Mozilla Nederland LogoDe Nederlandse

Abonneren op feed Mozilla planet
Planet Mozilla -
Bijgewerkt: 4 maanden 4 dagen geleden

Cameron Kaiser: JAEUA (Just another endangered Universal application), or, the three heads of Tutti II

za, 23/09/2017 - 01:00
On this blog, Universal doesn't mean that watered-down 32-bit/64-bit Intel nonsense. It means actually running on multiple system architectures, like 68K and PowerPC in the "fat binary" days, or PowerPC and Intel at the dawn of the OS X i386 era (as OS X has always been able to do even when Marklar was a skunkworks project thanks to NeXTSTEP).

So here's another one. I maintain an emulator of the first home computer I ever had as a kid, the Tomy Tutor, called Tutti II (the original Tutti was actually a simulator for the Commodore 64, and I wrote that too). It descends from an earlier emulator written for Windows called TutorEm which was conveniently SDL-based, so I made some endian fixes for PowerPC and ported it to OS X with some fixes and new features. Download it and play with the demo tape images on the page. It runs on any Mac that can run 10.4 or later, PowerPC or Intel. It runs just dandy on my Sierra-based i7 MacBook Air all the way down to my Tiger-based Sawtooth G4.

The point of this blog post isn't (merely) shameless self-promotion, though; there are some technical points I want to make too. Tutti II isn't just a Universal PowerPC/Intel app; it's actually a three-headed chimera. While the SDL dylib it uses is a relatively pedestrian ppc and i386 Universal library, if you run lipo on the core tutti executable itself you'll find three architectures: one for ppc750 (i.e., G3), one for ppc7400 (i.e., G4), and one for i386 (Intel 32-bit).

Why are there three versions? Because AltiVec. If you look at the source code, you'll find conditional defines for AltiVec acceleration mostly within the TMS 9918A video chip emulation which are used for bitmap splats and scales. This is part of what enables it to run well even on my 1GHz iMac G4. In fact, given that the Mach-O field for number of architectures is a 32-bit integer, you are likely to run out of file offset space (also a 32-bit integer) in a multi-architecture binary long before you run out of actual and artificial architectures to cram in it. Mac OS X looks at the binary and if your system has Intel, runs the Intel portion. If it's PowerPC and it has AltiVec, it runs the AltiVec version, and failing that, the G3 version. No runtime checking is required within the code itself. (The only reason I haven't bothered to do a ppc7450 or ppc970 version too and make it five-headed is because it runs so fast already they're not likely to yield much, if any, noticeable benefit.)

The second point is that this is made much easier because everything is 32-bit. Although Tutti II is mostly Cocoa-based internally and probably could be made to build 64-bit, Xcode 2.5 doesn't support 64-bit Intel compilation, the Universal 10.4 SDK is only 32-bit, and the specific 32-bit SDL 1.2.14 version I use occupies a narrow sweet spot where it uses CoreGraphics instead of QuickDraw for forward compatibility while still functioning on PowerPC 10.4. But, because it's 32-bit, I can build the entire app from the G5 on 10.4 with that library and everything easily descends from almost exactly the same code base. This may no longer be possible after macOS 10.14, whatever it's called (I'm hoping for "macOS Arvin"), ends the ability to run "32-bit applications without compromise." Apple doesn't say what that compromise might be, but my guess is either that the operating system will not include 32-bit components and they will be a separate download for some transitional period (like Rosetta in 10.6), or Intel Carbon applications will be entirely unsupported, as there is no 64-bit Carbon, or maybe even both. Apple may also choose to completely remove things like Intel QuickDraw at the same time, which hasn't been supported since 10.4 but does still run on current versions of macOS, and is only really meaningful for Carbon also. After these pieces are completely decommissioned, you'll have to run High Sierra or Snow Leopard in a VM, I suppose.

