Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Displays

Virtual Desktop Makes Windows OS Oculus Rift-Capable 47

Posted by timothy
from the with-a-little-help dept.
An anonymous reader writes Virtual Desktop is a free program that makes the Windows operating system compatible with the Oculus Rift VR headset. To the surprise of some, plugging the Oculus Rift into a computer doesn't result in a native view of the OS, meaning that users have to put on and take off the headset as they move from one VR-specific app to the next. If you want to use typical Windows programs—like Photoshop, Firefox, or Microsoft Office—no dice! That's where Virtual Desktop comes in, enabling the entire Windows desktop, and any application that can run on it, to be seen through the Oculus Rift. It also works as a bridge between VR-specific applications, allowing you to move from one to the next without ever taking off the headset. The latest version released today includes voice commands for launching VR games, global monitor mirroring, performance improvements, and is built against the latest Oculus Rift SDK.
Firefox

Mozilla Rolls Back Firefox 37's Opportunistic Encryption Over Security Issue 42

Posted by Soulskill
from the generates-too-many-opportunities dept.
darthcamaro writes: Barely a week ago, Mozilla released Firefox 37, which had a key new feature called opportunistic encryption. The basic idea is that it will do some baseline encryption for data that would have otherwise been sent by a user via clear text. Unfortunately, Mozilla has already issued Firefox 37.0.1, which removes opportunistic encryption. A security vulnerability was reported in the underlying Alternative Services capability that helps to enable opportunistic encryption. "If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle, replacing the original certificate with their own." They plan to re-enable opportunistic encryption when this issue is investigated and fixed.
Firefox

MP3 Backend of Firefox and Thunderbird Found Vulnerable 60

Posted by samzenpus
from the protect-ya-neck dept.
jones_supa writes A critical vulnerability has been found in the MPEG-1 Layer III playback backend of Mozilla Firefox and Thunderbird. Security researcher Aki Helin reported a use-after-free scenario when playing certain audio files on the web using the Fluendo MP3 plugin for GStreamer on Linux. This is due to a flaw in handling certain MP3 files by the plugin and its interaction with Mozilla code. A maliciously crafted MP3 file can lead to a potentially exploitable crash. Linux is the only affected platform, so Windows and OS X users are safe from this particular vulnerability.
Firefox

Firefox 37 Released 156

Posted by Soulskill
from the onward-and-upward dept.
Today Mozilla began rolling out Firefox version 37.0 to release channel users. This update mostly focuses on behind-the-scenes changes. Security improvements include opportunistic encryption where servers support it and improved protection against site impersonation. They also disabled insecure TLS version fallback and added a security panel within the developer tools. One of the things end users will see is the Heartbeat feedback collection system. It will pop up a small rating widget to a random selection of users every day. After a user rates Firefox, an "engagement" page may open in the background, with links to social media pages and a donation page. Here are the release notes and full changelist.
Classic Games (Games)

SuperMario 64 Coming To a Browser Near You! 97

Posted by samzenpus
from the play-time dept.
Billly Gates writes Since Unity has been given a liberal license and free for non commercial developers it has become popular. A computer science student Erik Roystan Ross used the tool to remake SuperMario 64 with a modern Unity 5 engine. There is a video here and if you want to play the link is here. You will need Firefox or Chrome which has HTML 5 for gamepad support if you do not want to use the keyboard. "I currently do not have any plans to develop this any further or to resolve any bugs, unless they're horrendously game-breaking and horrendously simple to fix," says Ross.
United Kingdom

UK Licensing Site Requires MSIE Emulation, But Won't Work With MSIE 158

Posted by timothy
from the strange-circlings-back dept.
Anne Thwacks writes The British Government web site for applying for for a licence to be a security guard requires a plugin providing Internet Explorer emulation on Firefox to login and apply for a licence. It won't work with Firefox without the add-on, but it also wont work with Internet Explorer! (I tried Win XP and Win7 Professional). The error message says "You have more than one browser window open on the same internet connection," (I didn't) and "to avoid this problem, close your browser and reopen it." I did. No change.

I tried three different computers, with three different OSes. Still no change. I contacted their tech support and they said "Yes ... a lot of users complain about this. We have known about it since September, and are working on a fix! Meanwhile, we have instructions on how to use the "Fire IE" plugin to get round the problem." Eventually, I got this to work on Win7pro. (The plugin will not work on Linux). The instructions require a very old version of the plugin, and a bit of trial and error is needed to get it to work with the current one. How can a government department concerned with security not get this sort of thing right?"
Chrome

Every Browser Hacked At Pwn2own 2015, HP Pays Out $557,500 In Awards 237

Posted by Soulskill
from the another-four-bite-the-dust dept.
darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.
Firefox

