mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla-gemeenschap

Vigil@nce - Mozilla NSS : utilisation de mémoire libérée via Low Memory - Global Security Mag

Nieuws verzameld via Google - mo, 16/05/2016 - 09:10

Vigil@nce - Mozilla NSS : utilisation de mémoire libérée via Low Memory
Global Security Mag
Un attaquant peut provoquer l'utilisation d'une zone mémoire libérée dans Mozilla NSS, afin de mener un déni de service, et éventuellement d'exécuter du code. Produits concernés : Firefox, NSS, RHEL, SUSE Linux Enterprise Desktop, SLES. Gravité : 2/4.

Google Nieuws
Categorieën: Mozilla-nl planet

Mozilla: l'FBI vuoti il sacco sulla falla di Tor - Punto Informatico

Nieuws verzameld via Google - mo, 16/05/2016 - 08:33

Mozilla: l'FBI vuoti il sacco sulla falla di Tor
Punto Informatico
Roma - L'avvocato Colin Fieman vuole conoscere i dettagli della cosiddetta "network investigative technique" (NIT) adoperata dall'FBI contro i visitatori di Playpen, sito per lo scambio di contenuti pedopornografici attaccato dal Bureau in una ...

Categorieën: Mozilla-nl planet

Mozilla、「Thunderbird」v45.1.0を公開。1件の脆弱性を修正 - 窓の杜

Nieuws verzameld via Google - mo, 16/05/2016 - 06:20

窓の杜

Mozilla、「Thunderbird」v45.1.0を公開。1件の脆弱性を修正
窓の杜
Mozillaは11日、メールソフト「Thunderbird」の最新安定版v45.1.0を公開した。64bit版を含むWindows XP/Server 2003/Vista/7/8/10に対応する寄付歓迎のフリーソフトで、現在MozillaのWebサイトから最新版がダウンロード可能。インストール済みの場合は、自動更新機能で ...

Categorieën: Mozilla-nl planet

This Week In Rust: This Week in Rust 130

Mozilla planet - mo, 16/05/2016 - 06:00

Hello and welcome to another issue of This Week in Rust! Rust is a systems language pursuing the trifecta: safety, concurrency, and speed. This is a weekly summary of its progress and community. Want something mentioned? Tweet us at @ThisWeekInRust or send us an email! Want to get involved? We love contributions.

This Week in Rust is openly developed on GitHub. If you find any errors in this week's issue, please submit a PR.

This week's edition was edited by: Vikrant and llogiq.

Updates from Rust Community News & Blog Posts New Crates & Project Updates
  • Announcing RustFest Berlin 2016 (17-18 September 2016).
  • hydrogen. Multithreaded, non-blocking Linux server framework in Rust.
  • cargo-profiler. Cargo subcommand to profile binaries.
  • cargo clippy subcommand for convenient production of annoying warnings.
  • rfmt. Rust source code formatter.
  • RustDT 0.6.0 is out with improved build target support and experimental auto-check.
Crate of the Week

This week's Crate of the Week is cargo-profiler, which lets us profile our code directly from cargo using a variety of tools, notably valgrind's callgrind and cachegrind. Thanks to kbknapp for the suggestion!

Submit your suggestions for next week!

Call for Participation

Always wanted to contribute to open-source projects but didn't know where to start? Every week we highlight some tasks from the Rust community for you to pick and get started!

Some of these tasks may also have mentors available, visit the task page for more information.

If you are a Rust project owner and are looking for contributors, please submit tasks here.

Updates from Rust Core

132 pull requests were merged in the last two weeks.

New Contributors
  • billyevans
  • bnewbold
  • Brian Green
  • Cristian Oliveira
  • Dan Fockler
  • Geordon Worley
  • Haiko Schol
  • mrmiywj
  • Pavel Sountsov
  • silvo38
  • Stefan Schindler
  • Steven Burns
Approved RFCs

Changes to Rust follow the Rust RFC (request for comments) process. These are the RFCs that were approved for implementation this week:

Final Comment Period

Every week the team announces the 'final comment period' for RFCs and key PRs which are reaching a decision. Express your opinions now. This week's FCPs are:

No RFCs are currently in final comment period.

