Language Selection

English French German Italian Portuguese Spanish

Mozilla: DNS/DoH, USA FREEDOM Act, Critiquing Design and Sandboxing

Filed under
Moz/FF
  • Firefox continues push to bring DNS over HTTPS by default for US users

    Today, Firefox began the rollout of encrypted DNS over HTTPS (DoH) by default for US-based users. The rollout will continue over the next few weeks to confirm no major issues are discovered as this new protocol is enabled for Firefox’s US-based users.

    A little over two years ago, we began work to help update and secure one of the oldest parts of the internet, the Domain Name System (DNS). To put this change into context, we need to briefly describe how the system worked before DoH. DNS is a database that links a human-friendly name, such as www.mozilla.org, to a computer-friendly series of numbers, called an IP address (e.g. 192.0.2.1).

  • The Facts: Mozilla’s DNS over HTTPs (DoH)

    The current insecure DNS system leaves billions of people around the world vulnerable because the data about where they go on the internet is unencrypted. We’ve set out to change that. In 2017, Mozilla began working on the DNS-over-HTTPS (DoH) protocol to close this privacy gap within the web’s infrastructure. Today, Firefox is enabling encrypted DNS over HTTPS by default in the US giving our users more privacy protection wherever and whenever they’re online.

  • Goals for USA FREEDOM reauthorization: reforms, access, and transparency

    At Mozilla, we believe that privacy is a fundamental digital right. We’ve built these values into the Firefox browser itself, and we’ve pushed Congress to pass strong legal protections for consumer privacy in the US. This week, Congress will have another opportunity to consider meaningful reforms to protect user privacy when it debates the reauthorization of the USA FREEDOM Act. We believe that Congress should amend this surveillance law to remove ineffective programs, bolster resources for civil liberties advocates, and provide more transparency for the public. More specifically, Mozilla supports the following reforms...

    [...]

    Second, the program may not provide sufficiently valuable insights in the current threat environment. In a recent Senate Judiciary Committee hearing, the government acknowledged that the intelligence value of the program was outweighed by the costs and technical challenges associated with its continued operation. This conclusion was supported by an independent analysis from the Privacy and Civil Liberties Oversight Board (PCLOB), which hopes to publicly release an unclassified version of its report in the near future. Additionally, the shift to other forms of communications may make it even less likely that law enforcement will obtain useful information through this specific authority in the future.

    And finally, some technological shifts may have made the CDR program too complex to implement today. Citing to “technical irregularities” in some of the data obtained from telecom providers under the program, the NSA deleted three years’ worth of CDRs that it was not authorized to receive last June. While the agency has not released a specific explanation, Susan Landau and Asaf Lubin of Tufts University have posited that the problem stems from challenges associated with measures in place to facilitate interoperability between landlines and mobile phone networks.

  • Critiquing Design

    This is me about 25 years ago, dancing with a yoga ball. I was part of a theater company where I first learned Liz Lerman’s Critical Response Process. We used this extensively—it was an integral part of our company dynamic. We used it to develop company work, we used it in our education programs and we even used it to redesign our company structure. It was a formative part of my development as an artist, a teacher, and later, as a user-centered designer.

    What I love about this process is that works by embedding all the things we strive for in a critique into a deceptively simple, step-by-step process. You don’t have to try to remember everything the next time you’re knee-deep in a critique session. It’s knowledge in the world for critique sessions.

  • Firefox for Mac and Linux to get a new security sandbox system

Firefox turns controversial new encryption...

  • Firefox turns controversial new encryption on by default in the US

    Starting today, Mozilla will turn on by default DNS over HTTPS (DoH) for Firefox users in the US, the company has announced. DoH is a new standard that encrypts a part of your internet traffic that’s typically sent over an unencrypted plain text connection, and which could allow others to see what websites you’re visiting, even when your communication with the website itself is encrypted using HTTPS. Mozilla says it is the first browser to support the new standard by default, and will be rolling it out gradually over the coming weeks in order to address any unforeseen issues.

  • Firefox flips on default DNS over HTTPS to encrypt Internet traffic at the source

    For its part, Mozilla downplays any potential risk and vows to work with companies, schools, and other organizations, as well as ISPs to mitigate concerns over DoH. In a statement to ZDNet, the company said it was “We’re surprised and disappointed that an industry association for ISPs decided to misrepresent an improvement to decades-old internet infrastructure.”

