The browser giveth and the browser taketh away

Subject: General Tech | April 10, 2019 - 01:14 PM |
Tagged: mozilla, firefox, chrome, safari, Privacy, Opera

The upcoming version of Firefox will include anti-fingerprinting technology to increase your privacy when browsing the web.  Fingerprinting is a bit different from dumping a cookie on your system, instead advertisers can recognize a person based on the way in which their browser is configured.  Your font choices, screen resolution, extensions and a wide variety of other data is provided by your browser and the combination can be unique enough to identify you quite accurately and Firefox intends to put a stop to it according to The Inquirer.

On a somewhat related topic over at Slashdot, we find that Chrome, Safari and Opera will be removing your ability to disable hyperlink auditing pings. Firefox disabled this by default many versions ago, but the aforementioned browsers have it enabled and a user would need to know this and disable it manually.  The ability to manually disable this feature will soon be removed and you will have no way to prevent a site from monitoring your activities if you follow a link which uses this tracking method.  The story at Slashdot describes how to disable this, for now at least.

page-image.9d9d1336abff.png

"As part of a partnership with Disconnect, a privacy specialist which already offers a Chrome extension, future versions of Firefox will use a blacklist of sites to ensure that you cannot be "fingerprinted" by advertisers."

Here is some more Tech News from around the web:

Tech Talk

Source: The Inquirer

Mozilla & Ubisoft "Clever-Commit" Deep-Learning Code Review

Subject: General Tech | February 12, 2019 - 05:52 PM |
Tagged: Rust, mozilla, deep learning, c++

The basic premise of “deep learning” is that you process big pools of data to try and find “good” and/or “bad” patterns. After you build up a set of trained data, you can compare new data against it to accomplish some goal.

In this case, Mozilla is using it to scan commits to the Firefox codebase as a form of automated code review. The system was originally developed by Ubisoft as Commit Assistant, which they have been using as a form of code analysis. Mozilla has since partnered with them, and will contribute to its ability to scan C++, JavaScript, and Mozilla’s own Rust language.

Other vendors, such as Microsoft and their IntelliCode system, have been using deep learning to assist in software development. It’s an interesting premise that, along with unit tests, static code analysis, and so forth, should increase the quality of code.

Personally, I’m one of those people that regularly use static code analysis (if the platform has a good and affordable solution available). It’s good to follow strong design patterns, but it’s hard to recover from the “broken window theory” once you get a few hundred static code analysis warnings… or a few hundred compiler warnings. Apathy just sets in and I just end up ignoring everything from that feedback level, down. It pushes me to, if I can control a project from scratch, keep it clean of warnings and code analysis issues.

All that is to say – it’ll be interesting to see how Clever-Commit is adopted. Since it’s apparently on a per-commit basis, it shouldn’t be bogged down by past mistakes. I wonder if we can somehow add that theory to other forms of code analysis. I’m curious what sort of data we could gather by scanning from commit to commit… what that would bring in terms of a wholistic view of code quality for various projects.

And then… what will happen when deep learning starts generating code? Hmm.

Source: Ars Technica

Discord Nitro Dips Toes into Game Sale and Distribution

Subject: General Tech | August 10, 2018 - 10:45 PM |
Tagged: pc gaming, discord, Rust, mozilla, steam, GOG

Starting with a slowly-ramping group of ~50,000 Canadians, Discord has begun distributing PC games. Specifically, there will be two services for paying members of the Discord Nitro beta program: a store, where games can be purchased as normal, and a library of other games that are available with the (aforementioned) Discord Nitro subscription.

“It’s kinda like Netflix for games.”

discord-2018-gamestore.png

When talking about subscription services for video games, I am typically hesitant. That said, the previous examples were, like, OnLive, where they planned on making games that ran exclusively on that platform. The concern is that, when those games disappear from the service, they could be gone from our society as a whole work of art. (Consoles and DRM also play into this topic.)

In this case, however, it looks like they are just getting into curated, off-the-shelf PC games. While GoG holds its own, it will be nice to see another contender to Steam in the Win32 (maybe Linux?) games market. (I say Win32 because of the developer certification requirements for Windows Store / UWP.)

Dead horse rant aside, Discord is doing games… including a subscription service. Yay.

