×
Mozilla

DuckDuckGo, Proton, Mozilla Throw Weight Behind Bill Targeting Big Tech 'Surveillance' (techradar.com) 5

A group of privacy-focused organizations have signed a letter imploring US Congress leaders to schedule a vote on a bill that would hamper data collection by tech giants and promote user access to online privacy tools. From a report: In its letter to Congress, addressed to the likes of Mitch McConnell and Nancy Pelosi, the alliance argued that the continued suppression of the American Innovation and Choice Online Act (AICOA) allows "dominant firms" to "limit competition and restrict user choice" when accessing privacy-focused technologies and products. It also accused tech giants of forcing users into accepting their policies of "perpetual surveillance" because of their positions as "gatekeepers," and of using their "influence in society" to steer users away from rival services more committed to privacy. Signatories included the likes of DuckDuckGo, Proton, Brave and Mozilla, among others, representing sectors ranging from VPN and search to web browsers, office software, and more. The letter to Congress fighting for the revival of the AICOA hit back at the idea that the US technology industry is a free market. The 13 signatories, all of which are relatively small in stature, claim the tech giants deliberately wield the depth and breadth of their product portfolios to establish unassailable monopolies.
Facebook

Report: Facebook has Started Encrypting Links to Counter Browsers' Anti-Tracking Measures (ghacks.net) 163

"Facebook has started to use a different URL scheme for site links," writes the technology blog Ghacks, "to combat URL stripping technologies that browsers such as Firefox or Brave use to improve privacy and prevent user tracking." Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102, which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser's Tracking Protection feature is set to strict. Firefox users may enable URL stripping in all Firefox modes, but this requires manual configuration. Brave Browser strips known tracking parameters from web addresses as well....

It is no longer possible to remove the tracking part of the URL, as Facebook merged it with part of the required web address.

Privacy

A New Attack Can Unmask Anonymous Users On Any Major Browser (wired.com) 58

An anonymous reader quotes a report from Wired: [R]esearchers from the New Jersey Institute of Technology are warning this week about a novel technique attackers could use to de-anonymize website visitors and potentially connect the dots on many components of targets' digital lives. The findings (PDF), which NJIT researchers will present at the Usenix Security Symposium in Boston next month, show how an attacker who tricks someone into loading a malicious website can determine whether that visitor controls a particular public identifier, like an email address or social media account, thus linking the visitor to a piece of potentially personal data.

When you visit a website, the page can capture your IP address, but this doesn't necessarily give the site owner enough information to individually identify you. Instead, the hack analyzes subtle features of a potential target's browser activity to determine whether they are logged into an account for an array of services, from YouTube and Dropbox to Twitter, Facebook, TikTok, and more. Plus the attacks work against every major browser, including the anonymity-focused Tor Browser. "If you're an average internet user, you may not think too much about your privacy when you visit a random website," says Reza Curtmola, one of the study authors and a computer science professor at NJIT. "But there are certain categories of internet users who may be more significantly impacted by this, like people who organize and participate in political protest, journalists, and people who network with fellow members of their minority group. And what makes these types of attacks dangerous is they're very stealthy. You just visit the website and you have no idea that you've been exposed."

How this de-anonymization attack works is difficult to explain but relatively easy to grasp once you have the gist. Someone carrying out the attack needs a few things to get started: a website they control, a list of accounts tied to people they want to identify as having visited that site, and content posted to the platforms of the accounts on their target list that either allows the targeted accounts to view that content or blocks them from viewing it -- the attack works both ways. Next, the attacker embeds the aforementioned content on the malicious website. Then they wait to see who clicks. If anyone on the targeted list visits the site, the attackers will know who they are by analyzing which users can (or cannot) view the embedded content. [...] Complicated as it may sound, the researchers warn that it would be simple to carry out once attackers have done the prep work. It would only take a couple of seconds to potentially unmask each visitor to the malicious site -- and it would be virtually impossible for an unsuspecting user to detect the hack. The researchers developed a browser extension that can thwart such attacks, and it is available for Chrome and Firefox. But they note that it may impact performance and isn't available for all browsers.