    To use default DoH, you need to update or download the latest version of the Firefox browser (73.0.1). Users can disable default DoH on the Firefox browser—or enable it if you’re outside the U.S.—by visiting the Network tab under General settings and unchecking the Enable DNS over HTTPS box.

Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

  • Hoping To Combat ISP Snooping, Mozilla Enables Encrypted DNS

    Historically, like much of the internet, DNS hasn't been all that secure. That's why Mozilla last year announced it would begin testing something called "DNS over HTTPS," a significant security upgrade to DNS that encrypts and obscures your domain requests, making it more difficult (though not impossible) to see which websites a user is visiting. Obviously, this puts a bit of a wrinkle in government, telecom, or other organizational efforts to use DNS records to block and filter content, or track and sell user activity.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Today in Techrights

today's leftovers

  • Want A More Secure Computer At The Cost Of Performance? Linux 5.8 Landing L1d Flushing

    For those very concerned about CPU data sampling vulnerabilities, the Linux 5.8 kernel comes with the ability to flush the L1 data cache on each context switch. That's good for security, but will hurt the system performance with all the excess L1 cache flushing. This work stems from a proposal earlier this year to flush the L1d cache on context switches due to recent snoop assisted data sampling vulnerabilites or the cache data leaked via side channels. This work was carried out by an Amazon engineer so presumably there is some interest in offering this functionality in the AWS space.

  • AMD Radeon Linux Driver Sees Patches For New "Sienna Cichlid" GPU

    Still digging through the 207 patches for the AMD Radeon Sienna Cichlid, but will update if seeing anything else of note. For the most part it's leveraging the existing Navi code paths but the usual churn surrounding firmware, clock-gating / power management differences, and other modifications in the usual spots for bringing up new hardware. The main code additions primarily pertain to the new DCN3 and VCN3 blocks. Given the timing of these patches, the AMD Sienna Cichlid won't be mainlined until the Linux 5.9 merge window opening in August and then releasing in stable around October. That timeframe at least does point to Sienna Cichlid likely being the "RDNA 2" graphics card launch coming later in the calendar year.

  • 2020-06-01 | Linux Headlines

    The Linux kernel packs version 5.7 with exciting additions, version 2.2 of the Foliate eBook reader is out with support for many more formats, and members of the Association of American Publishers sue the Internet Archive over their library lending practices.

  • Ubuntu Cinnamon Remix 20.04 LTS overview | Ubuntu, traditionally modern.

    In this video, I am going to show an overview of Ubuntu Cinnamon Remix 20.04 LTS and some of the applications pre-installed.

  • SUSE Update Infrastructure Access Through the Data Center

    In Step 2 Toward Enhanced Update Infrastructure Access the time-line for enabling access to the SUSE update infrastructure in the Public Cloud via routing through the data center was announced. As of June 1, 2020 we have started the work necessary to make this possible for all regions in AWS, Azure, and GCE. This marks the beginning of the final phase of a process that started almost 1 year ago with A New Update Infrastructure For The Public Cloud. We expect to have everything completed by no later than the end of June 2020, but will most likely be much faster. The changes from a global IP based access control mechanism to an instance based access mechanism apply to both SUSE Linux Enterprise Server (SLES) and SUSE Linux Enterprise Server For SAP Applications (SLES For SAP) on-demand instances and any images released in the future that might access the update infrastructure.

  • Learn how to save money, reduce complexity with SUSE Manager [Ed: Linux has been around since the 1970s, it says. OK, whatever...]

    “The first is cost,” he says. “Linux has been around since the 1970s and has come a long way in that time. In one month (April 2020), Linux installations grew from 1,3% of the total installed base to a 3%. This might not sound like a lot, but it represents massive growth. For some Linux distributions, the grow rate was better than 600%.” [...] Brink points out that switching to a Linux front-end and an effective back-end management tool could save organisations a massive chunk of their end user license costs. SUSE Manager monitors an organisation’s infrastructure and manages how they deploy services on to front-end devices from a central point.

  • OSI Charting a Course for 2020 and Beyond [Ed: Why does the OSI take pride in becoming a home for a Microsoft front group like ClearlyDefined?]