New RFCs Upcoming Events

If you are running a Rust event please add it to the calendar to get it mentioned here. Email Erick Tryzelaar or Brian Anderson for access.

fn work(on: RustProject) -> Money

No jobs listed for this week.

Tweet us at @ThisWeekInRust to get your job offers listed here!

Quote of the Week

No quote was selected for QotW.

Submit your quotes for next week!

Categorieën: Mozilla-nl planet

Karl Dubost: [worklog] Make Web sites simpler.

Mozilla planet - mo, 16/05/2016 - 03:21

Not a song this week, but just a documentary to remind me that some sites are overly complicated and there are strong benefits and resilience in chosing a solid simple framework for working. Not that it makes easier the work. I think it's even the opposite, it's basically harder to make a solid simple Web site. But that the cost is beneficial on the longterm. Tune of the week: The Depth of simplicity in Ozu's movie.

Webcompat Life

Progress this week:

Today: 2016-05-16T10:12:01.879159 354 open issues ---------------------- needsinfo 3 needsdiagnosis 109 needscontact 30 contactready 55 sitewait 142 ----------------------

In my journey in getting the contactready and needscontact lower, we are making progress. You are welcome to participate

Londong agenda.

Reorganizing a bit the wiki so it better aligns with our current work. In Progress.

Good news on the front of appearance in CSS.

The CSSWG just resolved that "appearance: none" should turn checkbox & radio <input> elements into a normal non-replaced element.

Learning on how to do mozregression

We are looking at creating a mechanism similar to Opera browser.js into Firefox. Read and participate to the discussion.

Webcompat issues

(a selection of some of the bugs worked on this week).

Reading List Follow Your Nose TODO
  • Document how to write tests on webcompat.com using test fixtures.
  • ToWrite: rounding numbers in CSS for width
  • ToWrite: Amazon prefetching resources with <object> for Firefox only.

Otsukare!

Categorieën: Mozilla-nl planet

Mozilla sucht Thunderbird-Architekten und neue organisatorische Heimat - soeren-hentzschel.at

Nieuws verzameld via Google - mo, 16/05/2016 - 03:11

Mozilla sucht Thunderbird-Architekten und neue organisatorische Heimat
soeren-hentzschel.at
Damit Thunderbird in Zukunft auf eigenen Beinen stehen kann und weniger abhängig von Mozilla und Firefox ist, sucht Mozilla per Stellenausschreibung nach einem Software-Architekten, welcher die technische Situation analysiert und Empfehlungen für die ...

Categorieën: Mozilla-nl planet

Nick Desaulniers: What's in a Word?

Mozilla planet - mo, 16/05/2016 - 02:58

Recently, there some was some confusion between myself and a coworker over the definition of a “word.” I’m currently working on a blog post about data alignment and figured it would be good to clarify some things now, that we can refer to later.

Having studied computer engineering and being quite fond of processor design, when I think of a “word,” I think of the number of bits wide a processor’s general purpose registers are (aka word size). This places hard requirements on the largest representable number and address space. A 64 bit processor can represent 264-1 (1.8x1019) as the largest unsigned long integer, and address up to 264-1 (16 EiB) different addresses in memory.

Further, word size limits the possible combinations of operations the processor can perform, length of immediate values used, inflates the size of binary files and memory needed to store pointers, and puts pressure on instruction caches.

Word size also has implications on loads and stores based on alignment, as we’ll see in a follow up post.

When I think of 8 bit computers, I think of my first microcontroller: an Arduino with an Atmel AVR processor. When I think of 16 bit computers, I think of my first game console, a Super Nintendo with a Ricoh 5A22. When I think of 32 bit computers, I think of my first desktop with Intel’s Pentium III. And when I think of 64 bit computers, I think modern smartphones with ARMv8 instruction sets. When someone mentions a particular word size, what are the machines that come to mind for you?

