mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla gemeenschap

Mozilla lekt gegevens van 97.000 Bugzilla-testers - Security.nl

Nieuws verzameld via Google - to, 28/08/2014 - 16:12

Mozilla lekt gegevens van 97.000 Bugzilla-testers
Security.nl
Softwareontwikkelaar Mozilla heeft haar gebruikers weer gewaarschuwd voor het lekken van persoonlijke gegevens. Dit keer ging het om de e-mailadressen en versleutelde wachtwoorden van zo'n 97.000 gebruikers die een testversie van de Bugzilla ...

Categorieën: Mozilla-nl planet

Mozilla accidentally left email addresses, passwords of 97k Bugzilla users out ... - PCWorld

Nieuws verzameld via Google - to, 28/08/2014 - 15:41

Mozilla accidentally left email addresses, passwords of 97k Bugzilla users out ...
PCWorld
On August 1, the organization announced that the email addresses of 76,000 users and the encrypted passwords of 4,000 users of the Mozilla Developer Network were exposed for a period of 30 days after a database dump file was stored on a publicly ...

en meer »
Categorieën: Mozilla-nl planet

Mozilla reports user data leak from Bugzilla project - PC World Magazine

Nieuws verzameld via Google - to, 28/08/2014 - 15:09

Mozilla reports user data leak from Bugzilla project
PC World Magazine
On August 1, the organization announced that the email addresses of 76,000 users and the encrypted passwords of 4,000 users of the Mozilla Developer Network were exposed for a period of 30 days after a database dump file was stored on a publicly ...
Mozilla, Again, Accidentally Hacks its DevelopersNextgov
Data on 97K Bugzilla users posted online for about three monthsSC Magazine

alle 11 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla reports user data leak from Bugzilla project - ITworld.com

Nieuws verzameld via Google - to, 28/08/2014 - 15:09

Mozilla reports user data leak from Bugzilla project
ITworld.com
On August 1, the organization announced that the email addresses of 76,000 users and the encrypted passwords of 4,000 users of the Mozilla Developer Network were exposed for a period of 30 days after a database dump file was stored on a publicly ...

en meer »
Categorieën: Mozilla-nl planet

Mike Ratcliffe: View jQuery and jQuery Live events in Firefox DevTools

Mozilla planet - to, 28/08/2014 - 14:40

A little while back we landed a feature that made it possible to interact with events from the markup panel of Firefox developer tools.

A lot of people were excited about this but we soon realized that jQuery wraps event handlers in a proxy making all handlers look like this:

function() { return fn.apply( thisObject || this, arguments ); };

Numerous facepalms later and we now have support for jQuery and jQuery Live events. This support will be available in tonight's nightly:

jQuery and jQuery Live events

Because library support is important we have created an API that allows developers and library authors to create "event parsers" that allow our tools to make sense of their event systems.

The API looks like this:

var parser = { id: "myLibrary events", // Unique id hasListeners: function(node) { // Hunt for node's listeners and return true as soon as one is // encountered. }, getListeners: function(node) { // Hunt for node's listeners and return an array of objects // representing those listeners. Each object should look like this: { type: "click", handler: function clicked() {...}, // These tags will be displayed as attributes in the events popup. tags: "jQuery,Live", // Hide or show fields hide: { debugger: false, // Debugger icon type: false, // Event type e.g. click filename: false, capturing: false, dom0: false }, override: { // The following can be overridden: type: "click", origin: "http://www.mozilla.com", searchString: 'onclick="doSomething()"', DOM0: true, capturing: true } } } }, normalizeHandler: function(fnDO) { // Take a handler debug object and use the debugger to walk the scope // chain to discover the function you would like to be displayed. // See https://hg.mozilla.org/integration/fx-team/diff/9add1ec0251d/toolkit/devtools/event-parsers.js#l1.98 for an example. } gDevTools.registerEventParser(parser);

We have bugs logged to add support for the following libraries:

You still here? What are you waiting for? Go get hacking!

