Mozilla, Opera, and Google Pull Malicious Extension

Subject: General Tech | July 6, 2018 - 09:12 PM |
Tagged: Opera, mozilla, google, firefox, chrome

I don’t think this should surprise anyone, but it’s good to report on none-the-less. There was a popular browser extension, called Stylish, that allowed users to customize the pages that they visit, and share those customizations with their friends. It’s a cool concept, but it was later sold to another company. That new owner changed the extension to monitor its users.

Mozilla, Opera, and Google slapped it across the jaw with a banhammer.

valve-nope.jpg

If you go to Mozilla’s Firefox Add-ons site, Opera's Add-ons site, or Google’s Chrome Web Store, you will get a 404. If you already installed the extension, it will be removed from your browser. As such, you probably don’t need to worry about it, because the browser vendors went DEFCON 1 on it.

But just in case you haven’t yet got the kill signal (because you’re behind a limited VPN or something) be sure to remove “Stylish” from your browser.

This also raises the point about curated app stores: review isn't perfect. Sometimes malicious software can go unnoticed for years. It's best not to get too complacent.

Source: Sophos

Firefox goes open sores

Subject: General Tech | May 1, 2018 - 12:58 PM |
Tagged: firefox, ad supported, open source, firefox 60

Targeted advertising is all the rage right now and now FireFox wants in on the (class) action.  Starting with Firefox 60 sponsored content will start showing in your browser, though perhaps not the Pocket variety which is very easy to disable.  The reason is that Mozilla needs revenue, which is not flowing in great enough quantities from other streams, and they claim the ads will be "Worthy of your time. Not just clicks."; whatever that might mean. 

They are implementing this in a unique way, not only keeping all the data on your machine instead of slapped into a cloud somewhere, but also allowing you to access the harvested data yourself.  Perhaps you will be able to erase the one search you did on toilet seats so that you are no longer bombarded with targeted ads that think you either have 50 bathrooms or consider them single use products.  The new browser arrives on the 9th; pop by The Inquirer for more info.

Mozilla-Firefox.jpg

"It promises that "all personalisation happens at the client side" - this means that your data is kept on your computer, not uploaded. It also adds that as Firefox is entirely open source, you can look under the bonnet and see exactly what data is or isn't collected."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

A gentle reminder never hurts; unless a site decides not to patch their vulnerabilities

Subject: General Tech | November 23, 2017 - 12:25 PM |
Tagged: firefox, security

Firefox have come up with a very interesting idea, making use of the database at Have I Been Pwned to display an in-browser warning message when you visit a site which has suffered a data breach.  This reminder may help with one of the largest problems with internet security; the limited amount of damage a company experiences when their customers data is stolen.  When a major breach like the ones at Equifax, Yahoo or even that certain adultery site occur, they are covered in the news for a few days, maybe a week, and then everything goes back to normal for them as the vast majority of the population forgets it happened.  With this add-in to Firefox there will be a constant reminder that breaches have occurred and that perhaps an alternative would be a better choice than to continue to work with a company that has allowed your data to be stolen.  Since the courts do not seem interested in handing out prohibitive fines to businesses which fail to protect their customers data, this might be a way to convince them investing in security makes financial sense.  Drop by Slashdot for a brief look at the plan.

HIBP-Firefox-Linkedin.png

"The alert also includes an input field. In the add-ons current version this field doesn't do anything, but we presume it's there to allow users to search and see if their data was exposed during that site's security breach. Troy Hunt, Have I Been Pwned's author has confirmed his official collaboration with Mozilla on this feature."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

A Chunk of Servo Comes to Firefox: Quantum CSS

Subject: General Tech | August 22, 2017 - 10:12 PM |
Tagged: mozilla, firefox, servo, Rust

If you’re on Firefox Nightly, you are able to enable their new CSS engine with an about:config flag, called layout.css.servo.enabled. For a few years now, Mozilla has been working on a separate rendering engine, aided by Samsung, which was called Servo. Browsers are very single-threaded, so there was a lot of room for improvement, especially on devices that can afford more cores than per-core performance, like mobile. It is also more secure, as its programming language, Rust, is more strict with data accesses than C/C++, which is also great for a web browser.

mozilla-rust.png

Eventually, Mozilla decided to, instead of replacing Gecko, replace chunks of it with tech derived from Servo. Up to now, it’s been mostly security-related components, like the parsing of untrusted media headers. This one is about speed. I'm curious to see how it feels to our readers. I know that, personally, going from Firefox 54 to Firefox 55 was a significant difference, although that was due to other changes.

