No.

About 600 of them work directly on Firefox.

Correlation does not imply causation. And in this case, it seems like there are pretty good candidates for the common cause. And the article even recognises that - the headline is clickbait.

I agree, and I am a big proponent of service architectures, and yes, I force myself to use the term "microservices" because it seems to be the popular one these days.

There isn't anything new about service architecture. You put a network call in between two pieces of code and suddenly you need a queue for the interface to be robust. Once you put a queue in front of code, you're handling messages, and in particular, you're handling messages that can arrive more than once. So you need to ensure your handlers are idempotent. Then you need to stitch together a reporting database of some kind to serve queries that supply the data for the UI. Which should mean that your services publish events -- pub sub is another pattern that has been around for a while. All of that work wins you the ability to compose a large, complex system out of very loosely coupled, autonomous pieces. When it works, it's great. It usually doesn't, however, because teams don't have the maturity, habits, or expertise on hand to see such a project through to completion.

Nothing about it is "new," except to the inexperienced web programmers I coach who don't really understand service architecture -- who also usually believe that you can achieve microservices just by taking parts of your existing system and putting a web interface around them. Sigh.

All that to say, there are some definite benefits to service architecture that shouldn't be discounted just because "microservices" is yet another tech trend to have been fed through the meme machine.

Sorry, I see nothing about a Mozilla and Microsoft partnership there. Care to be more explicit?

Can you say more about this Mozilla and Microsoft partnership? Thanks.

Not for ever - they are working on a method of doing bridge-based WebRTC which is nevertheless end-to-end secure - see https://datatracker.ietf.org/w... . AIUI, the way it works is that it established point-to-point encrypted tunnels between the endpoints for key distribution so the bridge isn't able to decrypt the data even if it wanted to, and yet, you don't need N->N transmission of streams.

Gerv

WebRTC-based services, in the form of e.g. https://meet.jit.si/, are end-to-end secure and decentralised. Not sure if Windows Phone has any browser which supports WebRTC, though.

web.skype.com lets me log in using Firefox, no problem, so presumably it works there as well.

Gerv

What if "what I want" is to be able to visit the sites that are linking to a YouTube video I'm watching. Today I can't easily do that because YouTube doesn't want me leaving YouTube.

It a load of rubbish from the original author. There's no reason whatsoever that loss of this data would cause problems in IE or Edge. Removing roots from MS's program doesn't happen without human input.

"What I don't understand (and maybe because I haven't looked too hard) is what "Old POS terminals" have to do with Mozilla."

The certificates they are using chain up to publicly-trusted roots, and so are covered by Mozilla's policies. In 20-year hindsight, that was a bad idea, but it was a decision taken a long time ago.

Firefox fixed this issue in Firefox 43, not in 44.0.2. In particular, it was "fixed" in Firefox by updating to a version of libgraphite that did not have the problem, and this happend before the issue was even reported to libgraphite.

Hence no CVE for Firefox 43 or 44, because they were never vunerable, and no CVE for Firefox 42, because it was long-superseded by the time the vulnerability was even reported.

The CVE, if you note, is for Firefox 38 ESR, which _was_ vulnerable until the 38.6.1 release.

Or maybe this is the contest organizers trolling? Because I know for a fact Firefox made serious security improvements in the last year; I reviewed some of those patches.