As I've mentioned before, this is bad for Power Macs because other than PowerPC bigots like me, what residual PowerPC application support remains is largely due to the fact it works without additional effort and it's more work to remove it than not to bother. I suspect many cross-builders have some old Power Mac or early Intel Mac in a corner with an Xcode that just happens to still build for PowerPC, and the binary it spits out still "just works" on modern Macs, so they leave it alone. Even codesigning didn't really change this much because these cross-platform builders don't like paying the Apple developer tax as much as I don't, so they don't need it (Tutti II is also not a signed application, and probably never will be). Once this is no longer possible, however, these builders will probably just remove PowerPC support entirely since it won't be compatible with newer versions of Xcode, so start preserving source code archives where you find them so you can maintain and build it yourself.

In my case, since I'm planning to move to POWER9 on Linux instead of whatever the next Mac Pro turns out to be, when 32-bit Mac apps are gone completely that will mean the end of Tutti II on current versions of macOS. There will still be a build for Power Macs, but since I'm actually looking into cross-compiling it for Windows, rather than chugging out a special 64-bit macOS build and maintaining it separately I'll just make current Mac users run the 32-bit Windows binary in WINE. That's just less work for me and satisfies my internal curmudgeon, so there.

Look for TenFourFox FPR3 final probably tomorrow or Sunday, depending on when the build cycle finishes.

Categorieën: Mozilla-nl planet

Julien Vehent: On the prevalence of cross-site scripting (XSS) attacks in modern web applications

vr, 22/09/2017 - 20:08

As I attended AppSec USA in Orlando, a lot of discussions revolved around the OWASP Top 10. Setting the drama aside for a moment, there is an interesting discussion to be had on the most common vulnerabilities found in current web applications. The Top 10 from 2013 and 2017 (rc1) hasn’t changed much: first and foremost are injection issues, then broken auth and session management, followed by cross-site scripting attacks.


At first glance, this categorizing appears sensible, and security teams and vendors have depended on it for over a decade. But here’s the issue I have with it: the data we collect from Mozilla’s web bug bounty program strongly disagrees with it. From what we see, injection and authentication/session attacks are nowhere near as common as cross-site scripting attacks. In fact, throughout 2016 and 2017, we have received over five time more XSS reports than any other vulnerability!


This is certainly a huge difference between our data and OWASP's, but Mozilla's dataset is also too small to draw generalities from. Thankfully, both Bugcrowd and Hackerone have published reports that show a similar trend.
In their 2017 report, Bugcrowd said "cross-site scripting (XSS) and Cross Site Request Forgery (CSRF) remain the most reported submissions across industries accounting for 25% and 7% of submissions respectively. This distribution very closely reflects last year’s findings (XSS 25% and CSRF 8%).".
Hackerone went further in their report, and broke the vulnerability stats down by industry, saying that “in all industries except for financial services and banking, cross-site scripting (XSS, CWE-79) was the most common vulnerability type discovered by hackers using the HackerOne platform. For financial services and banking, the most common vulnerability was improper authentication (CWE-287). Healthcare programs have a notably high percentage of SQL injection vulnerabilities (6%) compared to other industries during this time period”.

This data confirms what we’re seeing at Mozilla, but to be fair, not everyone agrees. Whitehat also published their own report where XSS only ranks third, after insufficient transport layer protection and information leakage. Still, even in this report, XSS ranks higher than authentication/authorization and injection issues.

All three sources that shows XSS as the most prevalent issue come from bug bounty programs, and there is a strong chance that bug bounty reporters are simply more focused on XSS than other attacks. That said, when looking at modern web applications (and Mozilla’s web applications are fairly modern), it is rare to find issues in the way authentication and authorization is implemented. Most modern web frameworks have stable and mature support for authentication, authorization, access controls, session management, etc. There’s also a big trend to rely on external auth providers with SAML or OpenID Connect that removed implementation bugs we  saw even 4 or 5 years ago. What about non-xss injections? We don’t get that many either. In the handful of services that purposely accept user data, we’ve been paranoid about preventing vulnerabilities, and it seem to have worked well so far. The data we get from security audits, outside of bug bounties, seem to confirm that trend.

