Language Selection

English French German Italian Portuguese Spanish

Mozilla: Facebook Container for Firefox, Issue Trackers, Securing Firefox with WebAssembly and Ad Hoc Profiling

Filed under
Moz/FF
  • The Facebook Container for Firefox

    Even with the ongoing #deletefacebook movement, not everyone is willing to completely walk away from the connections they’ve made on the social platform. After all, Facebook — and its subsidiary Instagram — is where the mountain biking club organizes rides, people post pet pics, dance moves catch on and life’s moments get shared with friends and family, near and far. Since the Cambridge Analytica scandal broke, Facebook has been greeted with more skepticism as it’s been under a hot spotlight on how it gathers, uses and gives access to our personal data for targeted advertising and manipulation, both on and off Facebook platforms. With recent news about their policy not to block false political ads, this targeting gets ever malicious.

  • Jira, Bugzilla, and Tales of Issue Trackers Past

    It seems as though Mozilla is never not in a period of transition. The distributed nature of the organization and community means that teams and offices and any informal or formal group is its own tiny experimental plot tended by gardeners with radically different tastes.

    And if there’s one thing that unites gardeners and tech workers is that both have Feelings about their tools.

    Tools are personal things: they’re the only thing that allows us to express ourselves in our craft. I can’t code without an editor. I can’t prune without shears. They’re the part of our work that we actually touch. The code lives Out There, the garden is Outside… but the tools are in our hands.

    But tools can also be group things. A shed is a tool for everyone’s tools. A workshop is a tool that others share. An Issue Tracker is a tool that helps us all coordinate work.

    And group things require cooperation, agreement, and compromise.

    While I was on the Browser team at BlackBerry I used a variety of different Issue Trackers. We started with an outdated version of FogBugz, then we had a Bugzilla fork for the WebKit porting work and MKS Integrity for everything else across the entire company, and then we all standardized on Jira.

  • Securing Firefox with WebAssembly

    Protecting the security and privacy of individuals is a central tenet of Mozilla’s mission, and so we constantly endeavor to make our users safer online. With a complex and highly-optimized system like Firefox, memory safety is one of the biggest security challenges. Firefox is mostly written in C and C++. These languages are notoriously difficult to use safely, since any mistake can lead to complete compromise of the program. We work hard to find and eliminate memory hazards, but we’re also evolving the Firefox codebase to address these attack vectors at a deeper level. Thus far, we’ve focused primarily on two techniques...

    [...]

    So today, we’re adding a third approach to our arsenal. RLBox, a new sandboxing technology developed by researchers at the University of California, San Diego, the University of Texas, Austin, and Stanford University, allows us to quickly and efficiently convert existing Firefox components to run inside a WebAssembly sandbox. Thanks to the tireless efforts of Shravan Narayan, Deian Stefan, Tal Garfinkel, and Hovav Shacham, we’ve successfully integrated this technology into our codebase and used it to sandbox Graphite.

    This isolation will ship to Linux users in Firefox 74 and to Mac users in Firefox 75, with Windows support following soon after. You can read more about this work in the press releases from UCSD and UT Austin along with the joint research paper. Read on for a technical overview of how we integrated it into Firefox.

  • Nicholas Nethercote: Ad Hoc Profiling

    I have used a variety of profiling tools over the years, including several I wrote myself.

    But there is one profiling tool I have used more than any other. It is capable of providing invaluable, domain-specific profiling data of a kind not obtainable by any general-purpose profiler.

    It’s a simple text processor implemented in a few dozen lines of code. I use it in combination with logging print statements in the programs I am profiling. No joke.

Firefox Browser On Linux And Mac Gets New Security Technology

  • Firefox Browser On Linux And Mac Gets New Security Technology

    Along with rolling out the latest security update to the Firefox browser, Mozilla has now introduced a new approach to secure the Firefox web browser on Linux and Mac operating systems.

    Firefox uses various external libraries to render the audio, videos, and images that can be exploited by the attackers to introduce malicious code. Hence, Firefox includes a new lightweight sandboxing architecture, RLBox, that uses a WebAssembly sandbox to tackle the vulnerabilities posed by the third-party libraries.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Openwashing Leftovers

'Open' Surveillance 'Apps'

  • Singapore to open-source national Coronavirus encounter-tracing app and the Bluetooth research behind it

    The app, named TraceTogether and its government is urging citizens to run so that if they encounter a Coronavirus carrier, it’s easier to trace who else may have been exposed to the virus. With that info in hand, health authorities are better-informed about who needs to go into quarantine and can focus their resources on those who most need assistance. The app is opt-in and doesn’t track users through space, instead recording who you have encountered. To do so, it requires Bluetooth and location services to be turned on when another phone running the app comes into range exchanges four nuggets of information - a timestamp, Bluetooth signal strength, the phone’s model, and a temporary identifier or device nickname. While location services are required, the app doesn't track users, instead helping to calculate distances between them.

