mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla gemeenschap

Ik gebruik Mozilla Firefox en nu is in Outlook plotseling de verzendknop weg ... - Computer Totaal

Nieuws verzameld via Google - za, 27/09/2014 - 15:19

Ik gebruik Mozilla Firefox en nu is in Outlook plotseling de verzendknop weg ...
Computer Totaal
Ik gebruik Mozilla Firefox en nu is in Outlook plotseling de verzendknop weg! Hoe kan ik die weer terugzetten? Als ik een mail binnenkrijg staat er bovenin de balk wel 'antwoorden', maar als ik dan een antwoord heb gemaakt kan ik deze vervolgens ...

Categorieën: Mozilla-nl planet

Eric Shepherd: The Sheppy Report: September 26, 2014

Mozilla planet - vr, 26/09/2014 - 23:25

I can’t believe another week has already gone by. This is that time of the year where time starts to scream along toward the holidays at a frantic pace.

What I did this week
  • I’ve continued working heavily on the server-side sample component system
    • Implemented the startup script support, so that each sample component can start background services and the like as needed.
    • Planned and started implementation work on support for allocating ports each sample needs.
    • Designed tear-down process.
  • Created a new “download-desc” class for use on the Firefox landing page on MDN. This page offers download links for all Firefox channels, and this class is used to correct a visual glitch. The class has not as yet been placed into production on the main server though. See this bug to track landing of this class.
  • Updated the MDN administrators’ guide to include information on the new process for deploying changes to site CSS now that the old CustomCSS macro has been terminated on production.
  • Cleaned up Signing Mozilla apps for Mac OS X.
  • Created Using the Mozilla build VM, based heavily on Tim Taubert’s blog post and linked to it from appropriate landing pages.
  • Copy-edited and revised the Web Bluetooth API page.
  • Deleted a crufty page from the Window API.
  • Meetings about API documentation updates and more.
Wrap up

That’s a short-looking list but a lot of time went into many of the things on that list; between coding and research for the server-side component service and experiments with the excellent build VM (I did in fact download it and use it almost immediately to build a working Nightly), I had a lot to do!

My work continues to be fun and exciting, not to mention outright fascinating. I’m looking forward to more, next week.

Categorieën: Mozilla-nl planet

Jeff Walden: Minor changes are coming to typed arrays in Firefox and ES6

Mozilla planet - vr, 26/09/2014 - 23:17

JavaScript has long included typed arrays to efficiently store numeric arrays. Each kind of typed array had its own constructor. Typed arrays inherited from element-type-specific prototypes: Int8Array.prototype, Float64Array.prototype, Uint32Array.prototype, and so on. Each of these prototypes contained useful methods (set, subarray) and properties (buffer, byteOffset, length, byteLength) and inherited from Object.prototype.

This system is a reasonable way to expose typed arrays. Yet as typed arrays have grown, it’s grown unwieldy. When a new typed array method or property is added, distinct copies must be added to Int8Array.prototype, Float64Array.prototype, Uint32Array.prototype, &c. Likewise for “static” functions like Int8Array.from and Float64Array.from. These distinct copies cost memory: a small amount, but across many tabs, windows, and frames it can add up.

A better system

ES6 changes typed arrays to fix these issues. The typed array functions and properties now work on any typed array.

var f32 = new Float32Array(8); // all zeroes var u8 = new Uint8Array([0, 1, 2, 3, 4, 5, 6, 7]); Uint8Array.prototype.set.call(f32, u8); // f32 contains u8's values

ES6 thus only needs one centrally-stored copy of each function. All functions move to a single object, denoted %TypedArray%.prototype. The typed array prototypes then inherit from %TypedArray%.prototype to expose them.

assertEq(Object.getPrototypeOf(Uint8Array.prototype), Object.getPrototypeOf(Float64Array.prototype)); assertEq(Object.getPrototypeOf(Object.getPrototypeOf(Int32Array.prototype)), Object.prototype); assertEq(Int16Array.prototype.subarray, Float32Array.prototype.subarray);

ES6 also changes the typed array constructors to inherit from the %TypedArray% constructor, on which functions like Float64Array.from and Int32Array.of live. (Neither function yet in Firefox, but soon!)

assertEq(Object.getPrototypeOf(Uint8Array), Object.getPrototypeOf(Float64Array)); assertEq(Object.getPrototypeOf(Object.getPrototypeOf(Int32Array)), Function.prototype);

I implemented these changes a few days ago in Firefox. Grab a nightly build and test things out with a new profile.