Categorieën: Mozilla-nl planet

Nicholas Nethercote: Update on reviewing our data practices and Bugzilla development database disclosure

Mozilla planet - to, 28/08/2014 - 02:02

As we indicated in the post titled “MDN Disclosure”, we began several remediation measures, including a review of data practices surrounding user data. We have kicked off a larger project to better our practices around data, including with respect to the various non-Mozilla projects we support. We are implementing immediate fixes for any discovered issues across the organization, and are requiring each business unit to perform a review of their data practices and, if necessary, to implement additional protections based on that review.

As we proceed through our broader remediation program, we discovered an incident that occurred in the Bugzilla community, one of the community projects we support. A member of the Bugzilla community discovered that development database dump files containing email addresses and encrypted passwords were posted on a publicly accessible server. They were alerted to this incident by a security bug filed by a contributor. See the Bugzilla community blog post for more information.

While it is important to note that the disclosure of this development database does not affect bugzilla.mozilla.org, we continue to believe that the broader community would benefit from our increased focus on data practices and therefore will continue with our plan of including the Bugzilla project as well as other community projects in the data practices initiatives we’ve described above.

We are committed to continuing to improve our data practices to minimize the likelihood of these and other types of incidents.

Sincerely,

Mozilla Security

Categorieën: Mozilla-nl planet

Jared Wein: New in Firefox Nightly: Recommended and easy theme switching through Customize mode

Mozilla planet - wo, 27/08/2014 - 22:01

Firefox menuWe shipped the Australis project with Firefox 29, but the Firefox team hasn’t stopped working on making Firefox the easiest browser to personalize. Firefox allows easy customizing through the new Customize mode, and now in Firefox Nightly people will find a quick and easy to way to set the theme of the browser.

After entering Customize mode, a new menu is shown at the footer of the window. Clicking on this menu will show any installed themes as well as a list of five recommended themes.

These recommended themes were picked from the Add-ons for Firefox website by members of the Firefox User Experience team. All of the themes are licensed through Creative Commons. Some are CC-BY and others are CC-BY-SA.

Themes menu

Hovering over a theme in the menu will preview the appearance of the theme. Clicking on one of the themes will change the applied theme.

An applied theme

We haven’t figured out yet what the rotation will be for recommended themes. Any input on how often or how we should go about putting together the next list is greatly appreciated.

Full management of themes and add-ons is still available through the Add-ons Manager. Recommended themes that have not been applied will not show up in the Add-ons Manager. Once a recommended theme is applied, it will appear in the Add-ons Manager and can be uninstalled from there.


Tagged: firefox, planet-mozilla, usability
Categorieën: Mozilla-nl planet

Pete Moore: Weekly review 2014-08-27

Mozilla planet - wo, 27/08/2014 - 15:43

Highlights from this week

1. Play Store - armv6

The main goal of the last week has been to enable fennec builds on esr31 branch. Last week I updated the build process to use a different mechanism to generate the version code in the play store for armv6 apks generated from the esr31 branch. This week has been about enabling these builds and release builders.

This work is tracked in Bug 1040319 – Ensure that Fennec builds from mozilla-esr31 have a buildID to allow for armv6/Android 2.2 users to update to mozilla-esr31 apks.

2. Working with contributors

I’ve been working with kartikgupta0909 this week on IRC - hoping he is going to fix Bug 1020613 - vcs sync should only push tags/heads that have changed since last successful push for us.

I added metadata to bugs, and created a bugzilla search for them to appear in, which I linked to from our contributions wiki page (and I created a sublink to RelEng contributions page from our main Release Engineering page).

3. Other

Regular type support work, which can be seen in bugs below.

Goals for next week:

  • Return to l10n work
  • Prepare for RelEng arch meeting in September

Bugs I created this week:

Other bugs I updated this week:

Categorieën: Mozilla-nl planet

Julien Vehent: Postgres multicolumn indexes to save the day

Mozilla planet - wo, 27/08/2014 - 15:16

I love relational databases. Well designed, they are the most elegant and efficient way to store data. Which is why MIG uses Postgresql, hosted by Amazon RDS.

It's the first time I use RDS for anything more than a small website. I discover its capabilities along the way.  Over the past few days, I've been investigating performance issues. The database was close to 100% CPU, and the number of DB connections maintained by the Go database package was varying a lot. Something was off.