    The key to understanding how we move forward is to first remember how we got here. OSI as we know it didn't exist until 2013. Founded in 1998, the organization was held together in its first decade through strong board leadership in Michael Tiemann (2001-2012) and Danese Cooper (2002-2011). Deb Bryant (2012-present), Karl Fogel (2011-2014), Mike Milinkovich (2012-2018), and Simon Phipps (2010-2020) helped OSI begin professionalizing, by hiring General Manager Patrick Masson (2013-present), and becoming more democratic, with the introduction of a community-elected board. Molly de Blanc (2016-2020), Allison Randal (2014-2019), and Stefano “Zack” Zacchiroli (2014-2017) fostered better ties with the free software community. Richard Fontana (2013-2019) elevated legal discussions, taking OSI’s licensing work from knowledgeable hackers to expert practitioners and defining a review process. And Pam Chestek (2019-present) has brought a new level of professionalism to the license review process. This is a reductionist and inevitably incomplete view of OSI’s history, but the point is this: OSI has come a long way, and I am forever grateful to the talented and generous individuals who collectively invested decades to get us here. Over the last seven years, OSI has: sustained its core mission, shaped policy around the globe, worked tirelessly to mitigate open washing, built an alliance of more than 125 organizations representing hundreds of thousands of people, provided a home for projects like ClearlyDefined, and rolled out programs like FLOSS Desktops for Kids and Open Source Technology Management courses with Brandeis University.

  • Priyanka Sharma Joins CNCF as General Manager

IBM/Red Hat/Fedora Leftovers

  • Fedora Community Blog monthly summary: May 2020

    This is the first in what I hope to make a monthly series summarizing the past month on the Community Blog. [...] In May, we published 31 posts. The site had 4,964 visits from 2,392 unique viewers. Readers wrote 13 comments. 202 visits came from Fedora Planet, while 716 came from search engines.

  • Red Hat Success Stories: A foundation for network automation and betting on OpenShift

    You hear the expression "betting" on platforms all the time. But Bilyoner Interactive Services in Turkey is really betting on Red Hat OpenShift by deploying a live betting platform on OpenShift with Red Hat Ansible Automation. When live sports betting was legalized in Turkey, Bilyoner Interactive Services needed a supported, scalable, and highly available technology foundation to support this new service. By migrating from community open source to Red Hat OpenShift and Red Hat Ansible Automation Platform, Bilyoner used container and microservices technology to quickly create and launch its new live betting platform. As a result, the company reports a five-fold increase in traffic and close to 100% service uptime.

  • Kafka Monthly Digest – May 2020

    In this 28th edition of the Kafka Monthly Digest, I’ll cover what happened in the Apache Kafka community in May 2020.

  • Free cloud native security conference hosted by IBM Developer

    Security concerns remain one of the key factors in enterprises unlocking the true value of the cloud. From modernizing applications with containerized microservices, to securing data while training AI models, or building continuous, secure DevOps pipelines in a growing complex hybrid cloud, developers face myriad challenges when it comes to security in a cloud native hybrid cloud environment. IBM Developer wants security to be one less thing you have to worry about when you’re building high-performance solutions. That’s why we put together the Digital Developer Conference: Cloud Native Security on June 24, 25, and July 1. [...] Learn the skills to react with speed and confidence by using solutions on IBM Cloud and Red Hat OpenShift alongside leading open source contributions by IBM and Red Hat to Kubernetes, Istio, Open Container Initiative, Cloud Native Computing Foundation, and Apache Foundation.

  • Enable Sysadmin celebrates one-year anniversary with Sudoers Program

    What started as an idea in early 2019 has now blossomed into a publishing platform with a growing community with more than 100 writers. As we celebrate the one-year anniversary of the Enable Sysadmin publication, we’re excited to announce a new program for our community of writers. On May 5, 2020, we officially launched the Sudoers program for the Enable Sysadmin community. The Sudoers program recognizes our most trusted and committed contributors and provides a framework for becoming an established writer on the site. The editorial team has been working closely with 10 of our writers to help establish the first group of members in the Sudoer program. To date, this group of amazing sysadmins has collectively published more than 100 articles on the Enable Sysadmin publication.

  • Enable Sysadmin: A year by the numbers

Programming Leftovers

  • Software Product Inventory: what is it and how to implement it.

    The concept of inventory applied to software, sometimes called catalogue, is not new. In IT/help-desk it usually refers to the software deployed in your organization. Along the history, there has been many IT Software Inventory Management tools. I first started to think about it beyond that meaning when working in deployments of Linux based desktops at scale. The popularity that Open Source and Continuous Delivering is providing this traditionally static concept a wider scope as well as more relevance. It is still immature though, so read the article with that in mind. 1.- What is Inventory in software product development? I like to think about the software inventory as the single source of truth of your software product so the main element for product development and delivery auditing purposes. Isn’t that the source code?