In comparison, despite continued efforts from the security community to provide safe escaping frameworks like Cure53’s DOMPurify or Mozilla’s Bleach, web applications are still bad at escaping user-provided content. It’s hard to blame developers here, because the complexity of both the modern web and large applications is such that escaping everything all the time is an impossible goal. As such, the rate of XSS in web applications has steadily increased over the last few years.

What about content security policy? It helps, for sure. Before we enabled CSP on, we had perhaps one or two XSS reports every month. After enabling it, we hardly get one or two per year. For sure, CSP bypass is possible, but not straightforward to achieve, and often sufficient to fend off an attacker (see screenshots from security audit reports below). The continued stream of XSS reports we receive is from older applications that do not use CSP, and the data is a strong signal that we should continue pushing for its adoption.
So, how do we explain the discrepancy between what we’re seeing at Mozilla, Bugcrowd and Hackerone, and what other organizations are reporting as top vulnerabilities? My guess is a lot of vendors are reviewing very old applications that are still vulnerable to issues we’ve solved in modern frameworks, and that Mozilla/Bugcrowd/Hackerone mostly see modern apps. Another possibility is those same vendors have no solutions to XSS, but plenty of commercial solutions to other issues, and thus give them more weight as a way to promote their products. Or we could simply all have bad data and be drawing wrong conclusions.

Regardless of what is causing this discrepancy, there’s evidently a gap between what we’re seeing as the most prevalent issues, and what the rest of the security community, and particularly the OWASP Top 10, is reporting. Surely, this is going to require more digging, so if you have data, please do share it, so we can focus security efforts on the right issues!

Thank you to Greg Guthe and Jonathan Claudius for reviewing drafts of this blog post

Categorieën: Mozilla-nl planet

Air Mozilla: End of RGSoC 2017 - Celebration

vr, 22/09/2017 - 18:00

End of RGSoC 2017 - Celebration Rails Girls Summer of Code is an award-winning scholarship program aiming to foster diversity in Open Source since 2013. Selected teams receive a three-month scholarship...

Categorieën: Mozilla-nl planet

Justin Dolske: Photon Engineering Newsletter #16

vr, 22/09/2017 - 09:23

Time to get your groove on! It’s Photon Newsletter #16!

But first. Do you remember the 21st night of September? As of today (September 21st) Firefox 57 has passed its penultimate milestone by entering Beta. This is a pretty big deal, as it means many millions of users on Beta will soon experience all the awesomeness that’s packed into 57. Note that Beta builds won’t actually go out until next week, on the 26th. But if you’re running Developer Edition, we’ve already pushed out an early sneak-peek!

Did I mention that Developer Edition also got a snazzy new Firefox icon? It’s nice. And blue.


The past week has been very busy as we’ve been doing a major burst of bug triage, just to make sure we’re not missing any already-reported critical issues. The front-end teams went through nearly 600 untriaged bugs in just a few days! The good news is that we didn’t find anything alarming, which matches up with our general impression that 57 is shaping up to be a really solid release.

Recent Changes Menus/structure: Animation:
  • Investigation is ongoing into bug 1397092, where a user has reported an interesting case of high cpu usage possibly caused by the new tab loading indicator
  • The tab loading indicators are now synchronized, so when multiple tabs are loading the “bouncing balls” move left and right in unison.
  • The Animation team is shifting focus to help with polish bugs in the Visual Redesign and Menus/structure areas, as most remaining animation bugs are lower priority.
  • All P1 bugs landed – MVP feature-complete!
  • Added a setting to bring back the search box. With 57 it won’t be added to newly created profiles, but can be restored through Customize Mode. By adding additional preferences UI we hope to make is as easy as possible to get it back for anyone wondering where it went.
  • Did a UI review, and landed a batch of polish fixes to address a number of minor issues found.
  • Deferred the loading of some information to improve the amount of time it takes to open the main Preferences page.
Visual redesign: Onboarding: Performance:
  • Fixed a white flash in the content area when opening new tabs and new windows, which made things look janky.
  • Separately, fixed a flickering in the awesomebar results when updating search suggestions.
  • We had to disable tab warming when hovering tabs, because it caused more regressions than we are comfortable fixing for 57. We are now planning to ship this significant perf improvement in 58.
  • Our dashboards show very good wins on all things we measure when comparing 55 to 57. Eg. startup is about 50% faster in 57 than it was in 55!
  • Not planning any further significant performance work for 57, to avoid risk of causing regressions. We are starting to look at what improvements can go into 58/59, and where we should put performance efforts in the longer term.