If you’re interested, download Firefox Nightly. I mean, it’s free.

Source: Mozilla

Firefox 52 Adds WebAssembly

Subject: General Tech | March 8, 2017 - 04:00 PM |
Tagged: mozilla, webassembly, javascript, firefox

Mozilla’s latest browser version, Firefox 52, was just released to the public on Tuesday. I wasn’t planning on putting up a post about it, but I just found out that it includes the ability to ingest applications written in WebAssembly. This is client-side language for browsers to be a compile target for C, C++, and other human-facing languages (such as Rust). Previously, these applications needed to transpile into JavaScript, which has several limitations.

Honestly, I haven’t heard much from WebAssembly in several months, so I was figured they were still quite a ways off. Several big engines, like Unreal Engine 4, not really putting their weight behind HTML5 as much as they were about three years ago, during the Windows 8- and iOS-era. Now I see the above video, which starts with Tim Sweeney and goes on to include others from Mozilla, Autodesk, and Unity, and I am starting to assume that I just wasn’t looking in the right areas.

Some features of WebAssembly include native 64-bit integer types and actual memory management. In JavaScript, the "number" type basically exists in a quazi-state between int32 and FP64. WebGL added a few containers for smaller data types, but it couldn't go larger than what "number" allowed, so int64 and uint64 couldn't be represented. Also, JavaScript requires garbage collection to be run on the browser's schedule, which limits the developer's control to "don't generate garbage and hope the GC keeps sleeping".

According to the video, though, it sounds like application startup time is the primary reason for shipping WebAssembly. That could just be what they feel the consumer-facing message should convey, though. I should probably poke around and see what some web and game developer contacts think about WebAssembly.

Firefox 52 is now available.

Source: Mozilla

Mozilla to Require Rust (and Dependencies) for Firefox

Subject: General Tech | February 7, 2017 - 02:47 AM |
Tagged: mozilla, firefox, web browser, Rust, llvm

Firefox 52 will be the company’s next Extended Support Release (ESR) branch of their popular web browser. After this release, Mozilla is planning a few changes that will break compatibility, especially if you’re building the browser from source. If you’re an end-user, the major one to look out for is Mozilla disabling NPAPI-based plugins (except Flash) unless you are using Firefox 52 ESR. This change will land in the consumer version of Firefox 52, though. It’s not really clear why they didn’t just wait until Firefox 53, rather than add a soft-kill in Firefox 52 and hard-code it the next version, but that’s their decision. It really does not affect me in the slightest.

mozilla-rust.png

The more interesting change, however, is that Mozilla will begin requiring Rust (and LLVM) in an upcoming version. I’ve seen multiple sources claim Firefox 53, Firefox 54, and Firefox 55 as possible targets for this, but, at some point around those versions, critical components of the browser will be written in Rust. As more of the browser is migrated to this language, it should be progressively faster and more secure, as this language is designed to enforce memory safety and task concurrency.

Firefox 52 is expected in March.

Firefox 51 and Chrome 56 Launch with WebGL 2.0

Subject: General Tech | January 27, 2017 - 03:55 PM |
Tagged: webgl, webgl2, firefox, chrome, google, mozilla, Opera

After quite a bit of anticipation, both Mozilla and Google have just shipped compatible implementations of WebGL 2. This feature was unlocked to the public in Firefox 51 and Chrome 56 for the desktop, both released this week, while Opera will push it out to desktop and mobile on their next version, Opera 43. Microsoft currently has the API “under consideration” for Edge.

