Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

Google

Google To Disable Fallback To SSL 3.0 In Chrome 39 and Remove In Chrome 40 48

Posted by samzenpus
from the get-it-out dept.
An anonymous reader writes Google today announced plans to disable fallback to version 3 of the SSL protocol in Chrome 39, and remove SSL 3.0 completely in Chrome 40. The decision follows the company's disclosure of a serious security vulnerability in SSL 3.0 on October 14, the attack for which it dubbed Padding Oracle On Downgraded Legacy Encryption (POODLE). Following Mozilla's decision on the same day to disable SSL 3.0 by default in Firefox 34, which will be released on November 25, Google has laid out its plans for Chrome. This was expected, given that Google Security Team's Bodo Möller stated at the time: "In the coming months, we hope to remove support for SSL 3.0 completely from our client products."
Microsoft

Microsoft Is Bringing WebRTC To Explorer, Eyes Plugin-Free Skype Calls 66

Posted by samzenpus
from the call-window dept.
An anonymous reader writes Microsoft today announced it is backing the Web Real-Time Communication (WebRTC) technology and will be supporting the ORTC API in Internet Explorer. Put another way, the company is finally throwing its weight behind the broader industry trend of bringing voice and video calling to the browser without the need for plugins. Both Google and Mozilla are way ahead of Microsoft in this area, both in terms of adding WebRTC features to their respective browsers and in terms of building plugin-free calling services that rely on the technology. In short, Skype is under threat, and Microsoft has finally decided to opt for an "If you can't beat 'em, join 'em" strategy.
Chromium

Building All the Major Open-Source Web Browsers 106

Posted by Soulskill
from the who-needs-packages dept.
An anonymous reader writes: Cristophe de Dinechin, long-time software developer, has an interesting article on the processes involved in building the major browsers. From the article:

"Mozilla Firefox, Chromium (the open-source variant of Chrome) and WebKit (the basis for Safari) are all great examples of open-source software. The Qt project has a simple webkit-based web browser in their examples. So that's at least four different open-source web browsers to choose from. But what does it take to actually build them? The TL;DR answer is that these are complex pieces of software, each of them with rather idiosyncratic build systems, and that you should consider 100GB of disk space to build all the browsers, a few hours of download, and be prepared to learn lots of new, rather specific tools."
Java

Adobe: Click-to-Play Would Have Avoided Flood of Java Zero-days 111

Posted by Soulskill
from the of-pots-and-kettles dept.
mask.of.sanity writes: Oracle could have saved mountains of cash and bad press if Click-to-Play was enabled before Java was hosed by an armada of zero day vulnerabilities, Adobe security boss Brad Arkin says. The simple fix introduced into browsers over the last year stopped the then zero day blitzkrieg in its tracks by forcing users to click a button to enable Java.
Internet Explorer

Microsoft's JavaScript Engine Gets Two-Tiered Compilation 46

Posted by Soulskill
from the under-the-hood dept.
jones_supa writes: The Internet Explorer team at Microsoft recently detailed changes to the JavaScript engine coming in Windows 10. A significant change is the addition of a new tier in the Just-in-Time (JIT) compiler. In Windows 10, the Chakra JS engine now includes a second JIT compiler that bridges the gap between slow, interpreted code and fast, optimized code. It uses this middle-tier compiler, called Simple JIT, as a "good enough" layer that can move execution away from the interpreter quicker than the Full JIT can. Microsoft claims that the changes will allow certain workloads to "run up to 30% faster". The move to a two-tiered JIT compiler structure mirrors what other browsers have done. SpiderMonkey, the JavaScript engine in Firefox, has an interpreter and two compilers: Baseline and IonMonkey. In Google Chrome, the V8 JavaScript engine is also a two-tiered system. It does not use an interpreter, but compiles on a discrete background thread.
DRM