That’s all for now. There are only a few more weeks for us to do more polish work in 57 Beta, so there will probably only be a few more Engineering Newsletters as well. (But fear not, there’s been such positive response to these newsletters that we’ll likely continue them post-Photon in some form.)

Categorieën: Mozilla-nl planet

The Mozilla Blog: Tracking Protection for Firefox for iOS Plus Multi-Tasking in Focus for Android New Today

do, 21/09/2017 - 15:00

Across the industry, September is always an exciting month in mobile, and the same is true here at Mozilla.

Today, we’re launching the newest Firefox for iOS alongside an update for the popular Firefox Focus for Android, which we launched in June.

What’s new with Firefox for iOS:

Tracking Protection: Rejoice! For the first time, Firefox users running iOS11 on iPhone and iPad will now have automatic ad and content blocking with Private Browsing mode, as well as the tracking protection option in regular browsing. This feature uses the same ad blocking technology as Firefox Focus for Android and iOS, Firefox for Desktop and Firefox for Android. We’re always looking to bring the latest features to our users, and we’re finally able to deliver it to Firefox for iOS thanks to changes by Apple to enable the option for 3rd party browsers.

Improved Syncing: We’ve offered the ability for users to sync desktop content like passwords, history and bookmarks to mobile, and today we’re enhancing Firefox sync so content on your mobile now syncs back to your desktop.

To get the latest version of Firefox for iOS, on the App Store.

What’s new with Focus for Android:

Multiple Tabs: While simplicity is the name of the game for Firefox Focus, we’ve been listening to you and made the private browsing experience even better with the addition of multitasking support. This means users now have the ability to open multiple web pages at a time and easily switch between tabs in the same session.

You can download Firefox Focus for Android on Google Play.

The post Tracking Protection for Firefox for iOS Plus Multi-Tasking in Focus for Android New Today appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

Nick Cameron: These Weeks in Dev-Tools, issue 2

do, 21/09/2017 - 09:53


Welcome to the 2nd issue of these weeks in dev-tools! We've had a bunch of tools releases, some new people joining the team, and some accepted RFCs. We're also just getting into the impl period. We're hoping the impl period can be a time where we really push forward on Rust tools. There's lots of interesting issues, so pick one, chat to a mentor, and get stuck in!

These Weeks in Dev-Tools will keep you up to date with all the exciting dev tools news. We plan to have a new issue every few weeks. If you have any news you'd like us to report, please comment on the tracking issue.

If you're interested in Rust's developer tools and want to contribute or ask questions, come chat to us in #rust-dev-tools.

  • We got a website for finding Rust issues to work on - lots of tools issues!
  • @fitzgen and @matklad have become full members of the dev-tools team. @tromey has become a dev-tools peer for debuggers. Announcement.
  • Clippy and Rustfmt were added to rust-lang/rust repo as submodules. This is the first step towards better stability by running their tests on Rust's CI and distribution with Rustup.
  • The RLS is now available in beta. Install it with rustup component add rls-preview. It should hit stable with version 1.21. The rls component is being renamed to rls-preview on nightly too.
  • A Rust Docker image was upstreamed by @sfackler.
  • rust-semverver is a tool for automatically checking semver adherence.
  • Rustdoc produces docs for the std libs for all platforms (including Windows!) - #43348
  • @booyaa gave a talk on the RLS
  • @Xanewok is giving a talk about the RLS at Rustfest.
  • Clippy has new lints: infinite_iter, maybe_infinite_iter, and naive_bytecount.
  • Bindgen can time its phases (thanks to @jhod0!) - --time-phases.
Releases RFCs
  • 1615 - Let Cargo [and other tools] put data into platform-specific directories - almost ready for FCP
  • 1946 - intra-rustdoc links - merged!
  • 1990 - add external doc attribute to rustc - merged!
  • 2103 - attributes for tools - merged!
  • 2117 - debuggable macro expansions - ready for experimental implementation
Categorieën: Mozilla-nl planet

