Language Selection

English French German Italian Portuguese Spanish

Mozilla on CRLite

Filed under
Moz/FF
Web
  • Introducing CRLite: All of the Web PKI’s revocations, compressed

    CRLite is a technology proposed by a group of researchers at the IEEE Symposium on Security and Privacy 2017 that compresses revocation information so effectively that 300 megabytes of revocation data can become 1 megabyte. It accomplishes this by combining Certificate Transparency data and Internet scan results with cascading Bloom filters, building a data structure that is reliable, easy to verify, and easy to update.

    Since December, Firefox Nightly has been shipping with with CRLite, collecting telemetry on its effectiveness and speed. As can be imagined, replacing a network round-trip with local lookups makes for a substantial performance improvement. Mozilla currently updates the CRLite dataset four times per day, although not all updates are currently delivered to clients.

  • The End-to-End Design of CRLite

    CRLite is a technology to efficiently compress revocation information for the whole Web PKI into a format easily delivered to Web users. It addresses the performance and privacy pitfalls of the Online Certificate Status Protocol (OCSP) while avoiding a need for some administrative decisions on the relative value of one revocation versus another. For details on the background of CRLite, see our first post, Introducing CRLite: All of the Web PKI’s revocations, compressed.

    To discuss CRLite’s design, let’s first discuss the input data, and from that we can discuss how the system is made reliable.

More in Tux Machines

Android Leftovers

Raspberry Pi 4: Chronicling the Desktop Experience – Emulate Home Computers – Week 15

This is a weekly blog about the Raspberry Pi 4 (“RPI4”), the latest product in the popular Raspberry Pi range of computers. A glaring omission from my RPI4 blog to date is gaming on this wee machine. There’s so many games to play on the machine, it’s difficult to know where to begin. I’ll start with something that shouldn’t be taxing on the machine. Emulating home computers. Specifically, the Amiga, ZX Spectrum, and Atari ST. They were hugely popular home computers targeted heavily towards games, but also ran other types of software. Home computers were a class of microcomputers that entered the market in 1977 and became common during the 1980s. They were marketed to consumers as affordable and accessible computers that, for the first time, were intended for the use of a single nontechnical user. Read more

Programming: Flang "f18" Fortran Compiler, Qt for SCADA, Rustlang-based AV1 Encoder and iNaturalist

  • The Modern Flang "f18" Compiler Is The Most Exciting Fortran Compiler Of Recent Times

    While merging of the Flang "f18" Fortran compiler into the LLVM source tree was delayed in January, this is still looking like the most exciting Fortran open-source compiler in development. This modern LLVM Fortran "Flang" compiler (based on the f18 code-base, not to be confused with the earlier Flang compiler) is quite promising for delivering a modern open-source Fortran experience being backed by Arm, AMD, and other vendors.

  • Making Industrial Applications Match iPhone Expectations

    Supervisory control and data acquisition (SCADA) systems have been around since the 1950’s, far longer than most other types of computer applications. Their rock-solid performance has been responsible for the streamlining of any industry that needs precise and consistent controls: building automation, energy management, part machining, printing and packaging, robotic assembly, ship building, water treatment, woodworking, and many more. However, this long legacy can also carry a hidden drawback – the user interfaces of many SCADA devices are a flashback that looks more appropriate as part of Windows for Workgroups than the modern age. This situation is ripe for change. Now that everyone carries superior user-interfaces in their pocket at all times, even the non-designers responsible for running the system expect their SCADA human-machine interface (HMIs) to have a certain level of polish and sophistication. Having implemented attractive SCADA HMIs for our customers, we’ve discovered that Qt is the right tool to build the modern SCADA system – here’s why.

  • Rav1e 0.3 Is Releasing Soon For Faster Rust-Based AV1 Encoding

    Rav1e v0.2 brought 40~70% speed improvements over its previous release for this Rustlang-based AV1 video encoder but the upcoming Rav1e 0.3 will be even faster. Rav1e and dav1d open-source developer Luca Barbato shared some of the project's roadmap this past weekend in Brussels, Belgium at the annual FOSDEM conference. With the upcoming Rav1e 0.3 release that is releasing soon, there should be speed improvements at the higher speed/preset levels thanks to a multi-threaded deblocking filter, more SIMD code, more auto-vectorizable code, and less memory allocations. In addition, Rav1e 0.3 is bringing changes to its RDO biasing (though it will hurt the performance at higher quality levels), new API features, and WebAssembly support.

  • Data quality in iNaturalist downloads

    iNaturalist is a citizen science platform. Take a picture of something (a flower, a bird, a frog) and upload it to iNaturalist. If the image is properly dated and georeferenced, and if the organism is free in nature (not captive or cultivated), then your observation is "verifiable". Verifiables with a solid identification achieve "research grade" status. These are observations for which two-thirds of the experts in the iNaturalist community agree on an ID. Research-grade observations document the presence of a particular species on a particular day at a particular place. They're passed on to GBIF, the world's largest aggregator of biological occurrence records. GBIF processes the records further, sometimes disagreeing with the name or classification of the organism given in iNaturalist. (See below for an example.) All records are available on the iNaturalist website as webpages with images. Records can also be downloaded, although currently there's a download limit of 200,000 records per batch.

The Meteoric Rise Of Fwupd+LVFS For Linux Firmware Updates

Intel firmware expert Brian Richardson was at FOSDEM 2020 to talk up UEFI Capsule Update functionality and the Linux Vendor Firmware Service (LVFS) for allowing OEMs/ODMs to easily distribute firmware updates to Linux users for application with the Fwupd firmware updating utility. Brian's talk covered how UEFI Capsule Updates allow better resiliency and handling of system firmware updates in a trouble-free manner, etc. It's a nice talk for anyone wanting to learn more about UEFI Capsule Updates. Read more