Conclusion

In practice this won’t affect most typed array code. Unless you depend on the exact [[Prototype]] sequence or expect typed array methods to only work on corresponding typed arrays (and thus you’re deliberately extracting them to call in isolation), you probably won’t notice a thing. But it’s always good to know about language changes. And if you choose to polyfill an ES6 typed array function, you’ll need to understand %TypedArray% to do it correctly.

Categorieën: Mozilla-nl planet

Teaching the Web: The lasting impact of Mozilla's Maker Party campaign - The Next Web

Nieuws verzameld via Google - vr, 26/09/2014 - 19:17

The Next Web

Teaching the Web: The lasting impact of Mozilla's Maker Party campaign
The Next Web
Mozilla set up the festival three years ago to expand the scope of Webmaker, its initiative for teaching digital skills and Web literacy. Its purpose is to help people create and contribute to the Web, as well as understand its inner workings. More ...

en meer »
Categorieën: Mozilla-nl planet

Teaching the Web: The lasting impact of Mozilla's Maker Party campaign - The Next Web

Nieuws verzameld via Google - vr, 26/09/2014 - 19:17

The Next Web

Teaching the Web: The lasting impact of Mozilla's Maker Party campaign
The Next Web
Mozilla set up the festival three years ago to expand the scope of Webmaker, its initiative for teaching digital skills and Web literacy. Its purpose is to help people create and contribute to the Web, as well as understand its inner workings. More ...

Categorieën: Mozilla-nl planet

Frédéric Harper: HTML, not just for desktops at Congreso Universitario Móvil

Mozilla planet - vr, 26/09/2014 - 18:04
My translator, and me

My translator, and me

At the beginning of the month, I was in Mexico to represent Mozilla at Congreso Universitario Móvil, an annual conference at the Universidad Nacional Autónoma de México. Unfortunately, I did not have the time to visit a lot Mexico City, but I had an amazing full day at the event. I started the fourth day of the conference with a keynote on Firefox OS.

HTML, not just for desktops: Firefox OS – Congreso Universitario Móvil – 2014-09-04 from Frédéric Harper

 

You can also watch the recording of my session. The sound is not that good: the room was echoing a lot, but I promised to the attendees that no matter what, I’ll publish it online.

 

The attendees had so much interest in the Open Web that instead of taking a couple of minutes for the questions, I did a full one hours Q&A right after the keynote. They were supposed to have a one-hour break before the next session, but they used that time to learn more about Firefox OS, which is great. I think we would have been good to continue on the questions, but I had to stop them as it was time to start the three hours hackathons. I started the hackathon with explanations about the next hours we spent together, but also on how to build, and debug your application.

Firefox OS, getting started in 15 mins – Congreso Universitario Móvil – 2014-09-04 from Frédéric Harper

 

I also recorded that presentation, which took more than fifteen minutes as it include explanation about the hackathon itself. Again, we were in the same room, so the sound is not optinal.

 

Attendees worked hard to port their actual web application using HTML, CSS, and JavaScript to make them work on our platform. After the hacking part of the day, I did three interviews with local medias, and one is already online on Excélsior (in Spanish – English version translated by Google). The one with Reforma, and Financiero Bloomberg TV will follow soon. Overall, I had an amazing time again in Mexico, and I was amazed by the interest about HTML, the Open Web, and Firefox OS. Keep the great apps coming Mexico!


