Communications

23 Attorneys General Refile Challenge To FCC Net Neutrality Repeal (engadget.com) 41

An anonymous reader quotes a report from Reuters: A coalition of 22 state attorneys general and the District of Columbia on Thursday refiled legal challenges intended to block the Trump administration's repeal of landmark rules designed to ensure a free and open internet from taking effect. The Federal Communications Commission officially published its order overturning the net neutrality rules in the Federal Register on Thursday, a procedural step that allows for the filing of legal challenges. The states, along with web browser developer Mozilla and video-sharing website Vimeo, had filed petitions preserving their right to sue in January, but agreed to withdraw them last Friday and wait for the FCC's publication. The attorneys general argue that the FCC cannot make "arbitrary and capricious" changes to existing policies and that it misinterpreted and disregarded "critical record evidence on industry practices and harm to consumers and businesses." The White House Office of Management and Budget still must sign off on some aspects of the FCC reversal before it takes legal effect. That could take months.
Software

The Most Popular Linux Desktop Programs (zdnet.com) 228

The most recent Linux Questions poll results are in. Steven J. Vaughan-Nichols, writing for ZDNet: LinuxQuestions, one of the largest internet Linux groups with 550,000 members, has just posted the results from its latest survey of desktop Linux users. In the always hotly-contested Linux desktop environment survey, the winner was the KDE Plasma Desktop. It was followed by the popular lightweight Xfce, Cinnamon, and GNOME. If you want to buy a computer with pre-installed Linux, the Linux Questions crew's favorite vendor by far was System76. Numerous other computer companies offer Linux on their PCs. These include both big names like Dell and dedicated small Linux shops such as ZaReason, Penguin Computing, and Emperor Linux. Many first choices weren't too surprising. For example, Linux users have long stayed loyal to the Firefox web browser, and they're still big fans. Firefox beat out Google Chrome by a five-to-one margin. And, as always, the VLC media player is far more popular than any other Linux media player. For email clients, Mozilla Thunderbird remains on top. That's a bit surprising given how Thunderbird's development has been stuck in neutral for some time now. When it comes to text editors, I was pleased to see vim -- my personal favorite -- win out over its perpetual rival, Emacs. In fact, nano and Kate both came ahead of Emacs.
Social Networks

Former Google/Facebook/Mozilla Employees Will Fight Addictive Technologies (qz.com) 121

An anonymous reader quotes Quartz: A new alliance made up of former Silicon Valley cronies has aseembled to challenge the technological Frankenstein they've collectively created. The Center for Humane Technology is a group comprising former employees and pals of Google, Facebook, and Mozilla. The nonprofit launches today (Feb. 4) in the hopes that it can raise awareness about the societal tolls of technology, which its members believe are inherently addictive. The group will lobby for a bill to research the effects of technology on children's health... On Feb. 7, the group's members will participate in a conference focused on digital health for kids, hosted by the nonprofit Common Sense.
The group also plans an anti-tech addiction ad campaign at 55,000 schools across America, and has another $50 million in media airtime donated by partners which include Comcast and DirecTV.

The group's co-founder, a former Google design ethicist, told Quartz that tech companies "profit by drilling into our brains to pull the attention out of it, by using persuasion techniques to keep [us] hooked." And the group's web page argues that "What began as a race to monetize our attention is now eroding the pillars of our society: mental health, democracy, social relationships, and our children."
Firefox

Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com) 121

Firefox 59 will reduce how much information websites pass on about visitors in an attempt to improve privacy for users of its private browsing mode. From a report: When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value." While this helps websites understand where visitors are coming from, it can also leak data about the individual browsing, because it tells the site the exact page you were looking at when you clicked the link, said Mozilla. Browsers also send a referrer value when requesting other details like ads, or other social media snippets integrated in a modern website, which means these embedded content features also know exactly what page you're visiting.
Mozilla

Firefox 58 Gets Graphics Speed Boost, Web App Abilities (cnet.com) 178

Mozilla released on Tuesday a new version of its Firefox Quantum browser, boosting its graphics speed and improving a couple of new technologies designed to make the web more powerful. From a report: The browser, version 58, is the first major update since Mozilla's recovery plan hit full stride in November with the debut of Firefox Quantum. Speed is of the essence in Mozilla's recovery plan, and Firefox 58 does better than its predecessor in some graphics tasks by splitting work better across the multiple processor cores that computer chips have these days. The result should be scrolling that's smooth, uninterrupted by the stuttering that in computing circles goes by the disparaging term "jank." [...] Firefox 58 helps with two new web technologies. One, called WebAssembly, provides for dramatically faster web apps. Firefox 58 can get WebAssembly software running faster so you don't have to twiddle your thumbs waiting as long after clicking a link. Another is progressive web apps (PWAs), an initiative that came out of Google to help make the web a better match for the apps we all drop on our phones.
Graphics