As we’ve highlighted in the past, this new version of the graphics API pushes the platform up to OpenGL ES 3.0, with a few exceptions that are typically made for security reasons. This update allows quite a few new features like off-screen render targets, which is useful for deferred rendering. The shading language is also significantly larger, and can now operate natively on integer types and 3D textures.

WebGL 2.0 does not include compute shaders, however, which is a bit unfortunate. That said, it is (at least last I checked) a highly-requested feature and the browser vendors are interested in providing it.

Mozilla Unveils Quantum Project

Subject: General Tech | October 30, 2016 - 01:09 AM |
Tagged: mozilla, servo, gecko, firefox

One of the big announcements at Mozilla Summit 2013, despite Firefox OS being the focus of the event, was their research (with Samsung) into a new rendering engine, Servo. Rendering HTML5 is horrifically complex, so creating a new rendering engine from scratch is a big “nope!” for basically all organizations. Mozilla saw this as a big potential, because current engines are very difficult to scale to multiple cores, so they went in to this as a no-assumptions experiment.

mozilla-architecture.jpg

At the time, they didn't know whether Servo would be built up into a full rendering engine, or whether it would be picked apart and pulled back into their current engine, Gecko. Mozilla has now unveiled Quantum, and the first sentence of its MozillaWiki entry is “Quantum is not a new web browser.” They go on to say that they will be “building on the Gecko engine as a solid foundation”. So it seems pretty clear that, like they've recently done with their media file parser in Firefox 48.

While this will likely not have the major impact that “boom, new engine” would, in terms of performance, this piece-wise method should be quicker than bulking up Servo. Mozilla expects that big changes will begin to land next year.

Source: Mozilla

About the "Firefox Is Eating Your SSD" Story

Subject: Storage | October 5, 2016 - 07:57 PM |
Tagged: ssd, mozilla, google, firefox, endurance, chrome

A couple of weeks ago, I saw a post pop up on Twitter a few times about Firefox performing excessive writes to SSDs, which total up to 32GBs in a single day. The author attributes it mostly to a fast-updating session restore feature, although cookies were also resource hogs in their findings. In an update, they also tested Google Chrome, which, itself, clocked in over 24GB of writes in a day.

mozilla-2016-donothurt.png

This, of course, seemed weird to me. I would have thought that at least one browser vendor might notice an issue like this. Still, I passed the link to Allyn because he would be much more capable in terms of being able to replicate these results. In our internal chat at the time, he was less skeptical than I was. I've since followed up with him, and he said that his initial results “wasn't nearly as bad as their case”. He'll apparently elaborate on tonight's podcast, and I'll update this post with his findings.

Mozilla Discontinues Firefox OS for All Devices

Subject: General Tech, Mobile | September 29, 2016 - 02:15 AM |
Tagged: mozilla, Firefox OS, firefox

Update: There has been a little confusion. The web browser, Firefox, is still going strong. In fact, they're focusing their engineering efforts more on it, by cutting back on these secondary projects.

Less than a year after their decision to stop developing and selling smartphones through carriers, Mozilla has decided to end all commercial development of Firefox OS. Releases after Firefox OS 2.6 will be handled by third parties, such as Panasonic, should they wish to continue using it for their smart TV platform. Further, source code for the underlying operating system, Boot-to-Gecko (B2G), will be removed from their repository, mozilla-central, so it doesn't hinder development of their other products.

Mozilla_Foundation_201x_logo.png

Obviously, this is quite disappointing from a platform standpoint. Many applications, especially for mobile and similar devices, can be created in Web standards. At this point, we usually get comments about how web browsers shouldn't be app platforms, and that JavaScript is too inefficient. The thing is, Web is about the best, ubiquitous platform we have, and it will only get better with initiatives such as WebAssembly. Also, native applications don't necessarily perform better than Web-based ones, especially if the latter are packaged standalone (versus sharing resources with other tabs in a browser).

Regardless, Mozilla needs to consider their long-term financial stability, and throwing resources at Firefox OS apparently doesn't return enough value for them, both directly and for its impact on society.

Source: Mozilla