  • 10 tips for maintaining a DevOps mindset for distributed teams

    I am one of the agents of chaos who passionately argued the importance of removing barriers and recognizing that people are the core of a healthy DevOps mindset. Fast-forward to the COVID-19 pandemic, in which collocated teams were forced to disperse overnight into self-isolating distributed entities, relying on technology to bring us all back together in a virtual world. [...] A healthy DevOps mindset navigates through different paths of continuous improvement wherein disruption, discipline, and guardrails are the norm. What no one anticipated is the radical disruption we are all experiencing due to the pandemic, and the impact it has on our DevOps and personal mindset, our workflows, and the ceremonies of kanban and agile teams. You may recall Tuckman's theory of group development, which outlines how teams grow into productive high-performers in stages. As expected, most, if not all, agile teams that switched from collocated to remote setup will slide back from the norming and performing stages to the storming stage, as shown in Figure 1.

  • Git 2.27 Demotes The Recently Promoted Transport Protocol v2, Continues SHA-256 Work

    Git 2.27 is out as the newest version of this widely-used distributed revision control system. Among the highlights with Git 2.27 are: - The Transport Protocol Version 2 support, which was made the default in the previous release, has been demoted. There are some "remaining rough edges" leading to the v2 protocol being demoted from the default in Git 2.27.

  • GitLab Releases Massive Update to CI/CD Platform

    GitLab has updated its CI/CD platform with a raft of capabilities spanning everything from value stream management to cybersecurity. In addition, GitLab announced it is making generally available Gitaly Clusters, which enable DevOps teams to create a warm replica of a Git repository. In terms of core DevOps capabilities, the latest release adds the ability to customize the Value Stream Analytics module to specific workflows. GitLab is also planning to make it possible to visualize stages of a workflow.

  • Stripe's remote engineering hub, one year in

    Last May, Stripe launched our remote engineering hub, a virtual office coequal with our physical engineering offices in San Francisco, Seattle, Dublin, and Singapore. We set out to hire 100 new remote engineers over the year—and did. They now work across every engineering group at Stripe. Over the last year, we’ve tripled the number of permanently remote engineers, up to 22% of our engineering population. We also hired more remote employees across all other teams, and tripled the number of remote Stripes across the company.

  • When to choose C or Python for a command-line interface

    First, a Unix perspective on command-line interface design. Unix is a computer operating system and the ancestor of Linux and macOS (and many other operating systems as well). Before graphical user interfaces, the user interacted with the computer via a command-line prompt (think of today's Bash environment). The primary language for developing these programs under Unix is C, which is amazingly powerful. So it behooves us to at least understand the basics of a C program.

  • One thought on “Pulling Data From News Feed Telemetry”

    The write-up is at a very in-depth level, and while there’s an admission that some of the steps could have been performed more easily with ready-made tools, its point is to go through all steps at a low level. So the action largely takes place in GNU Radio, in which we see the process of identifying the signal and shifting it downwards in frequency before deducing its baud rate to retrieve its contents. The story’s not over though, because we then delve into some ASCII tricks to identify the packet frames, before finally retrieving the data itself. It still doesn’t tell you what the data contains, but it’s a fascinating process getting there nonetheless. It’s easy to forget that GNU Radio has signal processing capabilities far beyond radio, but it was the subject of a fascinating Superconference talk. We even jumped on the bandwagon in the non-foolish part of our April Fool this year.

  • Dirk Eddelbuettel: T^4 #4: Introducing Byobu

    The next video (following the announcement, and shells sessions one, two, and three) is up in the T^4 series of video lightning talks with tips, tricks, tools, and toys. This time we introduce the wonderful byobu tool which is called both a ‘text-based window manager’ and a ‘terminal multiplexer’:

  • Rust Remains Most Loved Language, According to Stack Overflow Survey

    Stack Overflow has released the results of its 2020 Developer Survey, which was conducted back in February and taken by more than 65,000 people. Of those respondents, just over 52,000 identified themselves as professional developers. Topics covered in the survey included most loved (and dreaded) languages, technologies, and frameworks, as well as career values and employment status. According to the survey, Rust remains the most loved language – for the fifth year in a row. Python fell from the second to third this year, with TypeScript moving into the number two slot. Kotlin, Go, Julia, and Dart are next on the list of beloved languages, separated by just a few tenths of a percentage point.