EU

EU Antitrust Regulators Probing Tech Group AOM's Video Licensing Policy (reuters.com) 15

EU antitrust regulators are investigating the video licensing policy of the Alliance for Open Media (AOM), whose members include Alphabet Google, Amazon, Apple and Meta , the European Commission said on Thursday. Reuters reports: Founded in 2015, the group aims to create a new standard software for streaming higher-quality 4K video on browsers, devices, apps, and gaming, known as AV1. While the AV1 software is not yet adopted widely, Netflix and YouTube have started using it for some customers, and browsers such as Google Chrome and Firefox have started to support the new format. Intel, Huawei, Mozilla, Samsung and Nvidia are also AOM members, according to its website.

In a questionnaire sent to some companies earlier this year and seen by Reuters, the EU watchdog said it was investigating alleged anti-competitive behavior related to the license terms of AV1 by AOM and its members in Europe. "The Commission has information that AOM and its members may be imposing licensing terms (mandatory royalty-free cross licensing) on innovators that were not a part of AOM at the time of the creation of the AV1 technical, but whose patents are deemed essential to (its) technical specifications," the paper said. It said this action may be restricting the innovators' ability to compete with the AV1 technical specification, and also eliminate incentives for them to innovate.

The questionnaire also asked about the impact of an AOM patent license clause in which licensees would have their patent licenses terminated immediately if they launched patent lawsuits asserting that implementation infringes their claims. Companies risk fines of up to 10% of their global turnover for breaching EU antitrust rules.

Firefox

Mozilla Releases Firefox 102 (mozilla.org) 44

williamyf writes: Today, Mozilla released Firefox 102.
New features include:
* Tired of too many windows crowding your screen? You can now disable automatic opening of the download panel every time a new download starts. Read more.
* Firefox now mitigates query parameter tracking when navigating sites in ETP strict mode.
* Subtitles and captions for Picture-in-Picture (PiP) are now available at HBO Max, Funimation, Dailymotion, Tubi, Disney+ Hotstar, and SonyLIV. This allows you to view video in a small window pinned to a corner of the screen while navigating between apps or browsing content on the main screen.

But do not get fooled, the most important feature is that this release is an ESR, this is super-important of a host of reasons:

* Firefox ESR is the basis for KaiOS (an evolution of BootToGecko), an OS for Semi-Smart Phones very popular in India (100milion+), SE Asia + Africa (~60Milion), so, whatever made the cut in 102 will define the base capabilities for KaiOS for the next year.

* Firefox ESR is the basis for Thunderbird, so, if you use Thunderbird or a derivative, whatever made the cut in 102 will underpin Thunderbird for the next year.

* Many popular Linux distros (like Debian or Kali) use Firefox ESR as the default browser.

* Many companies and organizations use Firefox ESR as their default browser, and many SW development companies certify Firefox ESR as an alowed browser for their SW.

So, 102 is a very important release, becuase it brings a year of advances to ESR.

Firefox

Is Firefox OK? (wired.com) 225

At the end of 2008, Firefox was flying high. Twenty percent of the 1.5 billion people online were using Mozilla's browser to navigate the web. In Indonesia, Macedonia, and Slovenia, more than half of everyone going online was using Firefox. "Our market share in the regions above has been growing like crazy," Ken Kovash, Mozilla's data analytics team manager at the time, wrote in a blog post. Almost 15 years later, things aren't so rosy. From a report: Across all devices, the browser has slid to less than 4 percent of the market -- on mobile it's a measly half a percent. "Looking back five years and looking at our market share and our own numbers that we publish, there's no denying the decline," says Selena Deckelmann, senior vice president of Firefox. Mozilla's own statistics show a drop of around 30 million monthly active users from the start of 2019 to the start of 2022. "In the last couple years, what we've seen is actually a pretty substantial flattening," Deckelmann adds.

In the two decades since Firefox launched from the shadows of Netscape, it has been key to shaping the web's privacy and security, with staff pushing for more openness online and better standards. But its market share decline was accompanied by two rounds of layoffs at Mozilla during 2020. Next year, its lucrative search deal with Google -- responsible for the vast majority of its revenue -- is set to expire. A spate of privacy-focused browsers now compete on its turf, while new-feature misfires have threatened to alienate its base. All that has left industry analysts and former employees concerned about Firefox's future. Its fate also has larger implications for the web as a whole. For years, it was the best contender for keeping Google Chrome in check, offering a privacy-forward alternative to the world's most dominant browser.