--
HTML, not just for desktops at Congreso Universitario Móvil is a post on Out of Comfort Zone from Frédéric Harper

Related posts:

  1. Firefox OS at the Congreso Universitario Movil in Mexico City Tomorrow, I’ll join the students as the developers from Mexico...
  2. Fixing the mobile web with Firefox OS at FITC Toronto This morning I was presenting at FITC Toronto about Firefox...
  3. Empower Mobile Web Developers with JavaScript & WebAPI at PragueJS HTML5 is a giant step in the right direction: it...
Categorieën: Mozilla-nl planet

Remix Online Content With Mozilla Popcorn - Reading Today Online

Nieuws verzameld via Google - vr, 26/09/2014 - 18:02

Remix Online Content With Mozilla Popcorn
Reading Today Online
Now that we're beginning to understand the nature of remix and mashup in culture, one of my favorite tools to use with students and teachers to explore the nature of remix in composing online content is Mozilla Popcorn. Popcorn is one of the fantastic ...

Categorieën: Mozilla-nl planet

Mozilla vulnerability goes BERserk - ITWorld Canada

Nieuws verzameld via Google - vr, 26/09/2014 - 17:26

ITWorld Canada

Mozilla vulnerability goes BERserk
ITWorld Canada
Security researchers have discovered critical forgery vulnerability in Mozilla's Network Security Services (NSS) crypto library that could allow attackers to forge RSA certificates used to secure data transmissions. “Dubbed BERserk, this vulnerability ...
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
Mozilla patches Firefox NSS vulnerabilityPC Pro
Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSSThreatpost
FedScoop -Dark Reading -Naked Security
alle 16 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Gervase Markham: Prevent Territoriality

Mozilla planet - vr, 26/09/2014 - 16:56

Watch out for participants who try to stake out exclusive ownership of certain areas of the project, and who seem to want to do all the work in those areas, to the extent of aggressively taking over work that others start. Such behavior may even seem healthy at first. After all, on the surface it looks like the person is taking on more responsibility, and showing increased activity within a given area. But in the long run, it is destructive. When people sense a “no trespassing” sign, they stay away. This results in reduced review in that area, and greater fragility, because the lone developer becomes a single point of failure. Worse, it fractures the cooperative, egalitarian spirit of the project. The theory should always be that any developer is welcome to help out on any task at any time.

— Karl Fogel, Producing Open Source Software

Categorieën: Mozilla-nl planet

Soledad Penades: Berlin Web Audio Hack Day 2014

Mozilla planet - vr, 26/09/2014 - 16:11

As with the Extensible Web Summit, we wrote some notes collaboratively. Here are the notes for the Web Audio Hackday!

We started the day with me being late because I took a series of badly timed bad decisions and that ended up in me taking the wrong untergrund lines. In short: I don’t know how to metro in Berlin in the mornings and I’m still so sorry.

I finally arrived to Soundcloud’s offices, and it was cool that Jan was still doing the presentations, so Tiffany gave me a giant glass of water and I almost drank it all while they finished. Then I set up my computer and proceeded to give my talk/workshop!

It was an improved and revised version of the beta-talk I gave at Mozilla London past past week:


Note to self: maybe remove red banners behind me if wearing a red shirt, so as not to blend with them

Sadly it wasn’t recorded and I didn’t screencast it either, so you’ll have to make do with the slides and the code for the slides (which includes the examples). Or maybe wait until I maybe run this workshop again (which I have already been asked to do!)

Jordan Santell and the Web Audio Editor in Firefox Devtools

Then Jordan (of dancer.js and component.fm fame) talked about the fancy new Web Audio Editor which is one of the latest tools to join the Firefox Devtools collection of awesome—and it just appeared in Firefox Stable (32) so you don’t even need to run Beta, Aurora or Nightly to use it! (I talked a bit about it already).

You can use the editor to visualise the audio graph, change values of the nodes and also detect if you have a memory leak when allocating nodes (which is something that is part of the normal workflow of working with Web Audio).

There was a nice plug to Are We Dubstep Yet?, the minisite I am building to keep track of bugs in the Web Audio Editor. Yay plugs!

are we dubstep yet?

