Mozilla: Firefox/Mozilla People and FOSDEM Turning 20
Brrrlin 2020: a SUMO journal from All Hands
The intensity an event of this scale is able to build is slightly overwhelming (I suppose all the introverts reading this can easily get me), but the gratification and insights everyone of us has taken home are priceless.
The week started last Monday, on January 27th, when everyone landed in Berlin from all over the world. An amazing group of contributors, plus every colleague I had always only seen on a small screen, was there, in front of me, flesh and bones. I was both excited and scared by the number of people that suddenly were inhabiting the corridors of our conference/dorm/workspace.
The schedule for the SUMO team and SUMO contributors was a little tight, but we managed to make it work: Kiki and I decided to share our meetings between the days and I am happy about how we balanced the work/life energy.
On Tuesday we opened the week by having a conversation over the past, the current state and the future of SUMO. The community meeting was a really good way to break the ice, the whole SUMO team was there and gave updates from the leadership, products, as well as the platform team. This meeting was necessary also to lay down the foundations for the priorities of the week and develop an open conversation.
uBlock Origin available soon in new Firefox for Android Nightly
Last fall, we announced our intention to support add-ons in Mozilla’s reinvented Firefox for Android browser. This new, high-performance browser for Android has been rebuilt from the ground up using GeckoView, Mozilla’s mobile browser engine and has been available for early testing as Firefox Preview. A few weeks ago, Firefox Preview moved into the Firefox for Android Nightly pre-release channel, starting a new chapter of the Firefox experience on Android.
In the next few weeks, uBlock Origin will be the first add-on to become available in Firefox for Android Nightly. As one of the most popular extensions in our Recommended Extensions program, uBlock Origin helps millions of users gain control of their web experience by blocking intrusive ads and improving page load times.
It’s the Boot for TLS 1.0 and TLS 1.1
The Transport Layer Security (TLS) protocol is the de facto means for establishing security on the Web. The protocol has a long and colourful history, starting with its inception as the Secure Sockets Layer (SSL) protocol in the early 1990s, right up until the recent release of the jazzier (read faster and safer) TLS 1.3. The need for a new version of the protocol was born out of a desire to improve efficiency and to remedy the flaws and weaknesses present in earlier versions, specifically in TLS 1.0 and TLS 1.1. See the BEAST, CRIME and POODLE attacks, for example.
With limited support for newer, more robust cryptographic primitives and cipher suites, it doesn’t look good for TLS 1.0 and TLS 1.1. With the safer TLS 1.2 and TLS 1.3 at our disposal to adequately project web traffic, it’s time to move the TLS ecosystem into a new era, namely one which doesn’t support weak versions of TLS by default. This has been the abiding sentiment of browser vendors – Mozilla, Google, Apple and Microsoft have committed to disabling TLS 1.0 and TLS 1.1 as default options for secure connections. In other words, browser clients will aim to establish a connection using TLS 1.2 or higher. For more on the rationale behind this decision, see our earlier blog post on the subject.
FOSDEM, and All Those 20's
I've been meaning to blog again for some time, and just looked in disbelief at the date of my last post. Yes, I'm still around. I hope I get to write more often in the future.
Ludo just posted his thoughts on FOSDEM, which I also attended last weekend as a volunteer for Mozilla. I have been attending this conference since 2002, when it first went by that exact name, and since then AFAIK only missed the 2010 edition, giving talks in the Mozilla dev room almost every year - though funnily enough, in two of the three years where I've been a member of the Mozilla Tech Speakers program, my talks were not accepted into that room, while I made it all the years before. In fact, that's more telling a story of how interested speakers are in getting into this room nowadays, while in the past there were probably fewer submissions in total. So, this year I helped out Sunday's Mozilla developer room by managing the crowd entering/leaving at the door(s), similar to what I did in the last few years, and given that we had fewer volunteers this year, I also helped out at the Mozilla booth on Saturday. Unfortunately, being busy volunteering on both days meant that I did not catch any talks at all at the conference (I hear there were some good ones esp. in our dev room), but I had a number of good hallway and booth conversations with various people, esp. within the Mozilla community - be it with friends I had not seen for a while, new interesting people within and outside of Mozilla, or conversations clearing up lingering questions.
Fosdem turns 20
I've been attending Fosdem since 2004 when I was involved with Camino. I got enticed to come by a post of Tristan. On that particular year I got enrolled by Gerv to check a few mac things. I met Patrick who was working on enigmail, and we became friends. I was hooked - and have only missed Fosdem 2015. Over the years I gave talks. I met new people, made friends. 3 years ago I became a volunteer, by accident and ran the PGP key signing party. I enjoyed being a volunteer, it was fun and gave me an orange T-shirt to grow my collection. So the year after I signed up on volunteers.fosdem.org to help clean up on the Sunday evening. It was my first time attending the fosdem fringe (CentOS dojo and Configuration Management Camp).
IBM/Red Hat Leftovers
Software Releases: Choqok 1.7.0, Cockpit 212, BleachBit 3.2.0
Wind River acquires Star Lab to improve its Linux security
Once upon a time Wind River was best known as a leading embedded operating system (VxWorks) and Linux (Wind River Linux) company. It still is. But things have changed. Now its customers want their devices to work in the world of the Internet of Things (IoT) and that requires much better security. That's one reason why Wind River just acquired the Linux security company Star Lab. Star Lab brings its Titanium Security Suite to Wind River's table. It uses a threat model that assumes an attacker will gain root (admin) access to your system, but makes it harder for them to do your system any harm. It also offers a secure virtual machine (VM) hypervisor, Crucible. Star also has a secure boot program, which ensures that a device's firmware and boot code hasn't been maliciously modified or manipulated.
Best Open Source VPN For 2020 – 5 Choices To Consider
We’re living in times where internet privacy could soon become a myth with companies putting in their best foot to get hold of our data for advertising and other purposes. Thankfully, we still have VPNs to browse the internet anonymously. However, the recent case of one of the most popular VPNs falling prey to hackers further complicates the issue. So what’s the solution? Open source VPN. We’re not saying that open source VPNs aren’t prone to hacking but as the reputation of open source products precedes, we can consider these to be safer than closed source VPNs. One of the benefits of using an open-source VPN client as compared to a custom VPN is the fact that all the source code of the VPN apps is public, which ensures that the company isn’t hiding anything from you. Open source VPNs use SSL/TLS protocol for encryption.