Analysis: People Who Use Firefox Or Chrome Make Better Employees 127

Posted by Soulskill
from the also-handsomer-and-better-at-darts dept.
HughPickens.com writes: In the world of Big Data, everything means something. Now Joe Pinsker reports that Cornerstone OnDemand, a company that sells software that helps employers recruit and retain workers, has found after analyzing data on about 50,000 people who took its 45-minute online job assessment, that people who took the test on a non-default browser, such as Firefox or Chrome, ended up staying at their jobs about 15 percent longer than those who stuck with Safari or Internet Explorer. They also tended to perform better on the job as well. Chief Analytics Officer Michael Housman offered an explanation for the results in an interview with Freakonomics Radio: "I think that the fact that you took the time to install Firefox on your computer shows us something about you. It shows that you're someone who is an informed consumer," says Housman. "You've made an active choice to do something that wasn't default." But why would a company care about something as seemingly trivial as the browser a candidate chooses to use? "Call centers are estimated to suffer from a turnover rate of about 45 percent annually (PDF), and it can cost thousands of dollars to hire new employees," says Pinsker. "Because of that, companies are eager to find any proxy for talent and dedication that they can."
Mozilla

Mozilla: Following In Sun's Faltering Footsteps? 300

Posted by Soulskill
from the don't-let-the-sun-go-down-on-them dept.
snydeq writes: The trajectory of Mozilla, from the trail-blazing technologies to the travails of being left in the dust, may be seen as paralleling that of the now-defunct Unix systems giant Sun. The article claims, "Mozilla has become the modern-day Sun Microsystems: While known for churning out showstopping innovation, its bread-and-butter technology now struggles." It goes on to mention Firefox's waning market share, questions over tooling for the platform, Firefox's absence on mobile devices, developers' lack of standard tools (e.g., 'Gecko-flavored JavaScript'), and relatively slow development of Firefox OS, in comparison with mobile incumbents.
Chrome

Firefox 37 To Check Security Certificates Via Blocklist 29

Posted by timothy
from the making-a-list-pushing-it-multiple-times dept.
An anonymous reader writes The next version of Firefox will roll out a 'pushed' blocklist of revoked intermediate security certificates, in an effort to avoid using 'live' Online Certificate Status Protocol (OCSP) checks. The 'OneCRL' feature is similar to Google Chrome's CRLSet, but like that older offering, is limited to intermediate certificates, due to size restrictions in the browser. OneCRL will permit non-live verification on EV certificates, trading off currency for speed. Chrome pushes its trawled list of CA revocations every few hours, and Firefox seems set to follow that method and frequency. Both Firefox and Chrome developers admit that OCSP stapling would be the better solution, but it is currently only supported in 9% of TLS certificates.
Firefox

Firefox 36 Arrives With Full HTTP/2 Support, New Design For Android Tablets 147

Posted by Soulskill
from the onward-and-upward dept.
An anonymous reader writes: Mozilla today launched Firefox 36 for Windows, Mac, Linux, and Android. Additions to the browser include some security improvements, better HTML 5 support, and a new tablet user interface on Android. The biggest news for the browser is undoubtedly HTTP/2 support, the roadmap for which Mozilla outlined just last week. Mozilla plans to keep various draft levels of HTTP/2, already in Firefox, for a few versions. These will be removed "sometime in the near future." The full changelog is here.
Chrome

Ask Slashdot: Most Useful Browser Extensions? 353

Posted by Soulskill
from the still-waiting-on-an-extension-that-makes-me-lunch dept.
An anonymous reader writes: One of the most powerful features of modern browsers is the ability to install third-party extensions. They allow third-party developers to work on really useful niche functionality, and let users customize their browser with the tools they need. Unfortunately, this environment has the same discover-ability and security problems as standalone software. Thus, my question: what are your most useful (and safe) browser extensions? I can't live without some privacy basics like NoScript, AdBlock, and Ghostery. I also find FoxyProxy helpful for getting around geolocation requirements for media streaming. OneTab works pretty well for saving groups of browser tabs, and Pushbullet keeps getting better at managing my phone while I'm at my PC.
Mozilla

Firefox To Mandate Extension Signing 196

Posted by samzenpus
from the changing-things-up dept.
First time accepted submitter x0ra writes In a recent blog post, Mozilla announced its intention to require extensions to be signed in Firefox, without any possible user override. From the post: "For developers hosting their add-ons on AMO, this means that they will have to either test on Developer Edition, Nightly, or one of the unbranded builds. The rest of the submission and review process will remain unchanged, except that extensions will be automatically signed once they pass review. For other developers, this is a larger change. For testing development versions, they’ll have the same options available as AMO add-on developers. For release versions, however, we’re introducing the required step of uploading the extension file to AMO for signing. For most cases, this step will be automatic, but in cases where the extension doesn’t pass these tests, there will be the option to request a manual code review."
DRM

Kickstarted Firefox OS HDMI Dongle Delayed, DRM Support Being Added 106

Posted by Soulskill
from the surprise! dept.
An anonymous reader writes: You may recall last September when Mozilla and a new company named Matchstick announced a Kickstarter project for a new device that would compete with Google's Chromecast. It was an HDMI dongle for streaming media that runs on Firefox OS. They easily quadrupled their $100,000 funding goal, and estimated a ship date of February, 2015. Well, they emailed backers today to say that the Matchstick's release is being pushed back to August. They list a few reasons for the delay. For one, they want to upgrade some of the hardware: they're swapping the dual-core CPU for a quad-core model, and they're working on the Wi-Fi antenna to boost reception. But on the software side, the biggest change they mention is that they're adding support for DRM. This is a bit of a surprise, since all they said on the Kickstarter about DRM was that they hoped it would be handled "either via the playback app itself or the OS." Apparently this wasn't possible, so they're implementing Microsoft PlayReady tech on the Matchstick.
Firefox

