hypnosec writes "Mozilla is not going ahead with its plans to block third-party cookies by default in the Beta version of its upcoming Firefox 22. Mozilla needs more time to analyze the outcome of blocking these cookies. The non-profit organization released Firefox Aurora on April 5 with a patch by Jonathan Mayer built into it which would only allow cookies from those websites which the user has visited. The patch would block the ones from sites which hadn't been visited yet. The reason for Mozilla's change in plans is that they're currently looking into 'false positives.' If a user visits one part of a group of site, cookies from that part will be allowed, but cookies from related sites in the group may be blocked, and they're worried it will create a poor user experience. On the other side of the coin, there are 'false negatives.' Just because a user may have visited a particular site doesn't mean she is comfortable with the idea of being tracked."
An anonymous reader writes "A report released this morning looks at the maintainability level of the Firefox codebase through five measures of architectural complexity. It finds that 11% of files in Firefox are highly interconnected, a value that went up significantly following version 3.0 and that making a change to a randomly selected file can, on average, directly impact eight files and indirectly impact over 1,400 files. All the data is made available and the report comes with an interactive Web-based exploratory tool." The complexity exploration tool is pretty neat.
An anonymous reader writes "Mozilla on Tuesday officially launched Firefox 21 for Windows, Mac, Linux, and Android. Improvements include the addition of multiple social providers on the desktop as well as open source fonts on Android. In the changelog, the company included an interesting point that's worth elaborating on: 'Preliminary implementation of Firefox Health Report.' Mozilla has revealed that FHR so far logs 'basic health information' about Firefox: time to start up, total running time, and number of crashes. Mozilla says the initial report is pretty simple but will grow 'in the coming months.' You can get it now from Mozilla."
MojoKid writes "Is the world really ready to shift from native apps to HTML5 Web apps? Probably not, at least not in North America yet, but developing nations may see it differently. That's the hope with Firefox OS, a web-based operating system that's (in theory) a lot more open. Of course, one needs only look at Microsoft's battle to get Windows Phone into a place of competition to realize that gaining market share is no easy task, which is why Mozilla will soon be handing out Firefox OS developer phones in order to bolster that. The company's goal is to get app builders to build for Firefox OS, so Mozilla is sending out free Preview handsets for folks to tinker with."
An anonymous reader writes "Frédéric Wang, an engineer at the MathJax project, reports that the latest nightly build of Firefox now passes the MathML Acid2 test. Screenshots in his post show a comparison with the latest nightly Chrome Canary, and it's not pretty. He writes 'Google developers forked Webkit and decided to remove from Blink all the code (including MathML) on which they don't plan to work in the short term.'"
An anonymous reader writes "Mozilla on Thursday announced the release of Firefox OS Simulator 3.0, polishing all the features in the preview release as well as making a few more improvements. You can download version 3.0 now for Windows, Mac, and Linux from Mozilla Add-Ons. The following features included in the simulator are now functionally stable, according to Mozilla:
- Push to Device
- Rotation simulation
- Basic geolocation API simulation
- Manifest validation
- Stability fixes for installation and updates to apps
- Newer versions of the Firefox rendering engine and Gaia (the UI for Firefox OS)."
Jakob Perry organized the first LinuxFest Northwest when he was still a student. He got off to a good start: now LFNW has been running for 14 years, and has retained its flavor as a low-key, friendly conference. Exhibitors from Linux distributions from tiny (CrunchBang) to huge (Red Hat) were on hand for 2013, and enough speakers and topics to fill about 80 different sessions over the two days of the conference. Not all of it's about Linux per se, either: the EFF and FSF were represented, along with a BSD table, and a local astronomy group with a great name. At this year's event I ran into the first Firefox OS phone that I've had a chance to play with in person. Firefox OS integrates Linux by way of the Android kernel, but is otherwise its own beast. Ubuntu and Mozilla contributor Benjamin Kerensa was on hand to talk about what makes it tick, and to give a demo of the all-HTML5 interface.
nk497 writes "Mozilla has sent a cease-and-desist order to Gamma International, after it was revealed the controversial creator of spyware for governments was disguising itself as Firefox on PCs. 'We cannot abide a software company using our name to disguise online surveillance tools that can be — and in several cases actually have been — used by Gamma's customers to violate citizens' human rights and online privacy,' Mozilla said." DavidGilbert99 writes on the wider implications of the Citizen Lab report: "Governmental spying software has been in the news a lot in recent months and today Citizen Lab has revealed its latest findings, showing that one of the most prolific tools in use, Finfisher, is now in use in 36 countries around the world [beware the auto playing video ads with sound]." And, Voulnet adds "According to analysis and report by CitizenLab of the Gamma FinFisher trojan spyware used against dissidents in the middle east and around the world, the FinFisher codebase uses the LGPL GNU Multiple Precision Arithmetic Library, possibly without adhering to its distribution restrictions."
ndogg writes "Mozilla is considering pulling TeliaSonera from its list of root certificate SSL providers. They have asked for comments on this on their mailing list. They're concerned about the use of the certificates by those governments for spying on its citizens, particularly in Azerbaijan, Kazakhstan, Georgia, Uzbekistan and Tajikistan — where TeliaSonera operates subsidiaries or is heavily invested. Mozilla's concern is that TeliaSonera has possibly issued certificates that allow hardline government servers to masquerade as legitimate websites — so-called man-in-the-middle attacks — and decrypt web traffic. This alleged activity would contradict Mozilla's policy against 'knowingly issuing certificates without the knowledge of the entities whose information is referenced in the certificates.'"