So to me, when someone’s talking about a 64b processor, to that machine (and me) a word is 64b. When we’re referring to a 8b processor, a word is 8b.

Now, some confusion.

Back in my previous blog posts about x86-64 assembly, JITs, or debugging, you might have seen me use instructions that have suffixes of b for byte (8b), w for word (16b), dw for double word (32b), and qw for quad word (64b) (since SSE2 there’s also double quadwords of 128b).

Wait a minute! How suddenly does a “word” refer to 16b on a 64b processor, as opposed to a 64b “word?”

In short, historical baggage. Intel’s first hit processor was the 4004, a 4b processor released in 1971. It wasn’t until 1979 that Intel created the 16b 8086 processor.

The 8086 was created to compete with other 16b processors that beat it to the market, like the Zilog Z80 (any Gameboy emulator fans out there? Yes, I know about the Sharp LR35902). The 8086 was the first design in the x86 family, and it allowed for the same assembly syntax from the earlier 8008, 8080, and 8085 to be reassembled for it. The 8086’s little brother (8088) would be used in IBM’s PC, and the rest is history. x86 would become one of the most successful ISAs in history.

For backwards compatibility, it seems that both Microsoft’s (whose success has tracked that of x86 since MS-DOS and IBM’s PC) and Intel’s documentation refers to words still as being 16b. This allowed 16b PE32+ executables to be run on 32b or even 64b newer versions of Windows, without requiring recompilation of source or source code modification.

This isn’t necessarily wrong to refer to a word based on backwards compatibility, it’s just important to understand the context in which the term “word” is being used, and that there might be some confusion if you have a background with x86 assembly, Windows API programming, or processor design.

So the next time someone asks: why does Intel’s documentation commonly refer to a “word” as 16b, you can tell them that the x86 and x86-64 ISAs have maintained the notion of a word being 16b since the first x86 processor, the 8086, which was a 16b processor.

Side Note: for an excellent historical perspective programming early x86 chips, I recommend Michael Abrash’s Graphics Programming Black Book. For instance he talks about 8086’s little brother, the 8088, being a 16b chip but only having an 8b bus with which to access memory. This caused a mysterious “cycle eater” to prevent fast access to 16b variables, though they were the processor’s natural size. Michael also alludes to alignment issues we’ll see in a follow up post.

Categorieën: Mozilla-nl planet

Mark Côté: BMO's database takes a leap forward

Mozilla planet - mo, 16/05/2016 - 02:52

For historical reasons (or “hysterical raisins” as gps says) that elude me, the BMO database has been in (ughhh) Pacific Time since it was first created. This caused some weirdness on every daylight savings time switch (particularly in the fall when 2:00-3:00 am technically occurs twice), but not enough to justify the work in fixing it (it’s been this way for close to two decades, so that means lots of implicit assumptions in the code).

However, we’re planning to move BMO to AWS at some point, and their standard db solution (RDS) only supports UTC. Thus we finally had the excuse to do the work, and, after a bunch of planning, developing, and reviewing, the migration happened yesterday without issues. I am unreasonably excited by this and proud to have witnessed the correction of this egregious violation of standard db principles 18 years after BMO was originally deployed.

Thanks to the BMO team and the DBAs!

Categorieën: Mozilla-nl planet

The Servo Blog: This Week In Servo 63

Mozilla planet - mo, 16/05/2016 - 02:30

In the last week, we landed 156 PRs in the Servo organization’s repositories.

Emily Dunham has been working on an org-wide report of the contributor metrics. It’s looking good already, but there is still a lot of fun python work to do on the scripts, for those who want to make sure we’re not counting things incorrectly!

Planning and Status

Our overall roadmap and quarterly goals are available online.

This week’s status updates are here.