Firefox

Firefox Rolls Out Total Cookie Protection By Default To All Users Worldwide 72

Mozilla: Starting today, Firefox is rolling out Total Cookie Protection by default to all Firefox users worldwide, making Firefox the most private and secure major browser available across Windows and Mac. Total Cookie Protection is Firefox's strongest privacy protection to date, confining cookies to the site where they were created, thus preventing tracking companies from using these cookies to track your browsing from site to site. Whether it's applying for a student loan, seeking treatment or advice through a health site, or browsing an online dating app, massive amounts of your personal information is online -- and this data is leaking all over the web.

The hyper-specific-to-you ads you so often see online are made possible by cookies that are used to track your behavior across sites and build an extremely sophisticated profile of who you are. Recent stories (including an excellent Last Week Tonight episode) have shown how robust, yet under-the-radar, the data selling economy is and how easy it is for anyone to buy your data, combine it with more data about you and use it for a variety of purposes, even beyond advertising. It's an alarming reality -- the possibility that your every move online is being watched, tracked and shared -- and one that's antithetical to the open web we at Mozilla have strived to build. That's why we developed Total Cookie Protection to help keep you safe online.

Total Cookie Protection works by creating a separate "cookie jar" for each website you visit. Instead of allowing trackers to link up your behavior on multiple sites, they just get to see behavior on individual sites. Any time a website, or third-party content embedded in a website, deposits a cookie in your browser, that cookie is confined to the cookie jar assigned to only that website. No other websites can reach into the cookie jars that don't belong to them and find out what the other websites' cookies know about you -- giving you freedom from invasive ads and reducing the amount of information companies gather about you. This approach strikes the balance between eliminating the worst privacy properties of third-party cookies -- in particular the ability to track you -- and allowing those cookies to fulfill their less invasive use cases (e.g. to provide accurate analytics). With Total Cookie Protection in Firefox, people can enjoy better privacy and have the great browsing experience they've come to expect.
Firefox

Mozilla Releases Local Machine Translation Tools (mozilla.org) 33

Longtime Slashdot reader Artem S. Tashkinov writes: "In January of 2019, Mozilla joined the University of Edinburgh, Charles University, University of Sheffield and University of Tartu as part of a project funded by the European Union called Project Bergamot," writes Mozilla Speech and AI engineer Andre Natal in a blog post. "The ultimate goal of this consortium was to build a set of neural machine translation tools that would enable Mozilla to develop a website translation add-on that operates locally, i.e. the engines, language models and in-page translation algorithms would need to reside and be executed entirely in the user's computer, so none of the data would be sent to the cloud, making it entirely private..."

The result of this work is the translations add-on that is now available in the Firefox Add-On store for installation on Firefox Nightly, Beta and in General Release. It currently supports 14 languages. You can test the translation engine without installing the add-on.

Android

Murena, the Privacy-First Android Smartphone, Arrives (zdnet.com) 62

The /e/OS-powered Murena One is the first smartphone from Murena that does its best to free you from Google without sacrificing too many core features. There are no Google apps, Google Play Services, or even the Google Assistant. It's all been replaced by open-source software alternatives with privacy-respecting features. ZDNet's Steven Vaughan-Nichols reports: Murena and Mandrake Linux founder Gael Duval was sick of it by 2017. He wanted his data to be his data, and he wanted open-source software. Almost five years later, Duval and his co-developers launched the Murena One X2. It's the first high-end Android phone using the open-source /e/OS Android fork to arrive on the market. The privacy heart of the Murena One is /e/OS V1. There have been many attempts to create an alternative to Google-based Android and Apple's iOS -- Ubuntu One, FirefoxOS, and Windows Mobile -- but all failed. Duval's approach isn't to reinvent the mobile operating system wheel, but to clean up Android of its squeaky Google privacy-invading features and replace them with privacy-respecting ones. To make this happen, Duval started with LineageOS -- an Android-based operating system, which is descended from the failed CyanogenMod Android fork. It also blends in features from the Android Open Source Project (AOSP) source-code trees.