Jordan’s slides are here. You can also watch his JSConf talk where he introduced an early version of the tools!

Chris Wilson and the Web MIDI API

Finally the mighty Chris Wilson explained how the Web MIDI API works and made some demos using a few and assorted MIDI devices he had brought with him: a keyboard, pads, a DJ deck controller…!

It’s interesting that most of the development of the Web MIDI implementation seems to be happening in Japan, so they are super original in their examples.

Chris’ slides on Web MIDI and other audio in general slides.

Hacking + Hacks!

I think we had lunch then… and then it was HACK TIME! But before actually getting started, some people pitched their idea to see if someone else wanted to collaborate with them and hack together. I think that was a really neat idea :-)

Myself, I spent the hack time…

  • reconnecting with old acquaintances
  • answering questions! but very few of them and none of them were the usual “but why doesn’t my oscillator start anymore?” but more interesting ones, so that was cool!
  • asking questions! to Chris mostly–one cannot ask questions to a spec editor in person every day!
  • and even started a hack which I didn’t finish: visualising custom periodic waves for use with an Oscillator Node, given the harmonics array. I gave myself the idea while I was doing the workshop, which is a terrible thing to do to myself, as I was distracting myself and wanted to hack on that instead of finishing the workshop. My brain probably hates itself, or me in general.

Also this was really cool:

.@cwilso and me feeling a tremendous relief at not being the only ones randomly causing our machines to emit weird sounds #webaudiohackday

— ǝlosɹǝdns (@supersole) September 12, 2014

I’m always super aware that weird sounds might be coming out of any of the devices in my desk when I’m testing web audio stuff, so it was fun to see I’m not the only one feeling that way :D

After hack time, the hacks were presented:

These are the people that submitted a hack, in the same order they appear in the video. Not all of them have published their hack code so if you are one of those, please do and write a comment so I can update this post!

  1. Jelle Akkerman (github, twitter) – NoOsc was an experiment using NoFlo, trying to build something very visual and cool, super suitable for live-acts. I really liked the idea!
  2. Guillaume Marty (github, twitter) – a BPM detection algorithm, using the OfflineAudioContext
  3. Erik Woitschig (twitter) – Using SoundCloud as sample database
  4. Daniel Roth, Jonathan Lundin (twitter, github), Felix Niklas (twitter, github) – Oscillator reacting to mobile phone gyroscope – it sounded really nice and I liked that the same code worked even in iPads. Yay Web Audio!
  5. Chris Greeff (twittergithub), Nick Lockhart (twitterhttps://github.com/N1ck) – Beaty Bird – source code (Second prize)
  6. Lisa Passing (githubtwitter) – One Hand Soundgame – source code (Third prize)
  7. Thomas Fett (twittergithub) – Remix at once – source code (Fourth prize)
  8. Evan Sonderegger (twittergithub) – Vector Scope in Web Audio API (First prize)

The hardware prizes were sponsored by Mozilla. And the software prizes by Bitwig.

The unofficial/community Web Audio logo

We also publicised a thing that Martin Holzhauer had worked on: the unofficial/community Web Audio logo!

Web Audio logo

Here’s the SVG. Many thanks to Martin for putting it all together!

As far as we know there is/was not an official logo. I totally love this one as it kind of matches the various JS* aesthetics and it is immediately understandable–most of the W3C api icons are just too fancy for anyone to grasp what they actually mean. Sure they look cool, but they do not work as a logo from a purely functional perspective.

And now, what?

Well, the Web Audio Conference is next January in Paris. They’re still accepting submissions for papers until next month, so why don’t you go and submit something? :-)

Hopefully see you there!

flattr this!

Categorieën: Mozilla-nl planet

How big is Shellshock Mozilla diving into security policy APT group may be ... - Politico

Nieuws verzameld via Google - vr, 26/09/2014 - 16:11

How big is Shellshock Mozilla diving into security policy APT group may be ...
Politico
With help from David Perera, Joseph Marks and Shaun Waterman. HOW BIG IS SHELLSHOCK – Security researchers continue to debate the impact of Shellshock, the security flaw in the ubiquitous Bash shell identified this week. Pushing back against some ...

