Open Source Security Podcast: Episode 101 - Our unregulated future is here to stay

Security updates for Monday

MysteryBot; a new Android banking Trojan ready for Android 7 and 8

While processing our daily set of suspicious samples, our detection rule for the Android banking trojan LokiBot matched a sample that seemed quite different than LokiBot itself, urging us to take a closer look at it. Looking at the bot commands, we first thought that LokiBot had been improved. However, we quickly realized that there is more going on: the name of the bot and the name of the panel changed to "MysteryBot", even the network communication changed.

Grayshift claims its 'defeated' Apple's cop-thwarting USB Restricted Mode

Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature

“Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build.”

[Podcast] PodCTL #39 – CI/CD and Kubernetes

One of the characteristics of the most successful deployments of OpenShift are the CI/CD pipelines that enable application integrations. This week we dove into a question from a listener – “Can you talk more about best practices for integrating CI/CD systems into Kubernetes?“ Brian and Tyler talk about the latest news from the Kubernetes community, the difference between CI and CD, and various considerations for integrating CI/CD environments with Kubernetes.

Partners See Docker's 'Promise Of Choice' As A Unique Inroad To Enterprise Customers

Docker’s Name and Operations Could Appeal to Microsoft, Red Hat, VMware

Docker Inc. owns one of the most prominent names in the cloud container ecosystem. But a recent report from Cowen and Company named a handful of established cloud players as potential acquirers of Docker Inc. Those included Microsoft, Red Hat, and VMware, with the first two deemed most likely to take the plunge. “Despite its strong name recognition and customer momentum, Docker’s long-term financial success – at least as an independent company – is hardly a fait accompli,” the Cowen and Company report stated. “We do believe that Docker will have to work hard in order to overcome its smaller footprint with enterprise companies.”

Every Silver Lining Has a Cloud

The savings in cloud computing comes at the expense of a loss of control over your systems, which is summed up best in the popular nerd sticker that says, "The Cloud is Just Other People's Computers."

Firefox has a motion team?! Yes we do!

Motion may sometimes feel like an afterthought or worse yet “polish”. For the release of Firefox Quantum (one of our most significant releases to date), we wanted to ensure that motion was not a second class citizen and that it would play an important role in how users perceived performance in the browser. We (Amy & Eric) make up the UX side of the “motion team” for Firefox. We say this in air quotes because the motion team was essentially formed based on our shared belief that motion design is important in Firefox. With a major release planned, we thought this would be the perfect opportunity to have a team working on motion.

Firefox 61 new contributors

With the upcoming release of Firefox 61, we are pleased to welcome the 59 developers who contributed their first code change to Firefox in this release, 53 of whom were brand new volunteers!

QMO: Firefox 61 Beta 14 Testday Results

As you may already know, last Friday – June 15th – we held a new Testday event, for Firefox 61 Beta 14. Thank you all for helping us make Mozilla a better place!

IOActivityMonitor in Gecko

This is a first blog post of a series on Gecko, since I am doing a lot of C++ work in Firefox these days. My current focus is on adding tools in Firefox to try to detect what's going on when something goes rogue in the browser and starts to drain your battery life. We have many ideas on how to do this at the developer/user level, but in order to do it properly, we need to have accurate ways to measure what's going on when the browser runs. One thing is I/O activity. For instance, a WebExtension worker that performs a lot of disk writes is something we want to find out about, and we had nothing to track all I/O activities in Firefox, without running the profiler. When Firefox OS was developed, a small feature was added in the Gecko network lib, called NetworkActivityMonitor.

San Francisco Oxidation meeting notes

At last week’s Mozilla All Hands meeting in San Francisco we had an Oxidation meeting about the use of Rust in Firefox. It was low-key, being mostly about status and progress. The notes are here for those who are interested.

Riot Games' anti-cheat software for League also targets Linux users

This week Riot Games implemented a new anti-cheat software for the game that is meant to limit the number of players who use third-party programs while playing. Most of these programs help users cheat in-game, such as by inputting movement commands for a player to allow them to dodge enemy skillshots. Unfortunately for players who run Linux as their operating system, the new anti-cheat also targets it as a third-party program, preventing them from playing League. Many players took to Reddit and other forums to protest the change, even creating a petition for Riot to add Linux compatibility.

Riot Games New Anti-Cheat Could Wipe Out League of Legends Linux Player Base

​Riot Games has been working on a new anti-cheat system for League of Legends. There are reports that this update would make the game unplayable for Linux users, because it would make the game incompatible with virtual environments, something Linux users have to employ to play the game.

A small but nice update on Ashes of the Singularity: Escalation and Linux support

We've been waiting quite a while for any real news on the Linux port of Ashes of the Singularity: Escalation [Official Site]. While we still don't know when, we do know it's still happening.

Dead Cells, a 'RogueVania' now has a Beta available for Linux

Dead Cells mixes in elements of a Rogue-lite with a MetroidVania to create an interesting mix and it's now available on Linux with a Beta. I did notice in the comments of the previous article, that people were debating the choice of article title. I said it was a "rogue-lite metroidvania action-platformer", which was obviously a bit wrong. They've actually coined their own term for it, calling it a "RogueVania".