In the /e/OS, most (but not all) Google services have been removed and replaced with MicroG services. MicroG replaces Google's libraries with purely open-source implementations without hooks to Google's services. This includes libraries and apps which provide Google Play, Maps, Geolocation, and Messaging services for Android applications. In addition, /e/OS does its best to free you from higher-level Google services. For instance, Google's default search engine has been replaced with Murena's own meta-search engine. Other internet-based services, such as Domain Name Server (DNS) and Network Time Protocol (NTP), use non-Google servers. Above the operating system, you'll find Google-free applications. This includes a web browser; an e-mail client; a messaging app; a calendar; a contact manager; and a maps app that relies on Mozilla Location Service and OpenStreetMap. While it's not here yet, Murena is also working on its own take on Google Assistant, Elivia-AI. You can also run many, but not all Android apps. You'll find these apps on the operating system's App Lounge. [...]

There's still one big problem: the App Lounge still relies on you logging in with your Google account. In short, the App Lounge is mainly a gateway to Google Store apps. Munera assures me that the Lounge anonymizes your data -- except if you use apps that require payment. Still, this is annoying for people who want to cut all their ties with Google. The fundamental problem is this: Muena does all it can to separate its operating system and applications from Google, but it can't -- yet -- replace Google's e-commerce and software store system.
As for hardware specs, the $379 Murena One features a 6.5-inch IPS LCD display, eight-core MediaTek Helio P60 processor, side-mounted fingerprint scanner, three rear cameras (48MP + 8MP + 5MP) and 25MP front camera, and 4,500mAh battery. It also features a microSD card slot for expandable storage and headphone port.
Microsoft

Biggest Targets at Pwn2Own Event: Microsoft's Windows, Teams, and Ubuntu Desktop (hothardware.com) 17

As Pwn2Own Vancouver comes to a close, a whopping $1,115,000 has been awarded by Trend Micro and Zero Day Initiative. The 15th anniversary edition saw 17 "contestants" attacking 21 targets, reports Hot Hardware — though "the biggest payouts were for serious exploits against Microsoft's Teams utility." While Teams isn't technically a part of Windows, it does come bundled with all new installs of Windows 11, which means that these exploits are practically Windows exploits. Hector "p3rr0" Peralta, Masato Kinugawa, and STAR Labs each earned $150,000 for major exploits of the utility.

Windows 11 itself wasn't spared, though. Marcin Wiazowski and STAR Labs each earned $40,000 for privilege escalation exploits on Microsoft's operating system on day one, and on day two, TO found a similar bug for a $40,000 payout of his own. Day three saw no less than three more fresh exploits against Windows 11, all in the serious privilege escalation category; all three winners pocketed another $40,000....

Other targets attacked at Pwn2Own 2022 included Mozilla Firefox (hacked), Apple Safari (hacked), and Ubuntu Desktop (hacked)... Of course, details of the hacks aren't made public, because they're zero-days, after all. That means that they haven't been patched yet, so releasing details of the exploits could allow malicious actors to make use of the bugs. Details will be revealed 3 months from now, during which time Microsoft, Tesla, Apple, and others should have their software all sewn up.

With all the points totalled, the winner was Singapore-based cybersecurity company Star Labs, which was officially crowned "Master of Pwn" on Saturday. "They won $270,000 and 27 points during the contest," explains the official Twitter feed for Zero Day Initiative (the judges for the event).

A blog post from Zero Day Initiative describes all 21 attacks, including six successful attacks against Windows, three successful attacks against Teams — and four against Ubuntu Desktop.
Programming

Security Expert Nabs Expired Domain for a Popular NPM Library's Email Address (theregister.com) 16

"Security consultant Lance Vick recently acquired the expired domain used by the maintainer of a widely used NPM package," reports the Register, "to remind the JavaScript community that the NPM Registry still hasn't implemented adequate security." "I just noticed 'foreach' on NPM is controlled by a single maintainer," wrote Vick in a Twitter post on Monday. "I also noticed they let their domain expire, so I bought it before someone else did. I now control 'foreach' on npm, and the 36,826 projects that depend on it."

That's not quite the full story — he probably could have taken control but didn't. Vick acquired the lapsed domain that had been used by the maintainer to create an NPM account and is associated with the "foreach" package on NPM. But he said he didn't follow through with resetting the password on the email account tied to the "foreach" package, which is fetched nearly six million times a week. In an email to the Register, Vick explained... "I did not log into the account, as again, that crosses a line. I just sent a password reset email and bailed.