Can A New Open Photo File Format Replace JPEGs? (cnet.com) 271

Got lossless compression? An anonymous reader quotes CNET: Google, Mozilla and others in a group called the Alliance for Open Media are working on a rival photo technology. In testing so far, the images are 15 percent smaller than Apple's HEIC photo format, said Tim Terriberry, a Mozilla principal research engineer working on the project. But smaller sizes are just the beginning... it's got a strong list of allies, an affinity for web publishing and modern features that could make it the best contender yet for overcoming JPEG's 1990s-era shortcomings... JPEG isn't just limited by needlessly large file sizes. It's also weak when it comes to supporting a wider range of bright and dark tones, a broader spectrum of colors, and graphic elements like text and logos...

The HEIC's new rival is from the Alliance for Open Media, a group whose top priority is a video compression technology called AV1 that's free of patent licensing requirements. It's got heavy hitters on board, including top browser makers Google, Microsoft, Mozilla and the most recent new member, Apple -- though Apple's plans haven't been made public. And it's got major streaming-video companies, too: Netflix, Amazon, Hulu, Facebook, videoconferencing powerhouse Intel and Google's YouTube. And with the support of chip designers Intel, Nvidia and Arm, AV1 should get the hardware acceleration that's crucial to making video easy on our laptop and phone batteries.

To use Apple's HEIC, "makers of software, processors and phones must jump through a lot of hoops to license patents," which CNET predicts "means HEIC will have trouble succeeding on the web: patent barriers are antithetical to the web's open nature."
Mozilla

Mozilla Restricts All New Firefox Features To HTTPS Only (bleepingcomputer.com) 243

An anonymous reader shares a report: In a groundbreaking statement earlier this week, Mozilla announced that all web-based features that will ship with Firefox in the future must be served on over a secure HTTPS connection (a "secure context"). "Effective immediately, all new features that are web-exposed are to be restricted to secure contexts," said Anne van Kesteren, a Mozilla engineer and author of several open web standards. This means that if Firefox will add support for a new standard/feature starting tomorrow, if that standard/feature carries out communications between the browser and an external server, those communications must be carried out via HTTPS or the standard/feature will not work in Firefox. The decision does not affect already existing standards/features, but Mozilla hopes all Firefox features "will be considered on a case-by-case basis," and will slowly move to secure contexts (HTTPS) exclusively in the future.
Firefox

Mozilla Tests Firefox 'Tab Warming' (bleepingcomputer.com) 170

Catalin Cimpanu, reporting for BleepingComputer: Mozilla is currently testing a new feature called "Tab Warming" that engineers hope will improve the tab switching process. According to a description of the feature, Tab Warming will watch the user's mouse cursor and start "painting" content inside a tab whenever the user hovers his mouse over one. Firefox will do this on the assumption the user wants to click and switch to view that tab and will want to keep a pre-rendered tab on hand if this occurs. "Those precious milliseconds are used to do the rendering and uploading, so that when the click event finally comes, the [tab] is ready and waiting for you," said Mike Conley, one of the Firefox engineers who worked on this feature.
Firefox

Mozilla Will Delete Firefox Crash Reports Collected by Accident (bleepingcomputer.com) 38

Catalin Cimpanu, writing for BleepingComputer: Mozilla said last week it would delete all telemetry data collected because of a bug in the Firefox crash reporter. According to Mozilla engineers, Firefox has been collecting information on crashed background tabs from users' browsers since Firefox 52, released in March 2017. Firefox versions released in that time span did not respect user-set privacy settings and automatically auto-submitted crash reports to Mozilla servers. The browser maker fixed the issue with the release of Firefox 57.0.3. Crash reports are not fully-anonymized.
Mozilla

Mozilla Patches Critical Bug in Thunderbird (threatpost.com) 76

Mozilla has issued a critical security update to its popular open-source Thunderbird email client. From a report The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low. Mozilla said Thunderbird, which is also serves as a news, RSS and chat client, the latest Thunderbird 52.5.2 version released last week fixes the vulnerabilities. The most serious of the fixes is a critical buffer overflow bug (CVE-2017-7845) impacting Thunderbird running on Windows operating system. The bug is present when "drawing and validating elements with angle library using Direct 3D 9," according to the Mozilla Foundation Security Advisory. US-Cert said it encourages users and administrators to review the patch and apply the necessary update.
Mozilla

Thunderbird Will Phase Out Legacy Add-Ons, Will Support WebExtensions (bleepingcomputer.com) 171

