Language Selection

English French German Italian Portuguese Spanish

Mozilla: Analysis Maturation Plan, Content Security Policy and Firefox Reality

Filed under
Moz/FF
  • Analysis Maturation Plan

    To summarize the problem, I need to be able to share analyses with my peers at Mozilla (often HTML documents generated by Rmarkdown). Currently, we effectively dump documents onto an FTP server tied to a webserver (called Hala). This works pretty well, but it makes it almost impossible to search and discover other people's analyses and makes getting review difficult.

    To address these two problems, we put together mozilla.report and mozilla-private.report. These are effectively lightweight blog indexes for public and private analyses. This works OK, but it still requires analysts to take the time to check in their results and get review. It's a little heavy weight and isn't getting as much use as I would like. Hell, I don't even use it all the time just because I'm busy.

  • Test the new Content Security Policy for Content Scripts

    As part of our efforts to make add-ons safer for users, and to support evolving manifest v3 features, we are making changes to apply the Content Security Policy (CSP) to content scripts used in extensions. These changes will make it easier to enforce our long-standing policy of disallowing execution of remote code.

    When this feature is completed and enabled, remotely hosted code will not run, and attempts to run them will result in a network error. We have taken our time implementing this change to decrease the likelihood of breaking extensions and to maintain compatibility. Programmatically limiting the execution of remotely hosted code is an important aspect of manifest v3, and we feel it is a good time to move forward with these changes now.

    We have landed a new content script CSP, the first part of these changes, behind preferences in Firefox 72. We’d love for developers to test it out to see how their extensions will be affected.

  • Discover on desktop or mobile. Enjoy in VR, only with Firefox Reality.

    A special update for Firefox Reality is available today -- just in time for the holidays! Now you can send tabs from your phone or computer straight to your VR headset.

    Say you’re waiting in line for your festive peppermint mocha, killing time on your phone. You stumble on an epic 3D roller coaster video that would be great to watch in VR. Since you’ve already signed in to your Firefox Account on Firefox Reality, you can send that video right to your headset, where it will be ready to watch next time you open the app. You can also send tabs from VR over to your phone or desktop, for when you eventually take your headset off.

    When you use Firefox on multiple devices, you can sync your history and bookmarks too. No more waving the laser pointer around to type wonky URLs or trying retrace your steps back to that super funny site from yesterday. Stay tuned in the new year for more features like these that make using VR a more seamless part of your everyday life.

More in Tux Machines

XFS - Online Filesystem Checking

Since Linux 4.17, I have been working on an online filesystem checking feature for XFS. As I mentioned in the previous update, the online fsck tool (named xfs_scrub) walks all internal filesystem metadata records. Each record is checked for obvious corruptions before being cross-referenced with all other metadata in the filesystem. If problems are found, they are reported to the system administrator through both xfs_scrub and the health reporting system. As of Linux 5.3 and xfsprogs 5.3, online checking is feature complete and has entered the stabilization and performance optimization stage. For the moment it remains tagged experimental, though it should be stable. We seek early adopters to try out this new functionality and give us feedback. Read more

Linux 5.5 RC7

  • Linux 5.5-rc7
    Well, things picked up at the end of the week, with half of my merges
    happening in the last two days.
    
    Whether that is the usual "send the weeks work to Linus on Friday", or
    a sign that things are just picking up in general after the holidays,
    I don't know.  If the former, I'll probably just release the final 5.5
    next week. But if it looks like there's pent-up fixes pending next
    week, I'll make another rc.
    
    Nothing in here looks particularly odd. Drivers is about half of the
    patch (networking, sound, gpio, gpu, scsi, usb, you name it), with the
    rest being the usual mix - arch, networking, filesystems, core
    kernel..  The diffstat looks mostly fairly nice and flat, with a
    couple of exceptions that look harmless (a few device tree file
    updates, some pure code movemment, and a couple of driver fixes that
    ended up changing calling conventions to get done and as a result got
    to be more lines than the bug otherwise would have merited).
    
    Please do test, there should be nothing scary going on.
    
                  Linus
    
  • Kernel prepatch 5.5-rc7

    The 5.5-rc7 kernel prepatch is out. Linus is still unsure whether the final 5.5 release will come out next week or not: "if it looks like there's pent-up fixes pending next week, I'll make another rc".

  • Linux 5.5-rc7 Kernel Released

    The seventh weekly release candidate to Linux 5.5 is now available for testing. Linus noted with Linux 5.5-rc7 there was a large uptick in patch volume at week's end. "Well, things picked up at the end of the week, with half of my merges happening in the last two days." Due to the recent holidays in large part, it's possible an eighth release candidate may be needed for Linux 5.5 before then releasing the kernel as stable on 2 February. However, in today's 5.5-rc7 announcement, Torvalds noted he may just end up releasing 5.5 stable next week. In any case, the release of Linux 5.5 is right on the horizon and this should be the kernel powering Ubuntu 20.04 LTS and other upcoming distribution releases.

GNU Make 4.3 Released!

The next stable version of GNU make, version 4.3, has been released and is available for download from https://ftp.gnu.org/gnu/make/ Please see the NEWS file that comes with the GNU make distribution for details on user-visible changes. Read more Also: GNU Make 4.3 Released With Performance Improvements, Newer GNU libc + Musl Support

Kernel: Zhaoxin, Arch Linux's Zen and WireGuard in Linux 5.6

  • Zhaoxin 7-Series x86 CPUs Mitigated For Spectre V2 + SWAPGS

    When it comes to the Zhaoxin x86-compatible processors coming out of VIA's joint venture in Shanghai, their forthcoming 7-series (KX-7000) has hardware mitigations in place for some CPU vulnerabilities. We haven't heard much about these Chinese x86 CPUs with regards to speculative execution vulnerabilities but it appears the pre-7-Series is vulnerable to Spectre Variant Two and at least SWAPGS. But with their 7-series, hardware mitigations appear to be in place.

  • Benchmarks Of Arch Linux's Zen Kernel Flavor

    Following the recent Linux kernel tests of Liquorix and other scheduler discussions (and more), some requests from premium supporters rolled in for seeing the performance of Arch Linux's Zen kernel package against the generic kernel. Here are those benchmark results. These are some benchmarks I recently did on the AMD Ryzen Threadripper 3970X while running EndeavourOS. Tests were done with its default Linux 5.4.8-arch1 kernel compared to the same kernel revision but using Arch's Zen kernel flavor. That is Arch's spin of the Zen-kernel patches (not to be confused with AMD Zen).

  • Intel's ConnMan Is Ready With WireGuard Support

    In addition to NetworkManager having good WireGuard support in advance of this secure VPN tunnel tech landing with the Linux 5.6 kernel, Intel's ConnMan software is also ready with supporting WireGuard. Intel's ConnMan hasn't seen a new tagged release in nearly one year but over the past two months in the Git development code WireGuard support has materialized. ConnMan, as a reminder, is the Intel-led effort for providing an Internet connection manager on Linux designed for embedded/mobile use-cases that dates back to their Moblin days.