"Regardless of how much control I have over this particular package, which is unclear, NPM admits this particular expired domain problem is a known issue, citing this 2021 [research paper] which says, 'We also found 2,818 maintainer email addresses associated with expired domains, allowing an attacker to hijack 8,494 packages by taking over the NPM accounts.' In other words, anyone poking around is going to find accounts easy to take over in this way. I was not lucky or special." His point, which he has been trying for several years to communicate to those overseeing NPM — a part of GitHub since March 2020 — is that taking over the NPM account of a popular project to conduct a software supply chain attack continues to be too easy.

Part of the problem is that JavaScript developers often use packages that implement simple functions that are either already built into the language, like forEach, or ought to be crafted manually to avoid yet another dependency, like left-pad (now built-in as padStart). These trivial packages get incorporated into other packages, which may in turn become dependencies in different packages, thereby making the compromise of something like "foreach" a potentially far-reaching security incident.

But Vick argues that with so many upstream attack vectors, "We are all just trusting strangers on the internet to give us good candy from their truck," according to the Register. Their article points out that on Tuesday GitHub launched a beta test of improved 2FA security for all its NPM accounts — which Vick calls "a huge win... [T]hat is the best way to protect accounts. We in the security community have been demanding this for years."

But he's still worried about the possibility of email addresses with weak two-factor authentication or compromised NPM employees, and would like to see NPM implement cryptographic signatures for code. "I am talking with a member of their team tomorrow and we will see where this goes."
The Internet

Microsoft Edge Overtakes Safari As World's Second Most Popular Desktop Browser (macrumors.com) 100

Microsoft Edge has overtaken Apple's Safari to become the world's second most popular desktop browser, based on data provided by web analytics service StatCounter. MacRumors reports: According to the data, Microsoft Edge is now used on 10.07 percent of desktop computers worldwide, 0.46 percent ahead of Safari, which stands at 9.61 percent. Google Chrome remains in first place with a dominant 66.64 percent share, and Mozilla's Firefox stands in fourth with 7.86 percent. As the default Windows 11 browser, the popularity of Edge has crept up in recent months, with the first concrete signs that it would surpass Safari to take second place coming in February, when it was used on 9.54 percent of desktops globally. Back in January 2021, Safari held a 10.38 percent market share, indicating a gradual slippage in popularity over the last 14 months.

Meanwhile, first-placed Chrome has seen its user base increase incrementally over that time, but perhaps surprisingly, Firefox has leaked users since the beginning of the year, despite regular updates and improvements. That suggests Safari's hold on third place isn't in immediate danger, having lost only 0.23 percent share since February, but things could always change fast if Apple decides to introduce sweeping changes to the way Safari works in macOS 13 later this year.
It's a different story when it comes to mobile platforms, notes MacRumors. "In StatCounter's analysis, Edge doesn't even make it into the top six browsers on mobile, but first-placed Chrome commands 62.87 of usage share, with Safari on iPhones and iPads taking a comfortable 25.35 percent in second place, 20.65 percent ahead of third-placed Samsung Internet, with 4.9 percent."
Firefox

Mozilla Celebrates the Release of Firefox 100 (mozilla.org) 77

vm shares the blogpost of Mozilla releasing Firefox 100, and outlines some of thoughts: Out of the ashes of Netscape/AOL, Firebird rose as a promising new browser. A significant name change and a hundred releases later, Firefox 100 is still the underdog that keeps on fighting. With my mounting annoyance at all the Google services underpinning Chrome, I've since discovered and used Ungoogled Chromium, Waterfox, LibreWolf, and a handful of other lesser known spins on Chrome or Firefox. On mobile, Brave really does the best job at ad blocking whether you're on iOS or Android but the Mozilla Foundations is probably still the largest dev group fighting the good fight when it comes to both privacy and security enhancements.That's not to say that the Chromium team isn't security savvy -- I only wish they were just a little less Google. Anyhow, tell us about your favorite browser in the comments and have a look at Mozilla's latest release while you're at it.
Privacy

Mental Health Apps Have Terrible Privacy Protections, Report Finds (theverge.com) 22

