Language Selection

English French German Italian Portuguese Spanish

Mozilla: Facebook Container for Firefox, Issue Trackers, Securing Firefox with WebAssembly and Ad Hoc Profiling

Filed under
Moz/FF
  • The Facebook Container for Firefox

    Even with the ongoing #deletefacebook movement, not everyone is willing to completely walk away from the connections they’ve made on the social platform. After all, Facebook — and its subsidiary Instagram — is where the mountain biking club organizes rides, people post pet pics, dance moves catch on and life’s moments get shared with friends and family, near and far. Since the Cambridge Analytica scandal broke, Facebook has been greeted with more skepticism as it’s been under a hot spotlight on how it gathers, uses and gives access to our personal data for targeted advertising and manipulation, both on and off Facebook platforms. With recent news about their policy not to block false political ads, this targeting gets ever malicious.

  • Jira, Bugzilla, and Tales of Issue Trackers Past

    It seems as though Mozilla is never not in a period of transition. The distributed nature of the organization and community means that teams and offices and any informal or formal group is its own tiny experimental plot tended by gardeners with radically different tastes.

    And if there’s one thing that unites gardeners and tech workers is that both have Feelings about their tools.

    Tools are personal things: they’re the only thing that allows us to express ourselves in our craft. I can’t code without an editor. I can’t prune without shears. They’re the part of our work that we actually touch. The code lives Out There, the garden is Outside… but the tools are in our hands.

    But tools can also be group things. A shed is a tool for everyone’s tools. A workshop is a tool that others share. An Issue Tracker is a tool that helps us all coordinate work.

    And group things require cooperation, agreement, and compromise.

    While I was on the Browser team at BlackBerry I used a variety of different Issue Trackers. We started with an outdated version of FogBugz, then we had a Bugzilla fork for the WebKit porting work and MKS Integrity for everything else across the entire company, and then we all standardized on Jira.

  • Securing Firefox with WebAssembly

    Protecting the security and privacy of individuals is a central tenet of Mozilla’s mission, and so we constantly endeavor to make our users safer online. With a complex and highly-optimized system like Firefox, memory safety is one of the biggest security challenges. Firefox is mostly written in C and C++. These languages are notoriously difficult to use safely, since any mistake can lead to complete compromise of the program. We work hard to find and eliminate memory hazards, but we’re also evolving the Firefox codebase to address these attack vectors at a deeper level. Thus far, we’ve focused primarily on two techniques...

    [...]

    So today, we’re adding a third approach to our arsenal. RLBox, a new sandboxing technology developed by researchers at the University of California, San Diego, the University of Texas, Austin, and Stanford University, allows us to quickly and efficiently convert existing Firefox components to run inside a WebAssembly sandbox. Thanks to the tireless efforts of Shravan Narayan, Deian Stefan, Tal Garfinkel, and Hovav Shacham, we’ve successfully integrated this technology into our codebase and used it to sandbox Graphite.

    This isolation will ship to Linux users in Firefox 74 and to Mac users in Firefox 75, with Windows support following soon after. You can read more about this work in the press releases from UCSD and UT Austin along with the joint research paper. Read on for a technical overview of how we integrated it into Firefox.

  • Nicholas Nethercote: Ad Hoc Profiling

    I have used a variety of profiling tools over the years, including several I wrote myself.

    But there is one profiling tool I have used more than any other. It is capable of providing invaluable, domain-specific profiling data of a kind not obtainable by any general-purpose profiler.

    It’s a simple text processor implemented in a few dozen lines of code. I use it in combination with logging print statements in the programs I am profiling. No joke.

Firefox Browser On Linux And Mac Gets New Security Technology

  • Firefox Browser On Linux And Mac Gets New Security Technology

    Along with rolling out the latest security update to the Firefox browser, Mozilla has now introduced a new approach to secure the Firefox web browser on Linux and Mac operating systems.

    Firefox uses various external libraries to render the audio, videos, and images that can be exploited by the attackers to introduce malicious code. Hence, Firefox includes a new lightweight sandboxing architecture, RLBox, that uses a WebAssembly sandbox to tackle the vulnerabilities posed by the third-party libraries.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

SHIFT13mi Linux-friendly tablet with replaceable mainboard scheduled for 2021 release

German smartphone maker Shift makes phones that are designed to be modular and easy to repair. And now the company has introduced a tablet with the same design ethos. The SHIFT13mi will be a 2-in-1 tablet with a 13.3 inch touchscreen display, a detachable keyboard, support for Windows 10 or Linux, and upgradeable, replaceable, and repairable components. Read more

today's leftovers

  • Sysadmin skills: What junior sysadmins need to know

    As important as research and testing on their own is, just as important to a junior admin is knowing to ask for help when they do become stuck. A good mentor will not expect a junior admin to have all the answers, or indeed even the context to get started sometimes. While it is important for them to first try to figure out an issue on their own, spending too much time on a single problem to the exclusion of other work, or struggling so much that they become frustrated and distracted is counterproductive. They should take a crack at the issue, research it and work through it, but know when to call it and ask for help. A great way to learn through that process (and keep the additional workload put on the mentor to a minimum) is to ask for guidance on clearing the specific hurdle rather than having a mentor show them how to fix the entire problem all at once. There is nothing especially out of reach about being a systems administrator. There is no knowledge that couldn't be learned by anyone and no technical skills required of a junior admin just starting out in the role. Far more important are the "soft skills" like knowing how to learn, how to test, and how and when to ask for help. Junior administrators who possess these skills will have no trouble picking up technical skills, and more importantly, no trouble being useful and contributing members of their teams.