The Firefox Frontier: DO NOT PANIC: How to reopen a closed tab

wo, 20/09/2017 - 20:26

It was a really good tab. The kind you save for later. But then OMGNO! You accidentally closed it. All is not lost. It’s an easy process to reopen a … Read more

The post DO NOT PANIC: How to reopen a closed tab appeared first on The Firefox Frontier.

Categorieën: Mozilla-nl planet

Dave Townsend: Even more new peers

wo, 20/09/2017 - 19:33

Please welcome the latest new peers to Firefox and Toolkit:

  • Johann Hofmann
  • Nihanth Subramanya

As you might gather I’ve been updating the peer list a lot lately trying to catch up with reality. If there is anyone I’m missing then please let me know!

Categorieën: Mozilla-nl planet

The Mozilla Blog: Stand Up for Net Neutrality: Help Paperstorm the FCC

wo, 20/09/2017 - 19:24
Mozilla’s activism website Paperstorm makes standing up for net neutrality simple. All you have to do is click — a lot


In the U.S., net neutrality is under attack.

Ajit Pai, current Chairman of the FCC, put it bluntly: “We need to fire up the weed whacker” and remove rules like net neutrality, he said recently.

To keep net neutrality (and a healthy internet) intact, Mozilla is deploying Paperstorm, our activism website developed alongside design studio Moniker.

Over the next several weeks, we’re asking American internet users to send a salvo of tweets to Chairman Pai.  How? Visit and start clicking. Each click drops a digital leaflet on the FCC’s headquarters in Washington, D.C. Drop enough leaflets and you can trigger a tweet to Pai.

We’re asking Americans to Paperstorm the FCC

Paperstorm is a tongue-in-cheek website. But from past net neutrality efforts, we know that a loud chorus of voices can make an impact. And we need to make an impact quickly: Pai and the FCC commissioners are expected make a net neutrality decision in late fall or early winter of this year.

A net neutrality refresher

In May of this year, Pai introduced his proposal to undo net neutrality by re-re-classifying Internet Service Providers (ISPs) from Title II to Title I under the Communications Act of 1934.

What this means: Under Pai’s proposal, ISPs would be allowed to block, throttle and prioritize (or deprioritize) internet access for Americans. Companies like Comcast and AT&T could selectively slow down or speed up access to online journalism, blogs, films, apps, and other services. This would undo 2015’s hard-won net neutrality protections that took years of hard work.

Net neutrality may seem like an abstract issue, but its impact is anything but. Without it, the internet becomes less open. No net neutrality means fewer opportunities for startups and entrepreneurs, and a chilling effect on innovation, free expression and choice online.

Mozilla Chief Legal and Business Officer Denelle Dixon gives real-life examples of a web without net neutrality: “In the past, without net neutrality protections, ISPs have imposed limits on who can FaceTime and determined how we stream videos, and also adopted underhanded business practices.”

About Paperstorm

Paperstorm is a digital activism website that urges Pai and the FCC to keep net neutrality intact.

When users visit Paperstorm, they’ll see an aerial view of the FCC headquarters on 12th Street SW in Washington, D.C. With each click of the mouse, users drop a digital leaflet that reads:

A Paperstorm leaflet

What do these leaflets do? When you drop enough, you can generate a tweet to Pai. Alone, you might drop a small stack of leaflets and send a handful of tweets to Pai. But together, we can drop millions of leaflets and launch tens of thousands of tweets.

Paperstorm is a collaboration between Mozilla and the Amsterdam-based, Webby award-winning design studio Moniker. This is the first time Mozilla and Moniker have deployed Paperstorm in the U.S. Earlier this year, Mozilla and Moniker deployed Paperstorm in the EU to demand common-sense copyright reform — we dropped 60,000,000 leaflets and sent 12,000 tweets to lawmakers.