  • Singapore says it will make its contact tracing tech freely available to developers

    Less than a week after launching an app to track potential exposure to the coronavirus, Singapore is making the technology freely available to developers worldwide. The city-state rolled out an app called TraceTogether on March 20 and described it as a supplementary tool for its contact tracing efforts that relied on the recall and memory of infected individuals. Contact tracing is the process of identifying those with close contact with infected patients.

  • Over 600k users installed TraceTogether, app to be made open source

    A mobile application developed by the Government Technology Agency (GovTech) that helps in contact tracing for Covid-19 has been installed by more than 620,000 users since its launch last Friday. With a decision to make the technology behind it available to developers around the world, even more people could stand to benefit. Developed in collaboration with the Health Ministry (MOH), the TraceTogether mobile app works by exchanging short-distance Bluetooth signals between phones.

  • 620,000 people installed TraceTogether in 3 days, S’pore’s open source contact tracing app

    TraceTogether, a mobile app to support contact tracing efforts developed by the Government Technology Agency (GovTech), in collaboration with the Ministry of Health (MOH), was launched on Friday, Mar. 20.

  • The Shield: the open source Israeli Government app which warns of Coronavirus exposure
  • Israel Unveils Open Source App to Warn Users of Coronavirus Cases

    A new Israeli app can instantly tell users if they have crossed paths with someone known to have been infected with the coronavirus. On Sunday, the country’s health ministry unveiled the app, called “The Shield”(“HaMagen”, in Hebrew.) The app takes location data from the user’s phone and compares it with the information in Health Ministry servers regarding the location histories of confirmed cases during the 14 days before their diagnosis.

OSS Leftovers

  • Open source platforms, flexible airframes for new drones

    Multirotor drones excel at vertical lift and hover, while fixed wing drones are great at both distance and wide-open spaces. In February, Auterion Government Solutions and Quantum-Systems announced a two-pronged approach to the rotor- or fixed-wing drone market, with a pair of drones that use the same sensor packages and fuselage to operate as either the Scorpion Trirotor or the Vector fixed wing craft. “As we started to develop our tactical UAS Platform, our plan was only to develop a VTOL fixed wing solution (like our Vector),” said Florian Siebel, managing director of Quantum-Systems. “During the development process we decided to build a Tri-Copter Platform as well, as a result of many discussions with law enforcement agencies and Search and Rescue Units.” Adapting the fixed-wing fuselage to the tri-copter attachments means the drone can now operate in narrow spaces and harsh conditions. Scorpion, with the rotors, can fly for about 45 minutes, with a cruising speed of zero to 33 mph. Put the fixed wings back on for Vector, and the flight time is now two hours, with a cruising speed of 33 to 44 mph.

  • IEEE Standards Association Launches a Platform for Open Source Collaboration
  • Greg Smith on the strengths and drawbacks of open source software

    There are a lot of tire models available in the world. Most are closed source (or black box), meaning the program code behind them is not available to end users. This is understandable as the code can easily be licensed and its development paid for. Everyone’s got to make a living! This approach, however, makes it much harder to get the best out of the models – if you can’t see their internal workings, it’s harder to maximize their usefulness. Other models, such as Magic Formula, are effectively open source, with the equations published in books and journal papers. This means that anyone (if they invest the time) can build and use their own Magic Formula solvers and, in the process, learn the details of how the model works. In April 2015, during a session at the 4th International Tire Colloquium at Surrey University, UK, the general idea of open sourcing was discussed. In attendance were various figures from the commercial tire model development community, representatives from car and tire companies who use the models, and a large group of academics involved in more fundamental research. Issues were raised regarding everything from intellectual property concerns and licensing through to technical advances, development strategies and training. Boiling all this down, most discussions centered on one of two approaches.

  • First open-source AI for driverless agricultural vehicles
  • Huawei announced AI Computing Framework MindSpore as Open Source

    During the Huawei 2020 Developer Conference continues online, bringing the latest progress of The Wei Peng and Yan Teng Ecology. According to the agenda of the meeting, the first day of the developer conference (March 27) will focus on Peng Peng, the next day (March 28) will focus on The Teng.

  • New Chinese open-source AI platform launched

    Megvii Technology Limited has announced the launch of a new open-source artificial intelligence platform for developers, Shanghai Daily learned on Thursday. Other firms offering such platforms include tech giants like Google, Amazon, Facebook, Microsoft and Baidu.

  • Open-source AI infrastructure to boost innovation in China

    From smart fever-screening at subway stations to scan-reading diagnosis, artificial intelligence (AI) is on the frontline of China's battle against the novel coronavirus. Behind the smart systems are deep-learning frameworks that emulate the way the human brain learns, like recognizing patterns and coping with ambiguity.

  • Megvii makes deep learning AI framework open-source as China moves to reduce reliance on US platforms
  • Noble.AI Contributes to TensorFlow, Google's Open-Source AI Library and the Most Popular Deep Learning Framework

    Noble.AI, whose artificial intelligence (AI) software is purpose-built for engineers, scientists, and researchers and enables them to innovate and make discoveries faster, today announced that it had completed contributions to TensorFlow, the world's most popular open-source framework for deep learning created by Google.

