an unmitigated success. But it's just the tip of the SHA-2 migration iceberg. Most people are not seeing the whole problem," said Kevin Bocek, VP of security strategy and threat intelligence for Venafi. "SHA-1 isn't just a problem to solve by February, there are thousands more private certificates that will also need migrating"...

Experts warn the move to SHA-2 comes with a wide range of side effects; from unsupported applications, new hardware headaches tied to misconfigured equipment and cases of crippled credit card processing gear unable to communicate with backend servers. They say the entire process has been confusing and unwieldy to businesses dependent on a growing number of digital certificates used for not only their websites, but data centers, cloud services, and mobile apps... According to Venafi's research team, 35 percent of the IPv4 websites it analyzed in November are still using insecure SHA-1 certificates. However, when researchers scanned Alexa's top 1 million most popular websites for SHA-2 compliance it found only 536 sites were not compliant.
The article describes how major tech companies are handling the move to SHA-2 compliance -- including Apple, Google, Microsoft, Facebook, Salesforce and Cloudflare

Slashdot Top Deals