Catalin Cimpanu, writing for BleepingComputer: Mozilla announced last week plans to modernize Thunderbird's codebase, plans that include fixing some "technical debt" by incorporating the recent changes in the Mozilla engine into Thunderbird, adding a new user interface (UI), and phasing out old legacy add-ons that are built on the XUL and XPCOM APIs. The changes are part of Mozilla's new plan for Thunderbird development, a project that it left for dead in 2012, but later decided to reinvigorate in 2016.
Firefox

Firefox 57's Speed Secret? Delaying Requests from Tracking Domains (zdnet.com) 119

An anonymous reader quotes ZDNet: A Mozilla engineer has revealed one of the hidden techniques that Firefox 57 -- known as Quantum -- is using to improve page load times... It delays scripts from tracking domains, such as www.google-analytics.com. The technique was developed by Mozilla engineer Honza Bambas, who calls it "tailing". It works by delaying scripts from tracking domains when a page is actively loading and rendering...

Tailing only briefly prevents the tracking scripts loading, rather than disabling them entirely. Page load performance is improved by saving on network bandwidth and computing resources while loading a page, in a way that prioritizes site requests over tracking requests. "Requests are kept on hold only while there are site sub-resources still loading and only up to about 6 seconds. The delay is engaged only for scripts added dynamically or as async. Tracking images are always delayed. This is legal according all HTML specifications and it's assumed that well built sites will not be affected regarding functionality," explains Bambas.

Mozilla

Rust Blog Touts 'What We Achieved' in 2017 (rust-lang.org) 153

An anonymous reader quotes the official Rust blog: Rust's development in 2017 fit into a single overarching theme: increasing productivity, especially for newcomers to Rust. From tooling to libraries to documentation to the core language, we wanted to make it easier to get things done with Rust. That desire led to a roadmap for the year, setting out 8 high-level objectives that would guide the work of the team. How'd we do? Really, really well.
Aaron Turon, part of the core developer team for Rust, wrote the blog post, and specifically touts this year's progress on lowering the learning curve with books and curriculum, as well as actual improvements in the language and a faster edit-compile-debug cycle. He also notes new support for Rust in IntelliJ and Atom (as well as preview versions for Visual Studio and Visual Studio Code) in 2017 -- and most importantly, mentoring. I'd like to specifically call out the leaders and mentors who have helped orchestrate our 2017 work. Leadership of this kind -- where you are working to enable others -- is hard work and not recognized enough. So let's hand it to these folks...! Technical leaders are an essential ingredient for our success, and I hope in 2018 we can continue to grow our leadership pool, and get even more done -- together.
Firefox

Firefox Is Now Available On Amazon's Fire TV, Bringing YouTube Access With It (techradar.com) 49

Mozilla has announced that its Firefox web browser is now available on all Fire TV devices. While navigating web browsers on televisions isn't the most user-friendly experience, it could be the only way users can access YouTube. Earlier this month, Google pulled YouTube off the Fire TV and Echo Show since Amazon stopped selling several Google products. TechRadar reports: Though there's no explicit 'hey, this is a convenient workaround' section in Mozilla's announcement of the news, there is a section of the blog post which states that users can "go to YouTube and other sites directly from the Firefox for Fire TV home screen" and another which promises access to videos from "YouTube and other popular sites." While the companies are currently in talks to resolve their disagreements, Google's threat to pull YouTube access from the Fire TV line on January 1, 2018, is still hanging over Amazon. This threat is, however, now carries slightly less menace if Firefox browser access remains a workaround.
Security

Firefox Prepares To Mark All HTTP Sites 'Not Secure' After HTTPS Adoption Rises (bleepingcomputer.com) 244

An anonymous reader quotes a report from Bleeping Computer: The increased adoption of HTTPS among website operators will soon lead to browsers marking HTTP pages as "Not Secure" by default, and Mozilla is taking the first steps. The current Firefox Nightly Edition (version 59) includes a secret configuration option that when activated will show a visible visual indicator that the current page is not secure. In its current form, this visual indicator is a red line striking through a classic lock that's normally used to signal the presence of encrypted HTTPS pages. According to Let's Encrypt, 67% of web pages loaded by Firefox in November 2017 used HTTPS, compared to only 45% at the end of last year.
Microsoft

Do More People Use Firefox Than Edge and IE Combined? (computerworld.com) 152

A funny thing happened when Net Applications' statistics began excluding fake traffic from ad-defrauding bots. Computerworld reports: Microsoft's Edge browser is less popular with Windows 10 users than earlier thought, if revised data from a U.S. analytics vendor can be believed. According to Net Applications of Aliso Viejo, Calif., Edge has been designated the primary browser by fewer than one in six Windows 10 users for more than a year and a half. That's a significant downgrading of Edge's user share statistics from the browser's portrayal before this month...