Google Nieuws
Categorieën: Mozilla-nl planet

'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, Chrome - Dark Reading

Nieuws verzameld via Google - vr, 26/09/2014 - 15:28

ITWorld Canada

'BERserk' Bug Uncovered In Mozilla NSS Crypto Library Impacts Firefox, Chrome
Dark Reading
"The Mozilla NSS library, commonly utilized in the Firefox web browser, can also be found in Thunderbird, Seamonkey, and other Mozilla products," Michael Fey, executive vice president, chief technology officer, and general manager of corporate products ...
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
Mozilla vulnerability goes BERserkITWorld Canada
Mozilla patches Firefox NSS vulnerabilityPC Pro
FedScoop -Threatpost -Naked Security
alle 17 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla patches Firefox NSS vulnerability - PC Pro

Nieuws verzameld via Google - vr, 26/09/2014 - 13:41

PC Pro

Mozilla patches Firefox NSS vulnerability
PC Pro
Mozilla has issued updates for its Firefox, Thunderbird, and SeaMonkey software to plug a critical vulnerability in Network Security Services (NSS) libraries. NSS is a set of open-source cryptographic libraries that support SSL, TLS and S/MIME security ...
Mozilla vulnerability goes BERserkITWorld Canada
Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSSThreatpost
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
FedScoop -Naked Security -Dark Reading
alle 19 nieuwsartikelen »Google Nieuws
Categorieën: Mozilla-nl planet

Daniel Stenberg: Changing networks with Firefox running

Mozilla planet - vr, 26/09/2014 - 08:24

Short recap: I work on network code for Mozilla. Bug 939318 is one of “mine” – yesterday I landed a fix (a patch series with 6 individual patches) for this and I wanted to explain what goodness that should (might?) come from this!

diffstat

diffstat reports this on the complete patch series:

29 files changed, 920 insertions(+), 162 deletions(-)

The change set can be seen in mozilla-central here. But I guess a proper description is easier for most…

The bouncy road to inclusion

This feature set and associated problems with it has been one of the most time consuming things I’ve developed in recent years, I mean in relation to the amount of actual code produced. I’ve had it “landed” in the mozilla-inbound tree five times and yanked out again before it landed correctly (within a few hours), every time of course reverted again because I had bugs remaining in there. The bugs in this have been really tricky with a whole bunch of timing-dependent and race-like problems and me being unfamiliar with a large part of the code base that I’m working on. It has been a highly frustrating journey during periods but I’d like to think that I’ve learned a lot about Firefox internals partly thanks to this resistance.

As I write this, it has not even been 24 hours since it got into m-c so there’s of course still a risk there’s an ugly bug or two left, but then I also hope to fix the pending problems without having to revert and re-apply the whole series…

Many ways to connect to networks

Firefox Nightly screenshotIn many network setups today, you get an environment and a network “experience” that is crafted for that particular place. For example you may connect to your work over a VPN where you get your company DNS and you can access sites and services you can’t even see when you connect from the wifi in your favorite coffee shop. The same thing goes for when you connect to that captive portal over wifi until you realize you used the wrong SSID and you switch over to the access point you were supposed to use.

For every one of these setups, you get different DHCP setups passed down and you get a new DNS server and so on.

These days laptop lids are getting closed (and the machine is put to sleep) at one place to be opened at a completely different location and rarely is the machine rebooted or the browser shut down.

Switching between networks

Switching from one of the networks to the next is of course something your operating system handles gracefully. You can even easily be connected to multiple ones simultaneously like if you have both an Ethernet card and wifi.

Enter browsers. Or in this case let’s be specific and talk about Firefox since this is what I work with and on. Firefox – like other browsers – will cache images, it will cache DNS responses, it maintains connections to sites a while even after use, it connects to some sites even before you “go there” and so on. All in the name of giving the users an as good and as fast experience as possible.