Notable Additions
  • nox fixed all the warnings on Windows
  • mbrubeck added support for vertical-align in geckolib
  • paul made Servo no longer always quit when the Escape key is pressed
  • larsberg added initial builder support for more “zealous” SpiderMonkey GC configurations
  • jack improved our build time by adding ccache support to skia and azure
  • larsberg enabled caching on Windows builds, taking them down from 50 minutes to 15
  • kaksmet made text-align: justify safe for incremental layout
  • ms2ger added support for Gecko’s string atoms in rust-selectors
  • ddefisher implemented several WebGL functions
  • pcwalton improved window resize performance on MacOS
  • rzambre implemented the ability to log profiling output to a CSV file
  • shinglyu added support for *-reverse flex directions for flexbox
  • mmatyas enabled the use of NEON instructions on ARM and AArch64
  • dzbarsky implemented the readPixels WebGL API
  • asajeffrey made the WebDriver server wait for pages to load before continuing
  • jdm fixed a garbage collection hazard
  • connorgbrewster merged the redundant-yet-awkwardly-intertwined Page and BrowsingContext types
  • kichjang implemented text/plain form encoding
  • broesamle fixed a panick on reddit
New Contributors Get Involved

Interested in helping build a web browser? Take a look at our curated list of issues that are good for new contributors!

Screenshot

A trace of loading CNN.com’s 356 web fonts using the snazzy new HTML-based profiler:

Profiler HTML output

Servo’s new application icon:

Servo application in the OS X dock

Categorieën: Mozilla-nl planet

The Rust Programming Language Blog: One year of Rust

Mozilla planet - mo, 16/05/2016 - 02:00

Rust is a language that gives you:

It’s a language for writing highly reliable, screamingly fast software—and having fun doing it.

And yesterday, Rust turned one year old.

Rust in numbers

A lot has happened in the last 365 days:

  • 11,894 commits by 702 contributors added to the core repository;
  • 88 RFCs merged;
  • 18 compiler targets introduced;
  • 9 releases shipped;
  • 1 year of stability delivered.

On an average week this year, the Rust community merged two RFCs and published 53 brand new crates. Not a single day went by without at least one new Rust library hitting the central package manager. And Rust topped the “most loved language” in this year’s StackOverflow survey.

Speaking of numbers: we recently launched a survey of our own, and want to hear from you whether you are an old hat at Rust, or have never used it.

One place where our numbers are not where we want them to be: community diversity. We’ve had ongoing local outreach efforts, but the Rust community team will soon be launching a coordinated, global effort following the Bridge model (e.g. RailsBridge). If you want to get involved, or have other ideas for outreach, please let the community team know.

Rust in production

This year saw more companies betting on Rust. Each one has a story, but two particularly resonated.

First, there’s Dropbox. For the last several years, the company has been secretively working on a move away from AWS and onto its own infrastructure. The move, which is now complete, included developing custom-build hardware and the software to drive it. While much of Dropbox’s back-end infrastructure is historically written in Go, for some key components the memory footprint and lack of control stood in the way of achieving the server utilization they were striving for. They rewrote those components in Rust. In the words of Jamie Turner, a lead engineer for the project, “the advantages of Rust are many: really powerful abstractions, no null, no segfaults, no leaks, yet C-like performance and control over memory.”

Second, there’s Mozilla. They’ve long been developing Servo as a research browser engine in Rust, but their first production Rust code shipped through a different vehicle: Firefox. In Firefox 45, without any fanfare, Rust code for mp4 metadata parsing went out to OSX and 64-bit Linux users; it will hit Windows in version 48. The code is currently running in test mode, with its results compared against the legacy C++ library: 100% correctness on 1 billion reported executions. But this code is just the tip of the iceberg: after laying a lot of groundwork for Rust integration, Firefox is poised to bring in significant amounts of new Rust code, including components from Servo—and not just in test mode.

We’re hearing similar stories from a range of other shops that are putting Rust into production: Rust helps a team punch above its weight. It gives many of the same benefits as traditional systems languages while being more approachable, safer and often more productive.

These are just a few stories of Rust in production, but we’d love to hear yours!

Rust, improved

Of course, Rust itself hasn’t been standing still. The focus in its first year has been growing and polishing its ecosystem and tooling:

There’s a lot more to say about what’s happened and what’s coming up in the Rust world—over the coming months, we’ll be using this blog to say it.