Part of a larger movement

Millions of Americans across party lines support net neutrality. Over the past several months, more than 22 million net neutrality comments have been filed in the FCC’s docket, the vast majority in support of net neutrality.

On July 11, hundreds of organizations banded together in a Day of Action to amplify Americans’ voices. From the ACLU and Amazon to Github and Mozilla, organizations voiced loud support for a free and open internet.

 Read about Mozilla’s past net neutrality advocacy.

The post Stand Up for Net Neutrality: Help Paperstorm the FCC appeared first on The Mozilla Blog.

Categorieën: Mozilla-nl planet

Air Mozilla: The Joy of Coding - Episode 113

wo, 20/09/2017 - 19:00

The Joy of Coding - Episode 113 mconley livehacks on real Firefox bugs while thinking aloud.

Categorieën: Mozilla-nl planet

Air Mozilla: The Joy of Coding - Episode 113

wo, 20/09/2017 - 19:00

The Joy of Coding - Episode 113 mconley livehacks on real Firefox bugs while thinking aloud.

Categorieën: Mozilla-nl planet

Will Kahn-Greene: Socorro local development environment

wo, 20/09/2017 - 18:34

Socorro is the crash ingestion pipeline for Mozilla's products like Firefox. When Firefox crashes, the Breakpad crash reporter asks the user if the user would like to send a crash report. If the user answers "yes!", then the Breakpad crash reporter collects data related to the crash, generates a crash report, and submits that crash report as an HTTP POST to Socorro. Socorro saves the crash report, processes it, and provides an interface for aggregating, searching, and looking at crash reports.

This (long-ish) blog post talks about how when I started on Socorro, there wasn't really a local development environment and how I went on a magical journey through dark forests and craggy mountains to find one.

If you do anything with Socorro at Mozilla, you definitely want to at least read the "Tell me more about this local development environment" part.

Read more… (14 mins to read)

Categorieën: Mozilla-nl planet

Air Mozilla: Weekly SUMO Community Meeting September 20, 2017

wo, 20/09/2017 - 18:00

Weekly SUMO Community Meeting September 20, 2017 This is the SUMO weekly call

Categorieën: Mozilla-nl planet

Air Mozilla: Weekly SUMO Community Meeting September 20, 2017

wo, 20/09/2017 - 18:00

Weekly SUMO Community Meeting September 20, 2017 This is the SUMO weekly call

Categorieën: Mozilla-nl planet

Daniel Stenberg: I just checked out your profile

wo, 20/09/2017 - 14:52

When the spam bot didn’t consider other reasons for your email to appear on Instagram…

See also: Instagram and Spotify hacking ring.


Categorieën: Mozilla-nl planet

Firefox Test Pilot: Conducting User Interviews to Understand Multiple Notes

wo, 20/09/2017 - 14:24
<figcaption>Screen from the prototype used to evaluate the usability of managing multiple notes</figcaption>

Two weeks ago, the Test Pilot team conducted one-on-one user interviews to evaluate the usability of several possible enhancements to Notes, including the option to create multiple notes and search. Our findings are a reminder that user interface conventions familiar to tech workers and people who use specialty apps like Evernote and Google Keep can be much less familiar to people who rely on a more limited technology ecosystem.


We recruited 8 individuals, representing a mix of gender, ethnicity, ages, household income, level of formal educational attainment, and location in the United States. All participants also reported having taken notes while using the internet in the last week. Participants were interviewed individually over video conference and were asked questions about a prototype that illustrated the proposed enhancements to Notes as well as their current note taking methods.

<figcaption>Prototype screen illustrating the note list for multiple notes</figcaption>

Key Findings

Some of the biggest opportunities for the Test Pilot team to address from this research include:

  • How to create a new note and how to view all of the notes one has created were the most difficult tasks for participants to complete.
  • Half of the participants assumed that the “export” functionality encompassed options to share with oneself or other people via email and/or SMS.
  • “Sync” for most participants meant being able to access Notes on multiple devices. However, for other participants, “sync” implied being able to back up one’s notes to a local folder on their computer.

