Navigation

Language Selection

Search

Mozilla: Analysis Maturation Plan, Content Security Policy and Firefox Reality

Submitted by Roy Schestowitz on Friday 13th of December 2019 03:01:58 AM Filed under

Moz/FF

Analysis Maturation Plan

To summarize the problem, I need to be able to share analyses with my peers at Mozilla (often HTML documents generated by Rmarkdown). Currently, we effectively dump documents onto an FTP server tied to a webserver (called Hala). This works pretty well, but it makes it almost impossible to search and discover other people's analyses and makes getting review difficult.

To address these two problems, we put together mozilla.report and mozilla-private.report. These are effectively lightweight blog indexes for public and private analyses. This works OK, but it still requires analysts to take the time to check in their results and get review. It's a little heavy weight and isn't getting as much use as I would like. Hell, I don't even use it all the time just because I'm busy.
Test the new Content Security Policy for Content Scripts

As part of our efforts to make add-ons safer for users, and to support evolving manifest v3 features, we are making changes to apply the Content Security Policy (CSP) to content scripts used in extensions. These changes will make it easier to enforce our long-standing policy of disallowing execution of remote code.

When this feature is completed and enabled, remotely hosted code will not run, and attempts to run them will result in a network error. We have taken our time implementing this change to decrease the likelihood of breaking extensions and to maintain compatibility. Programmatically limiting the execution of remotely hosted code is an important aspect of manifest v3, and we feel it is a good time to move forward with these changes now.

We have landed a new content script CSP, the first part of these changes, behind preferences in Firefox 72. We’d love for developers to test it out to see how their extensions will be affected.
Discover on desktop or mobile. Enjoy in VR, only with Firefox Reality.

A special update for Firefox Reality is available today -- just in time for the holidays! Now you can send tabs from your phone or computer straight to your VR headset.

Say you’re waiting in line for your festive peppermint mocha, killing time on your phone. You stumble on an epic 3D roller coaster video that would be great to watch in VR. Since you’ve already signed in to your Firefox Account on Firefox Reality, you can send that video right to your headset, where it will be ready to watch next time you open the app. You can also send tabs from VR over to your phone or desktop, for when you eventually take your headset off.

When you use Firefox on multiple devices, you can sync your history and bookmarks too. No more waving the laser pointer around to type wonky URLs or trying retrace your steps back to that super funny site from yesterday. Stay tuned in the new year for more features like these that make using VR a more seamless part of your everyday life.

Login or register to post comments
Printer-friendly version
1236 reads
PDF version

More in Tux Machines

XFS - Online Filesystem Checking

Since Linux 4.17, I have been working on an online filesystem checking feature for XFS. As I mentioned in the previous update, the online fsck tool (named xfs_scrub) walks all internal filesystem metadata records. Each record is checked for obvious corruptions before being cross-referenced with all other metadata in the filesystem. If problems are found, they are reported to the system administrator through both xfs_scrub and the health reporting system. As of Linux 5.3 and xfsprogs 5.3, online checking is feature complete and has entered the stabilization and performance optimization stage. For the moment it remains tagged experimental, though it should be stable. We seek early adopters to try out this new functionality and give us feedback.

Linux 5.5 RC7

Linux 5.5-rc7

Well, things picked up at the end of the week, with half of my merges
happening in the last two days.

Whether that is the usual "send the weeks work to Linus on Friday", or
a sign that things are just picking up in general after the holidays,
I don't know.  If the former, I'll probably just release the final 5.5
next week. But if it looks like there's pent-up fixes pending next
week, I'll make another rc.

Nothing in here looks particularly odd. Drivers is about half of the
patch (networking, sound, gpio, gpu, scsi, usb, you name it), with the
rest being the usual mix - arch, networking, filesystems, core
kernel..  The diffstat looks mostly fairly nice and flat, with a
couple of exceptions that look harmless (a few device tree file
updates, some pure code movemment, and a couple of driver fixes that
ended up changing calling conventions to get done and as a result got
to be more lines than the bug otherwise would have merited).