As a category, mental health apps have worse privacy protections for users than most other types of apps, according to a new analysis from researchers at Mozilla. Prayer apps also had poor privacy standards, the team found. From a report: "The vast majority of mental health and prayer apps are exceptionally creepy," Jen Caltrider, the Mozilla *Privacy Not Included guide lead, said in a statement. "They track, share, and capitalize on users' most intimate personal thoughts and feelings, like moods, mental state, and biometric data." In the latest iteration of the guide, the team analyzed 32 mental health and prayer apps. Of those apps, 29 were given a "privacy not included" warning label, indicating that the team had concerns about how the app managed user data. The apps are designed for sensitive issues like mental health conditions, yet collect large amounts of personal data under vague privacy policies, the team said in the statement. Most apps also had poor security practices, letting users create accounts with weak passwords despite containing deeply personal information.
EU

Apple's Grip On iOS Browser Engines Disallowed Under Latest Draft EU Rules (theregister.com) 74

Europe's Digital Markets Act -- near-finalized legislation to tame the internet's gatekeepers -- contains language squarely aimed at ending Apple's iOS browser restrictions. The Register reports: The Register has received a copy of unpublished changes in the proposed act, and among the various adjustments to the draft agreement is the explicit recognition of "web browser engines" as a service that should be protected from anti-competitive gatekeeper-imposed limitations. Apple requires that competing mobile browsers distributed through the iOS App Store use its own WebKit rendering engine, which is the basis of its Safari browser. The result is that Chrome, Edge, and Firefox on iOS are all, more or less, Safari.

That requirement has been a sore spot for years among rivals like Google, Mozilla, and Microsoft. They could not compete on iOS through product differentiation because their mobile browsers had to rely on WebKit rather than their own competing engines. And Apple's browser engine requirement has vexed web developers, who have been limited to using only the web APIs implemented in WebKit for their web apps. Many believe this barrier serves to steer developers toward native iOS app development, which Apple controls.

The extent to which Apple profits from the status quo has prompted regulatory scrutiny in Europe, the UK, the US, and elsewhere. [...] Now those efforts have been translated into the text of the DMA, which, alongside the Digital Services Act (DSA), defines how large technology gatekeepers will be governed in Europe. [...] In short, when the DMA takes effect in 2024, it appears that Apple will be required to allow browser competition on iOS devices.
"The potential for a capable web has been all but extinguished on mobile because Apple has successfully prevented it until now," said Alex Russell, partner program manager on Microsoft Edge who worked previously as Google Chrome's first web standards tech lead. "Businesses and services will be able to avoid building 'apps' entirely when enough users have capable browsers."

"There's a long road between here and there," he added. "Apple has spent enormous amounts to lobby on this, and they aren't stupid. Everyone should expect them to continue to play games along the lines of what they tried in Denmark and South Korea."
Unix

OpenBSD 7.1 Released with Support for Apple M1, Improvements for ARM64 and RISC-V (openbsd.org) 26

"Everyone's favorite security focused operating system, OpenBSD 7.1 has been released for a number of architectures," writes long-time Slashdot reader ArchieBunker, "including Apple M1 chips."

Phoronix calls it "the newest version of this popular, security-minded BSD operating system." With OpenBSD 7.1, the Apple Silicon support is now considered "ready for general use" with keypad/touchpad support for M1 laptops, a power management controller driver added, I2C and SPI controller drivers, and a variety of other driver additions for supporting the Apple Silicon hardware.

OpenBSD 7.1 also has a number of other improvements benefiting the 64-bit ARM (ARM64) and RISC-V architectures. OpenBSD 7.1 also brings SMP kernel improvements, support for futexes with shared anonymous memory, and more. On the graphics front there is updating the Linux DRM code against the state found in Linux 5.15.26 as well as now enabling Intel Elkhart Lake / Jasper Lake / Rocket Lake support.

The Register notes OpenBSD now "supports a surprisingly wide range of hardware: x86-32, x86-64, ARM7, Arm64, DEC Alpha, HP PA-RISC, Hitachi SH4, Motorola 88000, MIPS64, SPARC64, RISC-V 64, and both Apple PowerPC and IBM POWER." The Register's FOSS desk ran up a copy in VirtualBox, and we were honestly surprised how quick and easy it was. By saying "yes" to everything, it automatically partitioned the VM's disk into a rather complex array of nine slices, installed the OS, a boot loader, an X server and display manager, plus the FVWM window manager. After a reboot, we got a graphical login screen and then a rather late-1980s Motif-style desktop with an xterm.

