Language Selection

English French German Italian Portuguese Spanish

Mozilla Security: More Than Meets The 'Aye'

Filed under
Moz/FF

If open source by definition means that code is open, then why is Mozilla having some of its code discussions behind closed doors? The reason is simple: to protect users.

Last week security researcher Robert Chapin alleged that Mozilla's security process wasn't open. According to Chapin, certain key discussions surrounding the resolution of security issues with Mozilla Password Manager that he first reported last November were less than entirely open.

Window Snyder, head of security strategy at Mozilla Corp., told internetnews.com that the allegation that Mozilla is not open is not the case. Snyder argued that Mozilla is as open as it can be and even somewhat democratic.

In addition to the publicly available Bugzilla bug database, Mozilla also has a separate security group with membership made up from both Mozilla and the wider community. Currently the group has 86 individual members, with Google, Red Hat, IBM, Sun, Ubuntu and Cenzic among the different groups represented.

Full Story.

More in Tux Machines

Programming/Development: fwupd, LLVM and More

  • CSR devices now supported in fwupd
    The BlueCore CSR chips are used everywhere. If you have a “wireless” speaker or headphones that uses Bluetooth there is a high probability that it’s using a CSR chip inside. This makes the addition of CSR support into fwupd a big deal to access a lot of vendors. It’s a lot easier to say “just upload firmware” rather than “you have to write code” so I think it’s useful to have done this work.
  • Skylake Server Scheduler Model Updated In LLVM 6.0 Along With Other Intel CPU Updates
  • Most Software Code Will Be Written By Machines By 2040, Researchers Predict
    Imagine a scenario where a programmer needs to follow a couple of tried and tested procedures to write code that becomes a part of a bigger program that needs some insightful contribution from another programmer. So, is the first programmer really needed? Can’t we find a robotic replacement for the same? In the past, GitHub CEO had already made a prediction which says that future of coding is no coding at all. A similar speculation has been made by the researchers at the Oak Ridge National Laboratory, Tennessee, who have said that machines will write most of their own code by 2040.
  • Hazelcast joins Eclipse, JCache is key focal point
    Open source In-Memory Data Grid (IMDG) company Hazelcast has joined the Eclipse Foundation – and it has done so for a reason. Hazelcast’s primary focus will be on JCache the Eclipse MicroProfile and EE4J. In particular, Hazelcast will be collaborating with members to popularize JCache, a Java Specification Request (JSR-107). So what place does JCache fill in the universe then?

Software: Darktable, VLC, Mesa, Audacity, Toplip, GNUstep

  • Darktable 2.4-RC1 Rolls Out With Windows Support, OpenCL Improvements
    The open-source Darktable RAW photography software that's long been available for Linux and macOS has finally been ported to Microsoft Windows. But fortunately that's not all to be found in Darktable 2.4. While Windows support is their big headline feature of Darktable 2.4, the RC1 release that came out today is also packed with other improvements.
  • Linux Release Roundup: VLC, Mesa, Audacity + More
    Another week has flown by, making it time for another round-up of pertinent Linux app releases that didn’t manage to wangle a full post’s worth of waffle on this site. This week’s crop of curios includes updates to the world’s most popular open-source video player, the world’s most popular open-source audio editor, and the world’s most popular open-source graphics drivers.
  • Toplip – A Very Strong File Encryption And Decryption CLI Utility
    There are numerous file encryption tools available on the market to protect your files. We have already reviewed some encryption tools such as Cryptomater, Cryptkeeper, CryptGo, Cryptr, Tomb, and GnuPG etc. Today, we will be discussing yet another file encryption and decryption command line utility named “Toplip”. It is a free and open source encryption utility that uses a very strong encryption method called AES256, along with an XTS-AES design to safeguard your confidential data. Also, it uses Scrypt, a password-based key derivation function, to protect your passphrases against brute-force attacks.
  • GNUstep Takes Another Step Forward For Implementing Apple's Cocoa Frameworks
    GNUstep is the long-standing free software project working to implement Apple's Cocoa Objective-C frameworks used by macOS. The GNU project has made new releases of their GUI and Back libraries. GNUstep GUI 0.26 is out this morning as the latest update to their graphical user-interface library. GNUstep GUI 0.26 has a number of compatibility improvements, translation updates, mouse tracking logic improvements, bug fixes, and other work.

today's howtos

Fedora and Red Hat News