The combination of keeping things cached and alive, together with the fact that switching networks brings new perspectives and new “truths” offers challenges.

Realizing the situation is new

The changes are not at all mind-bending but are basically these three parts:

  1. Make sure that we detect network changes, even if just the set of available interfaces change. Send an event for this.
  2. Make sure the necessary parts of the code listens and understands this “network topology changed” event and acts on it accordingly
  3. Consider coming back from “sleep” to be a network changed event since we just cannot be sure of the network situation anymore.

The initial work has been made for Windows only but it allows us to smoothen out any rough edges before we continue and make more platforms support this.

The network changed event can be disabled by switching off the new “network.notify.changed” preference. If you do end up feeling a need for that, I really hope you file a bug explaining the details so that we can work on fixing it!

Act accordingly

So what is acting properly? What if the network changes in a way so that your active connections suddenly can’t be used anymore due to the new rules and routing and what not? We attack this problem like this: once we get a “network changed” event, we “allow” connections to prove that they are still alive and if not they’re torn down and re-setup when the user tries to reload or whatever. For plain old HTTP(S) this means just seeing if traffic arrives or can be sent off within N seconds, and for websockets, SPDY and HTTP2 connections it involves sending an actual ping frame and checking for a response.

The internal DNS cache was a bit tricky to handle. I initially just flushed all entries but that turned out nasty as I then also killed ongoing name resolves that caused errors to get returned. Now I instead added logic that flushes all the already resolved names and it makes names “in transit” to get resolved again so that they are done on the (potentially) new network that then can return different addresses for the same host name(s).

This should drastically reduce the situation that could happen before when Firefox would basically just freeze and not want to do any requests until you closed and restarted it. (Or waited long enough for other timeouts to trigger.)

The ‘N seconds’ waiting period above is actually 5 seconds by default and there’s a new preference called “network.http.network-changed.timeout” that can be altered at will to allow some experimentation regarding what the perfect interval truly is for you.

Firefox BallInitially on Windows only

My initial work has been limited to getting the changed event code done for the Windows back-end only (since the code that figures out if there’s news on the network setup is highly system specific), and now when this step has been taken the plan is to introduce the same back-end logic to the other platforms. The code that acts on the event is pretty much generic and is mostly in place already so it is now a matter of making sure the event can be generated everywhere.

My plan is to start on Firefox OS and then see if I can assist with the same thing in Firefox on Android. Then finally Linux and Mac.

I started on Windows since Windows is one of the platforms with the largest amount of Firefox users and thus one of the most prioritized ones.

More to do

There’s separate work going on for properly detecting captive portals. You know the annoying things hotels and airports for example tend to have to force you to do some login dance first before you are allowed to use the internet at that location. When such a captive portal is opened up, that should probably qualify as a network change – but it isn’t yet.

Categorieën: Mozilla-nl planet

Arky: Building Boot2Gecko(B2G) on Ubuntu

Mozilla planet - vr, 26/09/2014 - 05:12

Update: This documentation is out-of-date: Please read developer.mozilla.org/en-US/Firefox_OS/Building for latest information

You heard about Mozilla Boot2Gecko(B2G) mobile operating system. Boot2Gecko's Gaia user interface is developed entirely using HTML, CSS and Javascript web technologies. If you are an experienced web developer you can contribute to Gaia UI and develop new Boot2Gecko applications with ease. In this post I'll explain how to setup the Boot2Gecko (B2G) development environment on your personal computer.


You can run Boot2Gecko(B2G) inside an emulator or inside a Firefox web browser. Using Boot2Gecko(B2G) with QEMU emulator is very resource intensive, so we will focus on the later in this post. I'll assume you are comfortable with Mozilla build environment. So, get that pot of coffee brewing and prepare for a long night of hacking.


Building Boot2Gecko(B2G) Firefox App

Before you start, let us make sure that you have all the prerequisites for building Firefox on your computer. Please have a look at the build prerequisites for your Linux, Window and OSX operating system.