Rust in community

It turns out that people like to get together and talk Rust. We had a sold out RustCamp last August, and several upcoming events in 2016:

  • September 9-10, 2016: the first RustConf in Portland, OR, USA;
  • September 17, 2016: RustFest, the European community conference, in Berlin, Germany;
  • October 27-18, 2016: Rust Belt Rust, a Rust conference in Pittsburgh, PA, USA;
  • 71 Rust-related meetup groups worldwide.

And that’s no surprise. From a personal perspective, the best part about working with Rust is its community. It’s hard to explain quite what it’s like to be part of this group, but two things stand out. First, its sheer energy: so much happens in any given week that This Week in Rust is a vital resource for anyone hoping to keep up. Second, its welcoming spirit. Rust’s core message is one of empowerment—you can fearlessly write safe, low-level systems code—and that’s reflected in the community. We’re all here to learn how to be better programmers, and support each other in doing so.

There’s never been a better time to get started with Rust, whether through attending a local meetup, saying hello in the users forum, watching a talk, or reading the book. No matter how you find your way in, we’ll be glad to have you.

Happy birthday, Rust!

Categorieën: Mozilla-nl planet

Mozilla Pushes Feds To Disclose Firefox Exploit - CIO Today

Nieuws verzameld via Google - snein, 15/05/2016 - 19:26

Clapway

Mozilla Pushes Feds To Disclose Firefox Exploit
CIO Today
Software company Mozilla has filed a motion in court to compel the Federal Bureau of Investigation (FBI) to reveal how it managed to hack the Tor browser. Tor is partly built on the source code behind Mozilla's Firefox browser, and the company said it ...
FBI, Russia Team Up to Destroy Firefox, Hillary and AppleClapway

alle 2 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Andreas Tolfsen: Evaluating scripts using Marionette

Mozilla planet - snein, 15/05/2016 - 16:44

One roadblock using Marionette as the backend for WebDriver automation has been its lacking execute script primitives: It has been impossible to modify the DOM as all scripts were evaluated in sandboxes.

As of last week, I finally managed to land a patch that makes evaluated scripts have lasting side-effects in the document. This means that scripts such as window.foo = 42 or document.documentElement.style.background = "pink" will take effect on the DOM. This is a requirement for WebDriver conformance, and a major inhibitor for people trying to replace FirefoxDriver with Marionette in their automation.

The patch also refactors the way we do script evaluation in Marionette. Six distinct and different script evaluation implementations have been merged into one, and sandbox management, which is still needed for our Gecko specific automation, is more reliable.

Triggering the lasting side-effects behaviour happens through the absence of a "sandboxName" parameter on the JSON object passed to the GeckoDriver#executeScript function. This lets us retain backwards compatibility for the sandboxed script behaviour for the Mozilla-specific Marionette Python client. However, if you’re using the geckodriver HTTP frontend for Marionette, this will trigger the correct WebDriver compatible behaviour out of the box.

sny.no/a

Categorieën: Mozilla-nl planet

Mozilla Pushes Feds To Disclose Firefox Exploit - CIO Today

Nieuws verzameld via Google - snein, 15/05/2016 - 09:02

Mozilla Pushes Feds To Disclose Firefox Exploit
CIO Today
Humans in general are pretty good at parsing sentences -- that is, quickly and naturally identifying the individual parts and functions of a sentence to grasp the overall meaning. But because there's so much inherent ambiguity in written and spoken ...

Google Nieuws
Categorieën: Mozilla-nl planet

Mozilla Pushes Feds To Disclose Firefox Exploit - Top Tech News

Nieuws verzameld via Google - snein, 15/05/2016 - 09:00

Mozilla Pushes Feds To Disclose Firefox Exploit
Top Tech News
A Microsoft executive told the U.N. Security Council on Wednesday that "there is no silver bullet that will stop terrorist use of the Internet." Steven A. Crown, vice president and deputy general of Microsoft, said technology companies, states and ...

en meer »
Categorieën: Mozilla-nl planet

David Lawrence: Happy BMO Push Day!