It was easy to install XFCE, which let us set the screen resolution and other modern niceties, and there are also KDE, GNOME, and other pretty front-ends, plus plenty of familiar tools such as Mozilla apps, LibreOffice and so on....

We were expecting to have to do a lot more work. Yes, OpenBSD is a niche OS, but the project gave the world OpenSSH, LibreSSL, the PF firewall as used in macOS, much of Android's Bionic C library, and more besides.... In a world of multi-gigabyte OSes, it's quite refreshing. It felt like stepping back into the early 1990s, the era of Real Unix, when you had to put in some real effort and learn stuff in order to bend the OS to your will — but in return, you got something relatively bulletproof.

Wikipedia

Wikipedia Community Votes To Stop Accepting Cryptocurrency Donations (arstechnica.com) 40

waspleg writes: More than 200 long-time Wikipedia editors have requested that the Wikimedia Foundation stop accepting cryptocurrency donations. The foundation received crypto donations worth about $130,000 in the most recent fiscal year -- less than 0.1 percent of the foundation's revenue, which topped $150 million last year. In her proposal for the Wikimedia Foundation, GorillaWarfare added that 'Bitcoin and Ethereum are the two most highly used cryptocurrencies, and are both proof-of-work, using an enormous amount of energy.' According to one widely cited estimate, the bitcoin network consumes around 200 TWh of energy per year. That's about as much energy as is consumed by 70 million people in Thailand. And it works out to around 2,000 kWh per bitcoin transaction.

Bitcoin defenders countered that bitcoin's energy usage is driven by its mining process, which consumes about the same amount of energy regardless of the number of transactions. So accepting any given bitcoin donation won't necessarily lead to more carbon emissions. But cryptocurrency critics argued that Wikimedia's de facto endorsement of cryptocurrencies may help to push up their price. And the more expensive bitcoin is, the more energy miners will devote to creating new ones. If the foundation complies with the community's request, it wouldn't be the first organization to stop using cryptocurrencies due to environmental concerns. Earlier this month, the Mozilla Foundation announced it would stop accepting cryptocurrencies that use the energy-intensive proof-of-work consensus process. These include bitcoin and ether -- though the latter is expected to convert to a proof-of-stake model in the future.

Microsoft

Microsoft is Finally Making it Easier To Switch Default Browsers in Windows 11 (theverge.com) 39

Microsoft is finally making it easier to change your default browser in Windows 11. A new update (KB5011563) has started rolling out this week that allows Windows 11 users to change the default browser with a single click. After testing the changes in December, this new one-click method is rolling out to all Windows 11 users. From a report: Originally, Windows 11 shipped without a simple button to switch default browsers that was always available in Windows 10. Instead, Microsoft forced Windows 11 users to change individual file extensions or protocol handlers for HTTP, HTTPS, .HTML, and .HTM, or you had to tick a checkbox that only appeared when you clicked a link from outside a browser. Microsoft defended its decision to make switching defaults harder, but rival browser makers like Mozilla, Brave, and even Google's head of Chrome criticized Microsoft's approach.
Mozilla

Mozilla Launches Paid Subscriptions To Its Developer Network (techcrunch.com) 23

Mozilla today launched MDN Plus, a paid subscription product on top of the existing (and recently re-designed) Mozilla Developer Network (MDN), one of the web's most popular destinations for finding documentation and code samples related to web technologies like CSS, HTML and JavaScript. From a report: The new subscription offering will introduce features like notifications, collections (think lists of articles you want to save) and MDN offline for when you want to access MDN when you're not online. There will be three subscription tiers: MDN core, a free limited version of the paid plans; MDN Plus 5, with access to notifications, collections and MDN offline for $5 per month or $50 per year; and MDN Supporter 10 for those who are willing to pay a bit more to support the platform in addition to getting a direct feedback channel to the MDN team (as well as "pride and joy," Mozila says). As the name implies, that more expensive plan will cost $10 a month or $100 for an annual subscription.

Slashdot Top Deals