Firefox Succeeded In Its Goal -- But What's Next? 296

Posted by Soulskill
from the building-actual-foxes-made-of-fire dept.
trawg writes: It's been more than 10 years since Mozilla released version 1.0 of Firefox, one of their first steps in their mission to 'preserve choice and innovation on the Internet'. Firefox was instrumental in shattering the web monoculture, but the last few years of development have left users uninspired. "Their goal was never to create the most popular browser in the world, or the one with the best UX, or the one with the most features, or the one with the best developer mode. ... It would be foolish to say a monoculture will never arise again (Google are making some scary moves with Chrome-only web applications). But at this point in time while Chrome is the ascendant browser (largely at the expense of Firefox), Mozilla’s ability to impact the web in general is greatly reduced." Perhaps it is time to move on to the next challenge — ensuring there is a strong Thunderbird to help preserve a free and open email ecosystem.
Advertising

Ask Slashdot: Gaining Control of My Mobile Browser? 223

Posted by Soulskill
from the lagging-utility dept.
An anonymous reader writes: I run Firefox with NoScript and FlashBlock at home. Browsing is easy, and I only have to enable scripts on a few sites. If they have 20+ scripts, I just surf somewhere else. Fast forward to the mobile experience. I had an Android device, but now I have an iPhone. In addition to the popup problem, and the fake "X" on ads, the iPhone browsers (Safari, Chrome, Opera) will start to show a site, then they will lock up for 10-30 seconds before finally becoming responsive. If I switch back to another app and then return to the browser, Safari and Chrome have a little delay, but Opera delays 20+ seconds before becoming responsive again.

Firefox is not available on the iPhone, so I can't simply run NoScript. Chrome does not appear to have a NoScript equivalent for mobile. What solutions are you using to make mobile browsing work?
Youtube

YouTube Ditches Flash For HTML5 Video By Default 225

Posted by Soulskill
from the now-if-they-can-ditch-the-commenters dept.
An anonymous reader writes: YouTube today announced it has finally stopped using Adobe Flash by default. The site now uses its HTML5 video player by default in Google's Chrome, Microsoft's IE11, Apple's Safari 8, and in beta versions of Mozilla's Firefox browser. At the same time, YouTube is now also defaulting to its HTML5 player on the web. In fact, the company is deprecating the "old style" Flash object embeds and its Flash API, pointing users to the iFrame API instead, since the latter can adapt depending on the device and browser you're using.
Opera

Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser 158

Posted by timothy
from the sink-within-a-sink dept.
New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.
Software

Windows 10 IE With Spartan Engine Performance Vs. Chrome and Firefox 181

Posted by Soulskill
from the attempting-to-battle-back dept.
MojoKid writes: In Microsoft's latest Windows 10 preview build released last week, Cortana made an entrance, but the much-anticipated Spartan browser did not. However, little did we realize that some of Spartan made the cut, in the form of an experimental rendering engine hidden under IE's hood. Microsoft has separated its Trident rendering engine into two separate versions: one is for Spartan, called EdgeHTML, while the other remains under its legacy naming with Internet Explorer. The reason Microsoft doesn't simply forego the older version is due to compatibility concerns. If you're running the Windows 10 9926 build, chances are good that you're automatically taking advantage of the new EdgeHTML engine in IE. To check, you can type 'about:flags' into the address bar. "Automatic" means that the non-Spartan Trident engine will be called-upon only if needed. In all other cases, you'll be taking advantage of the future Spartan web rendering engine. Performance-wise, the results with IE are like night and day in certain spots. Some of the improvements are significant. IE's Sunspider result already outperforms the competition, but it has been further improved. And with Kraken, the latency with the Spartan-powered Trident engine dropped 40%. Similar results are seen with a boost in the Octane web browser test as well.
Security

Adobe Patches One Flash Zero Day, Another Still Unfixed 49

Posted by timothy
from the cross-platform dept.
Trailrunner7 writes Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is under active attack, but Adobe officials said that this flaw is not the one that security researcher Kafeine said Wednesday was being used in the Angler attacks. The patch for Flash comes just a day after Kafeine disclosed that some instances of the Angler exploit kit contained an exploit for a previously unknown vulnerability in the software. Adobe officials said Wednesday that they were investigating the reports. Kafeine initially saw Angler attacking the latest version of Flash in IE on Windows XP, Vista, 7 and 8, but said the exploit wasn't being used against Chrome or Firefox. On Thursday he said on Twitter that the group behind Angler had changed the code to exploit Firefox as well as fully patched IE 11 on Windows 8.1.