I have worked as a junior Oracle & Postgres DBA in the past. In my limited experience, database performances are almost always due to bad queries, or bad schemas. When you wrote the queries, however, this is what you blame last, after spending hours looking for a bug in any other components outside of your control.

Eventually, I re-read my queries, and found one that looked bad enough:

// AgentByQueueAndPID returns a single agent that is located at a given queueloc and has a given PID func (db *DB) AgentByQueueAndPID(queueloc string, pid int) (agent mig.Agent, err error) { err = db.c.QueryRow(`SELECT id, name, queueloc, os, version, pid, starttime, heartbeattime, status FROM agents WHERE queueloc=$1 AND pid=$2`, queueloc, pid).Scan( &agent.ID, &agent.Name, &agent.QueueLoc, &agent.OS, &agent.Version, &agent.PID, &agent.StartTime, &agent.HeartBeatTS, &agent.Status) if err != nil { err = fmt.Errorf("Error while retrieving agent: '%v'", err) return } if err == sql.ErrNoRows { return } return }The query locates an agent using its queueloc and pid values. Which is necessary to properly identify an agent, except that neither queueloc nor pid have indexes, resulting in a sequential scan of the table:
mig=> explain SELECT * FROM agents WHERE queueloc='xyz' AND pid=1234; QUERY PLAN -------------------------------------------------------------- Seq Scan on agents (cost=0.00..3796.20 rows=1 width=161) Filter: (((queueloc)::text = 'xyz'::text) AND (pid = 1234)) (2 rows)
This query is called ~50 times per second, and even with only 45,000 rows in the agents table, that is enough to burn all the CPU cycles on my RDS instance.

Postgres supports multicolumn indexes. The fix is simple enough: create an index on the columns queueloc and pid together.

mig=> create index agents_queueloc_pid_idx on agents(queueloc, pid); CREATE INDEX

Which results in an immediate, drastic, reduction of the cost of the query, and CPU usage of the instance.


mig=> explain SELECT * FROM agents WHERE queueloc='xyz' AND pid=1234; QUERY PLAN --------------------------------------------------------------------------------------- Index Scan using agents_queueloc_pid_idx on agents (cost=0.41..8.43 rows=1 width=161) Index Cond: (((queueloc)::text = 'xyz'::text) AND (pid = 1234)) (2 rows)

migdbcpuusage.png

Immediate performance gain for a limited effort. Gotta love Postgres !

Categorieën: Mozilla-nl planet

Doug Belshaw: Soliciting feedback on v1.1 of the Web Literacy Map

Mozilla planet - wo, 27/08/2014 - 14:50

The Web Literacy Map constitutes the skills and competencies that Mozilla and its community of stakeholders believe to be necessary to read, write and participate effectively on the web.

Sea

The Web Literacy Map currently stands at v1.1 but as I blogged recently, a lot has happened since we launched the first version at MozFest last year! That’s why we’re planning to update it to v2.0 by early January 2015.

I’ll be connecting with key people over the coming weeks to ask for a half-hour (recorded) conversation which will then be shared with the community. In the meantime we’d appreciate your feedback. Here’s what Atul Varma had to say:

So I feel like the weblit map is cool as it is, but as has been discussed previously, there are a number of areas that are important but cross-cut through existing competencies, rather than necessarily constituting their own competencies by themselves… what if we created a set of lenses through which the competencies could be viewed?

There’s a couple of ways you can give your feedback:

Leaving your name means we can follow up with questions if necessary (for clarification, etc.) I look forward to hearing what you have to say! All opinions are welcome. Pull no punches. :-)

Questions? I’m @dajbelshaw on Twitter or you can email me: doug@mozillafoundation.org

Categorieën: Mozilla-nl planet

Daniel Stenberg: Going to FOSDEM 2015

Mozilla planet - wo, 27/08/2014 - 11:01

Yeps,

I’m going there and I know several friends are going too, so this is just my way of pointing this out to the ones of you who still haven’t made up your mind! There’s still a lot of time left as this event is taking place late January next year.

I intend to try to get a talk to present this time and I would love to meet up with more curl contributors and fans.

fosdem

Categorieën: Mozilla-nl planet

Byron Jones: happy bmo push day!