krygny sends this quote from The Economist: "The internet browser you are using to read this blog post could help a potential employer decide whether or not you would do well at a job. How might your choice of browser affect your job prospects? When choosing among job applicants, employers may be swayed by a range of factors, knowingly and unknowingly. ... Evolv, a company that monitors recruitment and workplace data, has suggested that there are better ways to identify the right candidate for job. ... Among other things, its analysis found that those applicants who have bothered to install new web browsers on their computers (such as Mozilla's Firefox or Google's Chrome) perform better and stay in their posts for 15% longer, on average."
tsamsoniw writes "Mozilla today unveiled Persona Beta 2, the newest edition of the organization's open authentication system. The release includes Identity Bridging, which lets user sign in to Persona-supported sites using their existing webmail accounts, starting with Yahoo. Mozilla used the release as an opportunity to bash social sign-in offerings from Facebook and Twitter, which 'conflate the act of signing into a website with sharing access to your social network, and often granting the site permission to publish on your behalf,' said Lloyd Hilaiel, technical lead for Mozilla Persona. He added that they are built in such a way that social providers have full visibility into a user's browsing behavior."
AmiMoJo writes "It looks like Mozilla are finally going to remove the much hated blink tag from the Gecko rendering engine that powers Firefox. Work to remove support for the tag, which was always non-standard and is not supported by the most popular HTML layout engines WebKit and Blink (Chrome, Safari, Opera, Android), is progressing and should show up in a future version of the browser." A comment attached to the discussion of this (not completed) move points out the odd possibility that Google's new Blink rendering engine may feature the blink tag via CSS animation, which would be "hilarious/awesome."
hypnosec writes "Mozilla has developed an open payment service API to support app purchases in Firefox OS, and has released a draft version allowing app developers to process payments. Pointing out the drawbacks of the different models for payments on the web that are currently available, Mozilla has revealed that it is looking to introduce a common web API that would make payments through web devices easier and more secure while being flexible and retaining today's checkout button features that are available for merchants. Partly based on Google Wallet, Mozilla's WebPayment API will remain open to ensure that it is used by a wide range of payment service providers. As a first step towards this, Mozilla has introduced the navigator.mozPay function, allowing web apps to accept payments."
An anonymous reader writes with this bit from The Next Web: "Mozilla and Samsung on Wednesday announced a new partnership to build a 'next generation' web browser engine called Servo. The ultimate goal is to bring the technology to Android and ARM, though the two companies have not shared a timeframe for a possible launch. With the help of Samsung, Mozilla is bringing both the Rust programming language as well as Servo to Android and ARM. Samsung's contribution so far has been an ARM backend to Rust as well as the build infrastructure necessary to cross-compile to Android. In fact, the code is available now on GitHub, as is the source for Rust and Servo." For those unfamiliar, Rust is Mozilla's new safe systems programming language (kind of like BitC), and Servo is their general project to write a brand new engine using Rust. Rust has an interesting memory model that eliminates much difficulty in reasoning about threaded programs. If you know what you're doing, they claim you can cross compile the code for Android, but no functionality guarantees have been made.
An anonymous reader writes "Mozilla on Tuesday officially launched Firefox 20 for Windows, Mac, Linux, and Android. The improvements include per-window private browsing, a new download manager in the Firefox toolbar, and the ability to close hanging plugins without the browser hanging. The new desktop version was available as of yesterday on the organization's FTP servers, but that was just the initial release of the installers. Firefox 20 has now officially been made available over on Firefox.com and all users of old Firefox versions should be able to upgrade to it automatically. As always, the Android version is trickling out slowly on the official Google Play Store. The changelogs are here: desktop and Android."
Billly Gates writes "With the new leaked videos and screenshots of Windows Blue released, IE 11 is also included. IE 10 just came out weeks ago for Windows 7 users and Microsoft is more determined than ever to prevent IE from becoming irrelevant as Firefox and Chrome scream past it by also including a faster release schedule. A few beta testers reported that IE 11 changed its user agent string from MSIE to IE with the 'like gecko' command included. Microsoft may be doing this to stop web developers stop feeding broken IE 6-8 code and refusing to serve HTML 5/CSS 3 whenever it detects MSIE in its user agent string. Unfortunately this will break many business apps that are tied to ancient and specific version of IE. Will this cause more hours of work for web developers? Or does IE10+ really act like Chrome or Firefox and this will finally end the hell of custom CSS tricks?"
psykocrime writes "The crazy kids at Fogbeam Labs have started a discussion about Google and their relationship with the Open Web, and questioning who will step up to defend these principles, even as Google seem to be abdicating their position as such a champion. Some candidates mentioned include Yahoo, IBM, Red Hat, Mozilla, Microsoft and The Wikimedia Foundation, among others. The question is, what organization(s) have both the necessary clout and the required ethical principles, to truly champion the Open Web, in the face of commercial efforts which are clearly inimical to Open Source, Open Standards, Libre Culture and other elements of an Open Web?"