Please do test, there should be nothing scary going on.

              Linus

Kernel prepatch 5.5-rc7

The 5.5-rc7 kernel prepatch is out. Linus is still unsure whether the final 5.5 release will come out next week or not: "if it looks like there's pent-up fixes pending next week, I'll make another rc".
Linux 5.5-rc7 Kernel Released

The seventh weekly release candidate to Linux 5.5 is now available for testing. Linus noted with Linux 5.5-rc7 there was a large uptick in patch volume at week's end. "Well, things picked up at the end of the week, with half of my merges happening in the last two days." Due to the recent holidays in large part, it's possible an eighth release candidate may be needed for Linux 5.5 before then releasing the kernel as stable on 2 February. However, in today's 5.5-rc7 announcement, Torvalds noted he may just end up releasing 5.5 stable next week. In any case, the release of Linux 5.5 is right on the horizon and this should be the kernel powering Ubuntu 20.04 LTS and other upcoming distribution releases.

GNU Make 4.3 Released!

The next stable version of GNU make, version 4.3, has been released and is available for download from https://ftp.gnu.org/gnu/make/ Please see the NEWS file that comes with the GNU make distribution for details on user-visible changes. Also: GNU Make 4.3 Released With Performance Improvements, Newer GNU libc + Musl Support

Kernel: Zhaoxin, Arch Linux's Zen and WireGuard in Linux 5.6

Zhaoxin 7-Series x86 CPUs Mitigated For Spectre V2 + SWAPGS

When it comes to the Zhaoxin x86-compatible processors coming out of VIA's joint venture in Shanghai, their forthcoming 7-series (KX-7000) has hardware mitigations in place for some CPU vulnerabilities. We haven't heard much about these Chinese x86 CPUs with regards to speculative execution vulnerabilities but it appears the pre-7-Series is vulnerable to Spectre Variant Two and at least SWAPGS. But with their 7-series, hardware mitigations appear to be in place.
Benchmarks Of Arch Linux's Zen Kernel Flavor

Following the recent Linux kernel tests of Liquorix and other scheduler discussions (and more), some requests from premium supporters rolled in for seeing the performance of Arch Linux's Zen kernel package against the generic kernel. Here are those benchmark results. These are some benchmarks I recently did on the AMD Ryzen Threadripper 3970X while running EndeavourOS. Tests were done with its default Linux 5.4.8-arch1 kernel compared to the same kernel revision but using Arch's Zen kernel flavor. That is Arch's spin of the Zen-kernel patches (not to be confused with AMD Zen).
Intel's ConnMan Is Ready With WireGuard Support

In addition to NetworkManager having good WireGuard support in advance of this secure VPN tunnel tech landing with the Linux 5.6 kernel, Intel's ConnMan software is also ready with supporting WireGuard. Intel's ConnMan hasn't seen a new tagged release in nearly one year but over the past two months in the Git development code WireGuard support has materialized. ConnMan, as a reminder, is the Intel-led effort for providing an Internet connection manager on Linux designed for embedded/mobile use-cases that dates back to their Moblin days.

Latest News

Programming Leftovers: Python, Perl, Rust and More

Keep a journal of your activities with this Python program

Last year, I brought you 19 days of new (to you) productivity tools for 2019. This year, I'm taking a different approach: building an environment that will allow you to be more productive in the new year, using tools you may or may not already be using.
Perl Weekly Challenge 43: Olympic Rings and Self-Descripting Numbers

These are some answers to the Week 43 of the Perl Weekly Challenge organized by Mohammad S. Anwar. Spoiler Alert: This weekly challenge deadline is due in a couple of days (January 19, 2020). This blog post offers some solutions to this challenge, please don’t read on if you intend to complete the challenge on your own.
SaltStack Introduces Plugin Oriented Programming with New Open-Source Innovation Modules to Power Scalable Automation and Artificial Intelligence
JFrog Launches Free ConanCenter to Improve C/C++ DevOps Package Search and Discovery English