Mozilla planet - wo, 27/08/2014 - 09:11

the following changes have been pushed to bugzilla.mozilla.org:

  • [1058479] move the “mozilla employees” warning on bugzilla::admin next to the submit button
  • [1058481] git commits should link to commitdiff not commit
  • [1056087] contrib/merge-users.pl fails if there are no duplicate bug_user_last_visit rows
  • [1058679] new bug API returning a ref where bzexport expects bug data
  • [1057774] bzAPI landing page gives a 404
  • [1056904] Add “Mentored by me” to MyDashboard
  • [1059085] Unable to update a product’s group controls: Can’t use string (“table”) as an ARRAY ref while “strict refs” in use
  • [1059088] Inline history can be shown out-of-order when two changes occur in the same second

discuss these changes on mozilla.tools.bmo.


Filed under: bmo, mozilla
Categorieën: Mozilla-nl planet

Mozilla plans permission toggles in Firefox OS - CNET

Nieuws verzameld via Google - wo, 27/08/2014 - 03:50

Mozilla plans permission toggles in Firefox OS
CNET
20140223_Firefox_OS_Spreadtrum_004_610x395.jpg A prototype of the Firefox OS-powered Cloud FX phone. A future version of the operating system will include app permission controls. Stephen Shankland/CNET. Mozilla promises that a future version of ...
Firefox OS to outdo Android on granular application permissionsPC World Magazine
Latest Firefox mobile OS to feature improved app controlComputer Dealer News

alle 11 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Monica Chew: Firefox 32 supports Public Key Pinning

Mozilla planet - wo, 27/08/2014 - 03:41
Public Key Pinning helps ensure that people are connecting to the sites they intend. Pinning allows site operators to specify which certificate authorities (CAs) issue valid certificates for them, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox. If any certificate in the verified certificate chain corresponds to one of the known good certificates, Firefox displays the lock icon as normal.

Pinning helps protect users from man-in-the-middle-attacks and rogue certificate authorities. When the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection with a pinning error. This type of error can also occur if a CA mis-issues a certificate.
Pinning errors can be transient. For example, if a person is signing into WiFi, they may see an error like the one below when visiting a pinned site. The error should disappear if the person reloads after the WiFi access is setup.



Firefox 32 and above supports built-in pins, which means that the list of acceptable certificate authorities must be set at time of build for each pinned domain. Pinning is enforced by default. Sites may advertise their support for pinning with the Public Key Pinning Extension for HTTP, which we hope to implement soon. Pinned domains include addons.mozilla.org and Twitter in Firefox 32, and Google domains in Firefox 33, with more domains to come. That means that Firefox users can visit Mozilla, Twitter and Google domains more safely. For the full list of pinned domains and rollout status, please see the Public Key Pinning wiki.

Thanks to Camilo Viecco for the initial implementation and David Keeler for many reviews!
Categorieën: Mozilla-nl planet

Gervase Markham: Email Account Phishers Do Manual Work

Mozilla planet - ti, 26/08/2014 - 21:37

For a while now, criminals have been breaking into email accounts and using them to spam the account’s address book with phishing emails or the like. More evil criminals will change the account password, and/or delete the address book and the email to make it harder for the account owner to warn people about what’s happened.

My mother recently received an email, purportedly from my cousin’s husband, titled “Confidential Doc”. It was a mock-up of a Dropbox “I’ve shared an item with you” email, with the “View Document” URL actually being http://proshow.kz/excel/OLE/PPS/redirect.php. This (currently) redirects to http://www.affordablewebdesigner.co.uk/components/com_wrapper/views/wrapper/tmpl/dropbox/, although it redirected to another site at the time. That page says “Select your email provider”, explaining “Now, you can sign in to dropbox with your email”. When you click the name of your email provider, it asks you for your email address and password. And boom – they have another account to abuse.

But the really interesting thing was that my mother, not being born yesterday, emailed back saying “I’ve just received an email from you. But it has no text – just an item to share. Is it real, or have you been hacked?” So far, so cautious. But she actually got a reply! It said:

Hi <her shortened first name>,
I sent it, It is safe.
<his first name>

(The random capital was in the original.)