Mozilla Teams Up With Humble Bundle To Offer Eight Plugin-Free Games 67

Posted by samzenpus
from the stay-inside-and-play dept.
An anonymous reader writes Mozilla and Humble Bundle announced a new package that features award-winning indie best-sellers for which gamers can choose how much they want to pay. Naturally called the Humble Mozilla Bundle, the package consists of eight games that have been ported to the Web. The first five games (Super Hexagon, AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome, Osmos, Zen Bound 2, and Dustforce DX) can cost you whatever you want. The next two (Voxatron and FTL: Faster Than Light) can be had if you beat the average price for the bundle. You can pay $8 or more to receive all of the above, plus the last game, Democracy 3. Previously, all of these indie games were available only on PC or mobile. Now they all work in browsers on Windows, Mac, and Linux without having to install any plugins.
Firefox

Firefox 33 Arrives With OpenH264 Support 114

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Mozilla today officially launched Firefox 33 for Windows, Mac, Linux, and Android. Additions include OpenH264 support as well as the ability to send video content from webpages to a second screen. Firefox 33 for the desktop is available for download now on Firefox.com, and all existing users should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on Google Play. Full changelogs are available here: desktop and Android."
Bug

Bugzilla Bug Exposes Zero-Day Bugs 34

Posted by samzenpus
from the bug-hive dept.
tsu doh nimh writes A previously unknown security flaw in Bugzilla — a popular online bug-tracking tool used by Mozilla and many of the open source Linux distributions — allows anyone to view detailed reports about unfixed vulnerabilities in a broad swath of software. Bugzilla is expected today to issue a fix for this very serious weakness, which potentially exposes a veritable gold mine of vulnerabilities that would be highly prized by cyber criminals and nation-state actors.
Media

Matchstick and Mozilla Take On Google's Chromecast With $25 Firefox OS Dongle 106

Posted by timothy
from the what-can-it-slurp dept.
An anonymous reader writes Matchstick and Mozilla today announced their open-source take on the Chromecast: a $25 Firefox OS-powered HDMI dongle. The streaming Internet and media stick will be available first through Kickstarter, in the hopes to drive down the price tag. Jack Chang, Matchstick General Manager in the US, described the device to me as "essentially an open Chromecast." He explained that while the MSRP is $25 (Google's Chromecast retails for $35), the Kickstarter campaign is offering a regular price of $18, and an early bird price of $12.
Encryption

Tor Executive Director Hints At Firefox Integration 117

Posted by Soulskill
from the foxes-love-onions dept.
blottsie writes: Several major tech firms are in talks with Tor to include the software in products that can potentially reach over 500 million Internet users around the world. One particular firm wants to include Tor as a "private browsing mode" in a mainstream Web browser, allowing users to easily toggle connectivity to the Tor anonymity network on and off. "They very much like Tor Browser and would like to ship it to their customer base," Tor executive director Andrew Lewman wrote, explaining the discussions but declining to name the specific company. "Their product is 10-20 percent of the global market, this is of roughly 2.8 billion global Internet users." The product that best fits Lewman's description, by our estimation, is Mozilla Firefox, the third-most popular Web browser online today and home to, you guessed it, 10 to 20 percent of global Internet users.
Cloud

Native Netflix Support Is Coming To Linux 178

Posted by Soulskill
from the a-pittance-of-love dept.
sfcrazy writes: Native support for Netflix is coming to Linux, thanks to their move from Silverlight to HTML5, Mozilla and Google Chrome. Paul Adolph from Netflix proposed a solution to Ubuntu developers: "Netflix will play with Chrome stable in 14.02 if NSS version 3.16.2 or greater is installed. If this version is generally installed across 14.02, Netflix would be able to make a change so users would no longer have to hack their User-Agent to play." The newer version of NSS is set to go out with the next security update.
Open Source

An Open Source Pitfall? Mozilla Labs Closed, Quietly 112

Posted by timothy
from the same-people-are-still-smart dept.
mikejuk writes with this excerpt: When Google Labs closed there was an outcry. How could an organization just pull the rug from under so many projects? At least Google announced what it was doing. Mozilla, it seems since there is no official record, just quietly tiptoes away — leaving the lights on since the Mozilla Labs Website is still accessible. It is accessible but when you start to explore the website you notice it is moribund with the last blog post being December 2013 with the penultimate one being September 2013. The fact that it is gone is confirmed by recent blog posts and by the redeployment of the people who used to run it. The projects that survived have been moved to their own websites. It isn't clear what has happened to the Hatchery -the incubator that invited new ideas from all and sundry. One of the big advantages of open source is the ease with which a project can be started. One of the big disadvantages of open source is the ease with which projects can be allowed to die — often without any clear cut time of death. It seems Mozilla applies this to groups and initiatives as much as projects. This isn't good. The same is true at companies that aren't open source centric, though, too, isn't it?
Encryption