  • Red Hat build of Eclipse Vert.x 3.9 brings Fluent API Query

    Red Hat Runtimes provides a set of comprehensive frameworks, runtimes, and programming languages for developers, architects, and IT leaders with cloud-native application development needs. The latest update to Red Hat Runtimes has arrived with Red Hat’s build of Eclipse Vert.x version 3.9. Red Hat Runtimes provides application developers with a variety of application runtimes and lets them run on the Red Hat OpenShift Container Platform.

  • Seize the opportunity to transform SAP and the enterprise, with SUSE

    For medium and larger businesses, ERP systems like SAP span multiple divisions and departments. SAP often powers collaboration and communication and acts as a single source of truth. From the central ERP, the business decision-makers can create change, and also monitor results, often in real-time.

  • Microsoft Open Sources 1983’s GW-BASIC Programming Language [Ed: So basically it's published, not to be changed, on a proprietary software monopoly platform for openwashing purposes; PR stunt]

    Microsoft says GW-BASIC is now available on GitHub.

  • Open Source Foundation Pillar Project Launches Smart Wallet With First Ever Built-In Private Payment Network and Meta-Token [Ed: Overt Openwashing; the "about" section reveals no connection to code]

    London-based Pillar Project launched the Pillar Smart Wallet last Thursday, alongside the wallet’s in-built private payment channel to transform the way users interact with decentralized platforms and services. To promote the release, Pillar launched a referral campaign which attracted 2,549 new users, with 500k PLR given away in 72 hours. In total, 8,631 new users joined Pillar over the weekend. “Smart-contract accounts allow us to offer our users far better functionality and security, and this is what our latest upgrade is all about. Pillar users will now be able to confidently explore the wider blockchain ecosystem directly through the Pillar app,” says Michael Messele, chief executive officer of Pillar Project.

  • Mozilla, Twitter, Reddit join forces in effort to block browsing data from warrantless access

    A group of seven internet companies are vowing to stand up for the privacy of its users this week when the United States House of Representatives considers the USA FREEDOM Reauthorization Act of 2020. Mozilla, Engine, Reddit, Reform Government Surveillance, Twitter, i2Coalition, and Patreon have asked four US legislators to explicitly prohibit the warrantless collection of internet search and browsing history. "We hope legislators will amend the bill to limit government access to internet browsing and search history without a warrant," the Firefox-maker said in a blog post.

GNU World Order and GCC's JIT Library Sees Experimental Port To Windows

  • GNU World Order 355

    **enscript** and **flac** from the **ap** software series in Slackware.

  • GCC's JIT Library Sees Experimental Port To Windows

    For several years now GCC has offered a embeddable JIT compiler that for GPL applications can serve as a bytecode interpreter, an experimental Python compiler, and other possible use-cases with this libgccjit library. There now are patches pending for bringing libgccjit to Windows. Developer Nicolas Bértolo has worked on a port of libgccjit to Microsoft Windows. So far it's been tested to work with the native-compilation branch of Emacs.

Open Hardware and Devices/Laptops With GNU/Linux

  • The open-source community is building medical kit to fight coronavirus

    Amid shortages of personal protective equipment (PPE)—like face masks, face shields and gloves—the coronavirus pandemic has spurred the world’s hobbyists into action. At-home DIY experts are collaborating en masse on online forums to come up with designs for homemade protective equipment, as well as medical equipment, in a huge effort to kit-out the world’s doctors and prepare them for the front line. The solutions are nothing short of genius. For instance, snorkels left buried in cupboards after old beach holidays have been dug up and refashioned into medical equipment.

  • 3D printers are on the front lines of the COVID-19 pandemic

    On March 20th, as the coronavirus situation in New York City hurtled toward full-blown crisis, Madiha Choksi was packing a taxi with two Flashforge 3D printers and as much filament as she could fit. Choksi, a librarian specializing in research and educational technology, had received an urgent email the night before from Pierre Elias, a cardiology fellow at NYP-Columbia University Medical Center. Elias desperately needed to produce more protective gear for hospital workers treating COVID-19 patients. He hoped Choksi, the administrator for Columbia University’s 3D printing lab, might be able to help.

  • megaAI 4K AI Camera Board Features Movidius Myriad X VPU (Crowdfunding)

    megaAI 4K AI camera board reminds me of Kendryte K210 based boards such as Maixduino used for computer vision for tasks such as object tracking or face recognition, but instead of just handling QVGA at around 15 to 18 fps, megaAI can supports inference at 4K resolution up to 30 fps. The tiny board can achieve this feat by leveraging the 4 TOPS of AI processing power delivered by Intel Movidius Myriad X VPU (Vision Processing Unit) while consuming only around 2.5 Watts.

  • $13 RPI_AC108 Audio Board Ships with a 4-Mic Array for Raspberry Pi

    X-Powers is a subsidiary of Allwinner, better known for its PMIC chips for Allwinner Cortex-A processors., but we also discovered X-Powers AC108 quad-channel ADC chip for microphone arrays in 2017. Soon after, Seeed Studio launched ReSpeaker 4-Mic Array for Raspberry Pi, but I had completely forgotten about the audio chip since then. That’s until this morning when I came across RPI_AC108 audio board also coming with four microphones and several LEDs.

  • Top 15 Best Chromebook Laptops in 2020: The Experts’ Recommendation

    Even years ago, Chromebook was considered as an obsolete form of the laptop whose tasks were only confined to browsing online, checking emails, streaming low-quality videos, and playing low-end games. With the advent of the latest technology, as well as, at the users’ behest, the Chromebook has finally turned into a formidable piece of device to all the users with a transformation from clamshell design to sleeker or even opted for 2-in-1 design.