Now, this could have been a very smart templated autoresponder, but I think it’s more likely that the guy stayed logged into the account long enough to “reassure” people and to improve his hit rate. That might tell us interesting things about the value of a captured email account, if it’s worth spending manual effort trying to convince people to hand over their creds.

Categorieën: Mozilla-nl planet

Mozilla announces $36 Intex Cloud FX smartphone for India - CBC.ca

Nieuws verzameld via Google - ti, 26/08/2014 - 20:22

Economic Times

Mozilla announces $36 Intex Cloud FX smartphone for India
CBC.ca
The phone runs Firefox OS, a Linux-based mobile operating system made by the non-profit organization Mozilla, which is best known for its Firefox web browser. Firefox has been mainly targeting the developing world, especially Latin America, with low ...
This Is The $33 Smartphone For India That Could Ruin Samsung's Android ...Business Insider
Mozilla's $33 smartphone for India could ruin Samsung's android businessEconomic Times
Mozilla Launches $33 Smartphone in IndiaHeadlines & Global News

alle 8 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla comes up with $33 smartphone in India - The Daily Star

Nieuws verzameld via Google - ti, 26/08/2014 - 20:01

Mozilla comes up with $33 smartphone in India
The Daily Star
Mozilla, a company best known for its Firefox browser, has launched a new low-cost smartphone in India that will retail for 1,999 rupees ($33; £19.90). The phone is only for sale on India's online shopping site, Snapdeal. The Intex Cloud FX runs on ...

Categorieën: Mozilla-nl planet

Mozilla stapt in groeimarkt India met spotgoedkope smartphone - z24

Nieuws verzameld via Google - ti, 26/08/2014 - 19:18

Mozilla stapt in groeimarkt India met spotgoedkope smartphone
z24
“Meer dan zeventig procent van de bellers in India gebruikt nog een traditioneel mobieltje, en naar wij begrijpen zijn kosten en bruikbaarheid een drempel om over te stappen naar een smartphone”, zegt Jane Hsu, hoofd productontwikkeling van Mozilla, ...

en meer »
Categorieën: Mozilla-nl planet

Mozilla stapt in groeimarkt India met spotgoedkope smartphone - z24

Nieuws verzameld via Google - ti, 26/08/2014 - 19:18

Mozilla stapt in groeimarkt India met spotgoedkope smartphone
z24
“Meer dan zeventig procent van de bellers in India gebruikt nog een traditioneel mobieltje, en naar wij begrijpen zijn kosten en bruikbaarheid een drempel om over te stappen naar een smartphone”, zegt Jane Hsu, hoofd productontwikkeling van Mozilla, ...

Categorieën: Mozilla-nl planet

Alex Vincent: An insightful statement from a mathematics course

Mozilla planet - ti, 26/08/2014 - 17:39

I’m taking a Linear Algebra course this fall.  Last night, my instructor said something quite interesting:

“We are building a model of Euclidean geometry in our vector space. Then we can prove our axioms of geometry (as theorems).”

This would sound like technobabble to me even a week ago, but what he’s really saying is this:

“If you can implement one system’s basic rules or axioms in another system, you can build a model of that first system in the second.”

Programmers and website builders build models of systems all the time, and unconsciously, we build on top of other systems. Think about that when you write JavaScript code: the people who implement JavaScript engines are building a model for millions of people to use that they’ll never meet. I suppose the same could be said of any modern programming language, compiler, transpiler or interpreter.

The beauty for those of us who work in the model is that we (theoretically) shouldn’t need to care what platform we run on. (In practice, there are differences, which is why we want platforms to implement standards, so we can concentrate on using the theoretical model we depend on.)

On the flip side, that also means that building and maintaining that fundamental system we build on top of has to be done very, very carefully.  If you’re building something for others to use (and chances are, when you’re writing software, you’re doing exactly that), you really have to think about how you want others to use your system, and how others might try to use your system in ways you don’t expect.

It’s really quite a profound duty that we take on when we craft software for others to use.

Categorieën: Mozilla-nl planet

Pages