Why Google Is Pushing For a Web Free of SHA-1 108

Posted by Soulskill
from the collision-course dept.
An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."
Security

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted 67

Posted by Soulskill
from the 2048-bits-ought-to-be-enough-for-anyone dept.
msm1267 writes: Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moore's Project Sonar, which indexes more than 20 million websites, found 107,535 sites using a cert signed by what will soon be an untrusted CA certificate. Grouping those 107,000-plus sites by certificate expiration date, the results show that 76,185 certificates had expired as of Aug. 25; of the 65 million certificates in the total scan, 845,599 had expired but were still in use as of Aug. 25, Moore said.
Firefox

Firefox 32 Arrives With New HTTP Cache, Public Key Pinning Support 220

Posted by Soulskill
from the cache-money dept.
An anonymous reader writes: Mozilla today officially launched Firefox 32 for Windows, Mac, Linux, and Android. Additions include a new HTTP cache for improved performance, public key pinning support, and easy language switching on Android. The Android version is trickling out slowly on Google Play. Changelogs are here: desktop and mobile.
Firefox

Mozilla To Support Public Key Pinning In Firefox 32 90

Posted by Soulskill
from the pin-the-key-on-the-fox dept.
Trailrunner7 writes: Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla's own sites, all of the sites pinned in Google Chrome and several Twitter sites. Public-key pinning has emerged as an important defense against a variety of attacks, especially man-in-the-middle attacks and the issuance of fraudulent certificates. The function essentially ties a public key, or set of keys, issued by known-good certificate authorities to a given domain. So if a user's browser encounters a site that's presenting a certificate that isn't included in the set of pinned public keys for that domain, it will then reject the connection. The idea is to prevent attackers from using fake certificates in order to intercept secure traffic between a user and the target site.
Firefox

Mozilla Rolls Out Sponsored Tiles To Firefox Nightly's New Tab Page 171

Posted by timothy
from the now-how-much-would-you-pay? dept.
An anonymous reader writes Mozilla has rolled out directory tiles, the company's advertising experiment for its browser's new tab page, to the Firefox Nightly channel. We installed the latest browser build to give the sponsored ads a test drive. When you first launch Firefox, a message on the new tab page informs you of the following: what tiles are (with a link to a support page about how sponsored tiles work), a promise that the feature abides by the Mozilla Privacy Policy, and a reminder that you can turn tiles off completely and choose to have a blank new tab page. It's quite a lot to take in all at once.
Mozilla

$33 Firefox Phone Launched In India 83

Posted by samzenpus
from the cheaper-by-the-dozen dept.
davidshenba writes Intex and Mozilla have launched Cloud FX, a smartphone powered by Mozilla's Firefox OS. The phone has a 1 GHz processor, 2 Megapixel camera, dual SIM, 3.5 inch capacitive touchscreen. Though the phone has limited features, initial reviews say that the build quality is good for the price range. With a price tag of $33 (2000 INR), and local languages support the new Firefox phone is hitting the Indian market of nearly 1 billion mobile users.
Real Time Strategy (Games)

Auralux Release For Browsers Shows Emscripten Is Reaching Indie Devs 44

Posted by Soulskill
from the hope-your-servers-are-ready dept.
New submitter MorgyTheMole writes Porting C++/OpenGL based games using Emscripten and WebGL has been an approach pushed by Mozilla for some time now. Games using the technology are compatible with most modern browsers and require no separate install. We've seen Epic Games demonstrate UnrealEngine 4 in browser as well as Unity show off a variety of games. Now as the technology matures, indie devs are looking to get into the mix, including this near one-to-one port of E McNeill's Auralux, a simplified RTS game, from Android and iOS. (Disclosure: I am a programmer who worked on this title.)

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin

Working...