  • Google open-sources framework that reduces AI training costs by up to 80%

    Google researchers recently published a paper describing a framework — SEED RL — that scales AI model training to thousands of machines. They say that it could facilitate training at millions of frames per second on a machine while reducing costs by up to 80%, potentially leveling the playing field for startups that couldn’t previously compete with large AI labs.

  • A case study: Improving patient outcomes with Open Source

    South London and Maudsley NHS Foundation Trust (SLaM) provides the widest range of NHS mental health services in the UK with 52 inpatient wards, outpatient, and community services. As recognition of their digital accomplishments, SLaM have been awarded GDE (Global Digital Exemplar) status. Following a two-year pilot of Open-eObs software, the trust had proven the long-term benefits of an open source approach and needed a supplier to further drive their digital ambition.

Programming: Java, Python, Perl and More

  • Azul Systems Extends Open Source Java Offerings with a new Zulu Distribution of OpenJDK 14
  • Azul Systems brews up fresh blend for open source Java

    Java runtime solutions company Azul Systems has announced the general availability of its Zulu release of OpenJDK 14 builds. [...] All Zulu 14 JDKs and JREs are verified against and pass the TCK certification tests required to ensure the correct execution of Java SE 14 applications.

  • Python File I/O

    Start writing here..In this article, you'll learn about Python file operations. More specifically, opening a file, reading from it, writing into it, closing it and various file methods you should be aware of. What is a file? File is a named location on disk to store related information. It is used to permanently store data in a non-volatile memory (e.g. hard disk). Since, random access memory (RAM) is volatile which loses its data when computer is turned off, we use files for future use of the data.

  • Python: Pros and Cons of Lambda

    lambda is a keyword in Python, we use it to create an anonymous function. So we also call lambda functions as anonymous functions.

  • Learning pandas by Exploring COVID-19 Data

    The European Centre for Disease Prevention and Control provides daily-updated worldwide COVID-19 data that is easy to download in JSON, CSV or XML formats. In this tutorial, we will use the pandas data analysis tool on the comma-separated values (CSV) data to learn some of the basic pandas commands and explore what is contained within the data set.

  • Rotation in R^2 - CY's take on PWC#053 Task 1

    This is a part of Perl Weekly Challenge(PWC) #053 and the followings are related to my solution. If you want to challenge yourself on Perl, go to https://perlweeklychallenge.org, code the latest challenges, submit codes on-time (by GitHub or email) if possible, before reading my blog post.

  • Perl Weekly Challenge 053: Rotate Matrix and Vowel Strings
  • IoT Adoption Survey Reveals Open Source Rules

    The Eclipse Foundation's IoT Working Group has issued a report that reveals that for commercial organizations the IoT is real and adoption is growing, albeit with a degree of caution. As far as IoT is concerned, the open source model clearly dominates. Conducted online between October and December 2019, with 366 respondents, the IoT Commercial Adoption Survey was the first exercise of its kind. Its aim was gain a better understanding of the IoT industry landscape by identifying the requirements, priorities, and challenges faced by organizations that are deploying and using commercial IoT solutions. It can be seen as the counterpart of the IoT Developer Survey, which since 2015 has been an annual exercise reporting on the programming languages, platforms, infrastructure and tools used for building IoT solutions.

  • What happens when the maintainer of a JS library downloaded 26m times a week goes to prison for killing someone with a motorbike? Core-js just found out

    In November 2019, Denis Pushkarev, maintainer of the popular core-js library, lost an appeal to overturn an 18-month prison sentence imposed for driving his motorcycle into two pedestrians, killing one of them. As a result, he's expected to be unavailable to update core-js, a situation that has project contributors and other developers concerned about the fate of his code library.

  • [Old] When to assume neural networks can solve a problem

    The question: “What are the problems we should assume can be solved with machine learning?”, or even narrower and more focused on current developments “What are the problems we should assume a neural network is able to solve?”, is one I haven’t seen addressed much.

    There are theories like PAC learning and AIX which at a glance seem to revolve around this, as it pertains to machine learning in general, but if actually applied in practice won’t yield any meaningful answers.

    However, when someone asks me this question about a specific problem, I can often give a fairly reasonable confidence answer provided I can take a look at the data.

    Thus, I thought it might be helpful to lay down the heuristic that generate such answers. I by no means claim these are precise or evidence based in the scientific sense, but I think they might be helpful, maybe even a good start point for further discussion on the subject.

  • Uber Open Sources Piranha Stale Code Remover

    Uber has released an open source version of Piranha, a tool that scans source code to delete code related to stale, or obsolete, feature flags. Piranha is run at Uber in an ongoing pipeline for its Android and iOS codebases and has been used to remove around two thousand stale feature flags and their related code. Uber says it has led to a cleaner, safer, more performant, and more maintainable code base.

  • Piranha Is An Open Source Tool That Automatically Deletes Obsolete Code