JFrog, the Universal DevOps technology leader known for enabling liquid software via continuous updates, announces today the launch of the free ConanCenter, enabling better search and discovery while streamlining C/C++ package management. Conan is an open-source, decentralized, and multi-platform package manager for developers to create and share native binaries.
Rav1e Kicks Off 2020 With Speed Improvements For Rust-Based AV1 Encoding

Xiph.org's Rustlang-written "Rav1e" AV1 video encoder is back on track with delivering weekly pre-releases after missing them over the past month due to the holidays. With Rav1e p20200115 are not only performance improvements but also binary side and build speed enhancements. The new Rav1e pre-release should be roughly 30% faster while also delivering slight enhancements to the image quality at the highest speed (10). That's a winning combination with speed and image quality improvements together!
RPushbullet 0.3.3

Release 0.3.3 of the RPushbullet package just got to CRAN. RPushbullet offers an interface to the neat Pushbullet service for inter-device messaging, communication, and more. It lets you easily send (programmatic) alerts like the one to the left to your browser, phone, tablet, … – or all at once. This release further robustifies operations via two contributed PRs. The first by Chan-Yub ensures we set UTF-8 encoding on pushes. The second by Alexandre permits to downgrade from http/2 to http/1.1 which he needed for some operations with a particular backend. I made that PR a bit more general by turning the downgrade into one driven by a new options() toggle. Special thanks also to Jeroen in help debugging this issue. See below for more details.

today's howtos

Review: Zorin 15.1 "Lite"

Zorin OS is an Ubuntu-based operating system that aims to make Linux easy for Windows and macOS users. In the words of Zorin, it is "the alternative to Windows and macOS designed to make your computer faster, more powerful, secure and privacy respecting". Zorin's main product is the paid-for "Ultimate" edition, which will set you back €39 and comes with macOS, Windows, Linux and "Touch" layouts (i.e. themes) as well as a relatively large collection of software and "installation support". Other editions of Zorin are free but come with less pre-installed software and fewer desktop layouts. For this review I dusted off a MacBook that dates from late 2009 and installed the "Lite" edition which, as the name suggests, is designed to breathe new life into older hardware. The laptop is one of the plastic, white MacBooks. It has an Intel Core 2 Duo CPU and 4GB of RAM - I doubled the amount of RAM a few months ago. The laptop has mostly been running Fedora with the MATE desktop and the i3 window manager as an alternative environment, both of which ran fine. Zorin's Lite edition uses Xfce as the desktop environment. First impressions and installation Zorin's website is either modern and clean or yet another bootstrap site, depending on your view. There are just three links in the navigation menu: Download, Computers and Help (the Computers section links to vendors that sell laptops with Zorin pre-installed). The Download section lists Zorin's Ultimate edition first, followed by the Core, Lite and Education editions. Clicking any of the Download links for the free versions triggers a "Sign up to our newsletter & Download" pop-up window featuring a huge "Sign up & Download" button and a very small "Skip to download" link. I am not a fan of this type of marketing. I don't mind that they ask if I maybe want to sign up to their mailing list, but I take issue with the fact that the dialogue window has been designed to make the "No thanks" option easy to miss. Such marketing techniques assume that users need to be tricked into signing up to receiving marketing materials, which reflects poorly on the project as a whole.

Syndication & Social Media

Follow the site via RSS/Twitter.

Full RSS:

RSS feeds for particular topics are also available

Twitter:

Content (where original) is available under CC-BY-SA, copyrighted by original author/s.

Support Tux Machines

Help Support TM
Wall of Appreciation

Softpedia News

Gizmoz

LXer

Linux Today

LinuxSecurity.com Advisories

Debian

It's FOSS

OMG! Ubuntu!

GamingOnLinux

Slashdot

DW Latest Releases

DistroWatch

More on Tux Machines: About ● Gallery ● Forum ● Blogs ● Search ● News ● RSS Feed

Part of Bytes Media ● Sister sites below.

FSF

Ubuntu Buzz

LinuxLinks

Content available under CC-BY-SA