Additional findings, including recommendations, can be found in the full report.

Next Steps

Based on the recommendations coming out of this study, the Test Pilot team will continue to iterate on the user experience design of managing multiple notes as well as evaluate other Notes enhancements. Help us make Notes better by giving it a try or continuing to use it.

Conducting User Interviews to Understand Multiple Notes was originally published in Firefox Test Pilot on Medium, where people are continuing the conversation by highlighting and responding to this story.

Categorieën: Mozilla-nl planet

Air Mozilla: Berlin NLP Meetup

di, 19/09/2017 - 19:00

Berlin NLP Meetup Berlin NLP Meetup 9: Automatic speech recognition Talk 1: Traditional hybrid ASR systems Talk 2: Mozilla's work on end2end ASR

Categorieën: Mozilla-nl planet

Air Mozilla: Berlin NLP Meetup

di, 19/09/2017 - 19:00

Berlin NLP Meetup Berlin NLP Meetup 9: Automatic speech recognition Talk 1: Traditional hybrid ASR systems Talk 2: Mozilla's work on end2end ASR

Categorieën: Mozilla-nl planet

Mozilla Privacy Blog: Mozilla’s Cyber(in)security Summit

di, 19/09/2017 - 18:45

We’re excited to announce Mozilla’s Cyber(in)security Summit on October 24th in Washington, D.C. and streaming on Air Mozilla. Join us for a discussion on how we can all help secure the internet ecosystem.

Mozilla is excited to announce Cyber(in)security, a half-day policy summit that will explore the key issues surrounding the U.S. Government’s role in cybersecurity, the full cycle process of how the U.S. Government acquires, discloses and exploits vulnerabilities and what steps it can take to make Americans more secure. This is an important part of securing the global internet.

“With nonstop news of data breaches and ransomware attacks, it is critical to discuss the U.S. Government’s role in cybersecurity,” said Denelle Dixon, Mozilla’s Chief Business and Legal Officer. “User security is a priority and we believe it is necessary to have a conversation about the reforms needed to strengthen and improve the Vulnerabilities Equities Process to ensure that it is properly transparent and doesn’t compromise our national security or our fellow citizens’ privacy. Protecting cybersecurity is a shared responsibility and governments, tech companies and users all need to work together to make the internet as secure as possible.”

Cyber(in)security, to be held on Tuesday, October 24th at the Loft at 600 F in Washington, D.C., will take place from 1:00 pm to 7:00 pm ET. There will be four one-hour sessions followed by a networking happy hour.

You can RSVP here to attend here.

The post Mozilla’s Cyber(in)security Summit appeared first on Open Policy & Advocacy.

Categorieën: Mozilla-nl planet

Mozilla GFX: WebRender newsletter #4

di, 19/09/2017 - 11:32

We skipped the newsletter for a few weeks (sorry about that!), but we are back. I don’t have a lot to report today, in part because I don’t yet have a good workflow to track the interesting changes (especially in gecko) so I am most likely missing a lot of them, and a lot of us are working on big pieces of the project that are taking time to come together and I am waiting for these to be completed before they make it in the newsletter.

Notable WebRender changes
  • Glenn started reorganizing the shader sources to make them compile faster (important for startup time).
  • Morris implemented the backface-visibility property.
  • Glenn added some optimizations to the clipping code.
  • Glenn improved the scheduling/batching of alpha passes to reduce the number of render target switches.
  • Sotaro improved error handling.
  • Glenn improved the transfer of the primitive data to the GPU by using pixel buffer objects instead of texture uploads.
  • Glenn added a web-based debugger UI to WebRender. It can inspect display lists, batches and can control various other debugging options.
Notable Gecko changes
  • Kats enabled layers-free mode for async scrolling reftests.
  • Kats and Morris enabled rendering tables in WebRender.
  • Gankro fixed a bug with invisible text not casting shadows.
  • Gankro improved the performance of generating text display items.

Categorieën: Mozilla-nl planet