One more aspect to this story!

Over the last five-or-so years, Mozilla has been talking about upgrading their browser to use a more safe, multi-theaded, functional, job system, via their home-grown programming language, Rust. Turns out: Discord used this language for a lot of the store (and surrounding SDKs). Specifically, the native code for the store, the game SDK (with C, C++, and C# bindings), and the multiplayer network layer are all in Rust. This should make it fast and secure, which were the two design goals for Rust in the first place.

It was intended for web browsers after all...

Source: Discord

Mozilla, Opera, and Google Pull Malicious Extension

Subject: General Tech | July 6, 2018 - 09:12 PM |
Tagged: Opera, mozilla, google, firefox, chrome

I don’t think this should surprise anyone, but it’s good to report on none-the-less. There was a popular browser extension, called Stylish, that allowed users to customize the pages that they visit, and share those customizations with their friends. It’s a cool concept, but it was later sold to another company. That new owner changed the extension to monitor its users.

Mozilla, Opera, and Google slapped it across the jaw with a banhammer.

valve-nope.jpg

If you go to Mozilla’s Firefox Add-ons site, Opera's Add-ons site, or Google’s Chrome Web Store, you will get a 404. If you already installed the extension, it will be removed from your browser. As such, you probably don’t need to worry about it, because the browser vendors went DEFCON 1 on it.

But just in case you haven’t yet got the kill signal (because you’re behind a limited VPN or something) be sure to remove “Stylish” from your browser.

This also raises the point about curated app stores: review isn't perfect. Sometimes malicious software can go unnoticed for years. It's best not to get too complacent.

Source: Sophos

Mozilla is hoping you don't want to live in a material world

Subject: General Tech | April 5, 2018 - 02:19 PM |
Tagged: mozilla, firefox reality, VR, AR

Mozilla is working on Firefox Reality, a browser with an interface specifically designed for AR and VR interaction.  The source code for the browser is available already, you can follow the link to Github on The Register.  It is early days yet and the demo is unlikely to reflect what we will see as this project matures.  The demo shows a web interface being controlled by a virtual hand, similar to what we have seen in VR games but there is a little trickery involved as some of the transitions are unclear and there is no indication of how to type in an URL.  Navigating via bookmarks and links will be easy to implement and interface with but the real hurdle for utility will be typing.

Firefox-Reality.png

"Mozilla has decided the world needs a browser designed for augmented and mixed reality goggles."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

NoScript 10 Goes WebExtensions for Firefox 57+

Subject: General Tech | November 24, 2017 - 08:39 PM |
Tagged: noscript, mozilla

While I like the flexibility that JavaScript brings to the web, I also like that tools exist to control it. NoScript is a relatively popular Firefox extension that does just that. When Mozilla shifted away from their own extension framework and opted for WebExtensions API, which is supported by both Microsoft and Google, a lot of browser features became immediately unavailable.

NoScript.png

It turns out that Mozilla has enough hooks for a new version of NoScript, however. As such, NoScript 10.x has been released earlier this week. It allows you to disable scripts on a domain by domain basis until they are added to a white list, or given access via the add-on button.

I also don’t really think it’s all the useful as a security tool outside of special use cases – JavaScript doesn’t really have a whole lot of room for malicious use – but its presence does allow things like heuristically tracking individuals and loading content into the handful of plug-ins that still exist. So, like, if you’re the Tor browser, then it makes sense. For the public? I doubt it. I would be more interested in an add-on that lets you just shutdown JavaScript on a tab-by-tab basis, so you can make particularly heavy sites act read-only once they are loaded.

Still, it’s available now.

Source: NoScript

A Chunk of Servo Comes to Firefox: Quantum CSS

Subject: General Tech | August 22, 2017 - 10:12 PM |
Tagged: mozilla, firefox, servo, Rust

If you’re on Firefox Nightly, you are able to enable their new CSS engine with an about:config flag, called layout.css.servo.enabled. For a few years now, Mozilla has been working on a separate rendering engine, aided by Samsung, which was called Servo. Browsers are very single-threaded, so there was a lot of room for improvement, especially on devices that can afford more cores than per-core performance, like mobile. It is also more secure, as its programming language, Rust, is more strict with data accesses than C/C++, which is also great for a web browser.

mozilla-rust.png

Eventually, Mozilla decided to, instead of replacing Gecko, replace chunks of it with tech derived from Servo. Up to now, it’s been mostly security-related components, like the parsing of untrusted media headers. This one is about speed. I'm curious to see how it feels to our readers. I know that, personally, going from Firefox 54 to Firefox 55 was a significant difference, although that was due to other changes.