Mozilla planet - sn, 14/05/2016 - 19:55

the following changes have been pushed to bugzilla.mozilla.org:

  • [1270295] don’t update timestamps when the tab is not active / in the background
  • [1270867] confusing error message when I was just searching for a bug
  • [232193] bmo’s systems (webheads, database, etc) should use UTC natively for o/s timezone and date storage

discuss these changes on mozilla.tools.bmo.


Categorieën: Mozilla-nl planet

Mozilla schüttet 1,25 Millionen Dollar für Open Source-Projekte aus - soeren-hentzschel.at

Nieuws verzameld via Google - sn, 14/05/2016 - 13:06

Mozilla schüttet 1,25 Millionen Dollar für Open Source-Projekte aus
soeren-hentzschel.at
Im Dezember 2015 hatte Mozilla im Rahmen des Mozilla Open Source Supports bereits eine halbe Million Dollar für Open Source-Projekte ausgeschüttet, welche von Mozilla selbst eingesetzt werden. Nun startet eine neue Finanzierungs-Runde, für die auch ...

Google Nieuws
Categorieën: Mozilla-nl planet

Mozilla verlangt Offenlegung einer Sicherheitslücke vom FBI - soeren-hentzschel.at

Nieuws verzameld via Google - sn, 14/05/2016 - 12:17

Neue Zürcher Zeitung

Mozilla verlangt Offenlegung einer Sicherheitslücke vom FBI
soeren-hentzschel.at
Mozilla hat sich in ein Gerichtsverfahren in den USA eingeschaltet und verlangt die Offenlegung einer Sicherheitslücke durch das FBI. Dieses hatte eine Schwachstelle im Tor-Browser ausgenutzt. Mozilla sieht seine Firefox-Nutzer gefährdet, weil nicht ...
Sicherheitslücke im Tor-Browser: Mozilla verlangt von der US-Regierung ...Neue Zürcher Zeitung
Mozilla fordert von FBI Offenlegung von Firefox-SicherheitslückeZDNet.de
FBI soll Mozilla Details zu Sicherheitslücke verratensilicon.de
Heise Newsticker -inside-handy.de -COMPUTER BILD
alle 23 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla files legal challenge to find out how FBI cracked Tor Browser - V3.co.uk

Nieuws verzameld via Google - sn, 14/05/2016 - 10:02

The Intercept

Mozilla files legal challenge to find out how FBI cracked Tor Browser
V3.co.uk
Mozilla is taking legal action to find out whether its code was affected during an FBI investigation into Tor, the private browser that shares a lot of Firefox code. Mozilla is concerned that the FBI has found a vulnerability that it will not disclose ...
Mozilla Wants Heads-Up From FBI on Tor Browser HackThe Intercept
The FBI hacked Mozilla's Firefox code, but a judge won't reveal the methodYahoo News
Mozilla seeks Tor browser vulnerability; Rand Paul backs bill blocking wider FBI ...Washington Post
Inquirer -NewsFactor Network -BankInfoSecurity.com
alle 54 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla Pushes Feds To Disclose Firefox Exploit - Top Tech News

Nieuws verzameld via Google - sn, 14/05/2016 - 09:06

Mozilla Pushes Feds To Disclose Firefox Exploit
Top Tech News
A Microsoft executive told the U.N. Security Council on Wednesday that "there is no silver bullet that will stop terrorist use of the Internet." Steven A. Crown, vice president and deputy general of Microsoft, said technology companies, states and ...

en meer »
Categorieën: Mozilla-nl planet

Mozilla Pushes Feds To Disclose Firefox Exploit - NewsFactor Network

Nieuws verzameld via Google - sn, 14/05/2016 - 09:00

Mozilla Pushes Feds To Disclose Firefox Exploit
NewsFactor Network
Software company Mozilla has filed a motion in court to compel the Federal Bureau of Investigation (FBI) to reveal how it managed to hack the Tor browser. Tor is partly built on the source code behind Mozilla's Firefox browser, and the company said it ...

Categorieën: Mozilla-nl planet

Pages