By comparing Edge's old and new shares, it was evident that as much as half of the earlier Edge traffic had been faked by bots. The portion of Edge's share credited to bots fluctuated month to month, but fell below 30% in only 4 of the 19 months for which Net Applications provided data... Microsoft's legacy browser, Internet Explorer (IE) also was revealed as a Potemkin village. Under the old data regime, which included bots, IE's user share was overblown, at times more than double the no-bots reality. Take May 2016 as an example. With bots, Net Applications pegged IE at 33.7%; without bots, IE's user share dwindled to just 14.9%. Together, IE and Edge - in other words, Microsoft's browsers - accounted for only 16.3% of the global user share last month using Net Applications' new calculations... In fact, the combined IE and Edge now face a once unthinkable fate: falling beneath Mozilla's Firefox.

StatCounter's stats on browser usage already show more people have already been using Firefox than both of Microsoft's browsers combined -- in 12 of the last 13 months.
Mozilla

Mozilla Slipped a 'Mr. Robot'-Promo Plugin Into Firefox and Users Are Pissed (gizmodo.com) 307

MarcAuslander shares a report from Gizmodo: Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox -- and managed to piss off a bunch of its privacy-conscious users in the process. The extension, called Looking Glass, is intended to promote an augmented reality game to "further your immersion into the Mr. Robot universe," according to Mozilla. It was automatically added to Firefox users' browsers this week with no explanation except the cryptic message, "MY REALITY IS JUST DIFFERENT THAN YOURS," prompting users to worry on Reddit that they'd been hit with spyware. Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won't activate without explicit opt-in.

Mozilla justified its decision to include the extension because Mr. Robot promotes user privacy. "The Mr. Robot series centers around the theme of online privacy and security," the company said in an explanation of the mysterious extension. "One of the 10 guiding principles of Mozilla's mission is that individuals' security and privacy on the internet are fundamental and must not be treated as optional. The more people know about what information they are sharing online, the more they can protect their privacy."

Operating Systems

ReactOS 0.4.7 Released (reactos.org) 94

jeditobe writes: OSNews reports that the latest version of ReactOS has been released: "ReactOS 0.4.7 has been released, and it contains a ton of fixes, improvements, and new features. Judging by the screenshots, ReactOS 0.4.7 can run Opera, Firefox, and Mozilla all at once, which is good news for those among us who want to use ReactOS on a more daily basis. There's also a new application manager which, as the name implies, makes it easier to install and uninstall applications, similar to how package managers on Linux work. On a lower level, ReactOS can now deal with Ext2, Ext3, Ext4, BtrFS, ReiserFS, FFS, and NFS partitions." General notes, tests, and changelog for the release can be found at their respective links. A less technical community changelog for ReactOS 0.4.7 is also available. ISO images are ready at the ReactOS Download page.
Firefox

Yahoo Sues Mozilla For Breach of Contract -- So Mozilla Counter Sues Yahoo (betanews.com) 112

Mark Wilson writes: Mozilla and Yahoo have started a legal spat about the deal that existed between the two companies regarding the use of the Yahoo search engine in the Firefox browser. On December 1, Yahoo fired the first shot filing a complaint that alleges Mozilla breached a contract that existed between the two companies by terminating the arrangement early. In a counter complaint, Mozilla says that it was not only justified in terminating the contract early, but that Yahoo Holdings and Oath still have a bill that needs to be settled.
Security

StartCom Will Stop Issuing Certificates, Revoking Them All in 2020 (startcomca.com) 42

thegarbz writes: Startcom, a certificate authority which as we covered previously has been distrusted by Mozilla, by Google, and recently also by Microsoft, has announced that it will cease trading as a Certificate Authority. While their website currently shows no indication that their certificates have any problems, a news posting has announced their intentions to stop providing certificates as of January 2018, and to revoke all remaining certificates in 2020.
The original submission also says StartCom sent an email to all their former customers -- including customers of their free StartSSL certificates -- announcing their intentions. As you are surely aware, the browser makers distrusted StartCom around a year ago and therefore all the end entity certificates newly issued by StartCom are not trusted by default in browsers.

The browsers imposed some conditions in order for the certificates to be re-accepted. While StartCom believes that these conditions have been met, it appears there are still certain difficulties forthcoming. Considering this situation, the owners of StartCom have decided to terminate the company as a Certification Authority as mentioned in Startcoms website.

StartCom will stop issuing new certificates starting from January 1st, 2018 and will provide only CRL and OCSP services for two more years. StartCom would like to thank you for your support during this difficult time.

Slashdot Top Deals