If you’re interested, download Firefox Nightly. I mean, it’s free.

Source: Mozilla

Valve and Mozilla Announce SteamVR and WebVR for macOS

Subject: General Tech | June 5, 2017 - 04:58 PM |
Tagged: mozilla, valve, steamvr, webvr, apple, macos

At WWDC, Valve and HTC announced that their SteamVR platform would be arriving for macOS. This means that the HTC Vive can now be targeted by games that ship for that operating system, which probably means that game engines, like Unreal Engine 4 and Unity, will add support soon. One of the first out of the gate, however, is Mozilla with WebVR for Firefox Nightly on macOS. Combine the two announcements, and you can use the HTC Vive to create and browse WebVR content on Apple desktops and laptops that have high-enough performance, without rebooting into a different OS.

webvr-logo.png

Speaking of which, Apple also announced a Thunderbolt 3 enclosure with an AMD Radeon RX 580 and a USB-C hub. Alternatively, some of the new iMacs have Radeon graphics in them, with the new 27-inch having up to an RX 580. You can check out all of these announcements in Jim’s post.

Source: HTC

Epic Games Releases Zen Garden Demo for WebAssembly

Subject: General Tech | March 13, 2017 - 08:02 PM |
Tagged: webassembly, ue4, mozilla, epic games

HTML5 was a compile target for Unreal Engine since Unreal Engine 3, but it was supposed to be a bigger push for Unreal Engine 4 then it has been. At the time, Mozilla was pushing for web browsers to be the main source of games. Thanks to Flash, users are even already accustomed to that use case; it’s just a matter of getting performance and functionality close enough to competing platforms, and supporting content that will show it off.

epic-2017-zengardenwebassembly.jpg

That brings us to Zen Garden. This demo was originally designed to show off the Metal API for iOS, but Epic has re-purposed it for the recently released web browser features, WebAssembly and WebGL 2.0. Personally, I find it slightly less impressive than the Firefox demo of Unreal Tournament 3 that I played at Mozilla Summit 2013, but it’s a promising example that big-name engines are taking Web standards seriously again. You don’t get much bigger than Unreal Engine 4.

So yeah... if you have Firefox 52, then play around with it. It’s free.

Source: Mozilla

Firefox 52 Adds WebAssembly

Subject: General Tech | March 8, 2017 - 04:00 PM |
Tagged: mozilla, webassembly, javascript, firefox

Mozilla’s latest browser version, Firefox 52, was just released to the public on Tuesday. I wasn’t planning on putting up a post about it, but I just found out that it includes the ability to ingest applications written in WebAssembly. This is client-side language for browsers to be a compile target for C, C++, and other human-facing languages (such as Rust). Previously, these applications needed to transpile into JavaScript, which has several limitations.

Honestly, I haven’t heard much from WebAssembly in several months, so I was figured they were still quite a ways off. Several big engines, like Unreal Engine 4, not really putting their weight behind HTML5 as much as they were about three years ago, during the Windows 8- and iOS-era. Now I see the above video, which starts with Tim Sweeney and goes on to include others from Mozilla, Autodesk, and Unity, and I am starting to assume that I just wasn’t looking in the right areas.

Some features of WebAssembly include native 64-bit integer types and actual memory management. In JavaScript, the "number" type basically exists in a quazi-state between int32 and FP64. WebGL added a few containers for smaller data types, but it couldn't go larger than what "number" allowed, so int64 and uint64 couldn't be represented. Also, JavaScript requires garbage collection to be run on the browser's schedule, which limits the developer's control to "don't generate garbage and hope the GC keeps sleeping".

According to the video, though, it sounds like application startup time is the primary reason for shipping WebAssembly. That could just be what they feel the consumer-facing message should convey, though. I should probably poke around and see what some web and game developer contacts think about WebAssembly.

Firefox 52 is now available.

Source: Mozilla