# Let get the source code # Download mozilla-central repository $ hg clone http://hg.mozilla.org/mozilla-central mozilla-central # Download the Gaia source code $ git clone https://github.com/mozilla-b2g/gaia gaia # Change directory and create our profile $ cd gaia $ make profile # Change directory into your mozilla-central directory $ cd mozilla-central # Create a .mozconfig file inside your mozilla-central directory: $ nano .mozconfig mk_add_options MOZ_OBJDIR=../b2g-build mk_add_options MOZ_MAKE_FLAGS="-j9 -s" ac_add_options --enable-application=b2g ac_add_options --disable-libjpeg-turbo ac_add_options --enable-b2g-ril ac_add_options --with-ccache=/usr/bin/ccache # Build the Firefox B2G app and wait for the build to finish $ make -f client.mk build # Create a simple b2g bash script to launch B2G app; change paths you suit your environment # Note: Have to use to -safe-mode option due to bug on my Ubuntu box #!/bin/sh export B2G_HOMESCREEN=http://homescreen.gaiamobile.org/ /home/arky/src/b2g-build/dist/bin/b2g -profile /home/arky/src/gaia/profile

If everything goes well. You should have boot2gecko running inside a firefox now.


Boot2Gecko running inside firefox on Ubuntu

Customizing Firefox B2G App

For better Boot2Gecko (B2G) experience, we will customize Firefox features offline cache and touch events using a custom Firefox profile.



Create a Custom Firefox Profile

You can use dist/bin/b2g -ProfileManager option to launch Firefox Profile Manager. Create a new profile called 'b2g'. Now we can add customizations to this new profile.


On Linux computers, the profile is created under ~/.mozilla/b2g/ directory. You can find the information about location of firefox profiles for your operating system here.



You launch B2G with your new custom profile using the '-P' option. Modify your B2G bash script and add the custom profile option. dist/bin/b2g -P b2g


Disable offline cache

Create a user.js file inside your custom 'b2g' firefox profile directory. Add the following line to disable offline cache.

user_pref('browser.cache.offline.enable', false);

Enabling Touch events

Add the following line in your user.js file inside your custom 'b2g' Firefox profile directory to enable touch events.

user_pref('dom.w3c_touch_events.enabled', true);


That's it. You now have a Boot2Gecko(B2G) running inside Firefox on your computer. Happy Hacking!

Categorieën: Mozilla-nl planet

Julien Vehent: Shellshock IOC search using MIG

Mozilla planet - vr, 26/09/2014 - 01:06

Shellshock is being exploited. People are analyzing malwares dropped on systems using the bash vulnerability.

I wrote a MIG Action to check for these IOCs. I will keep updating it with more indicators as we discover them. To run this on your Linux 32 or 64 bits system, download the following archive: mig-shellshock.tar.xz 

Download the archive and run mig-agent as follow:

$ wget https://jve.linuxwall.info/ressources/taf/mig-shellshock.tar.xz$ sha256sum mig-shellshock.tar.xz 0b527b86ae4803736c6892deb4b3477c7d6b66c27837b5532fb968705d968822 mig-shellshock.tar.xz $ tar -xJvf mig-shellshock.tar.xz 
shellshock_iocs.json
mig-agent-linux64
mig-agent-linux32$ ./mig-agent-linux64 -i shellshock_iocs.json This will output results in JSON format. If you grep for "foundanything" and both values return "false", it means no IOC was found on your system. If you get "true", look at the detailed results in the JSON output to find out what exactly was found.$ ./mig-agent-linux64 -i shellshock_iocs.json|grep foundanything
    "foundanything": false,
    "foundanything": false,The full action for MIG is below. I will keep updating it over time, I recommend you use the one below instead of the one in the archive.{
"name": "Shellshock IOCs (nginx and more)",
"target": "os='linux' and heartbeattime \u003e NOW() - interval '5 minutes'",
"threat": {
"family": "malware",
"level": "high"
},
"operations": [
{
"module": "filechecker",
"parameters": {
"searches": {
"iocs": {
"paths": [
"/usr/bin",
"/usr/sbin",
"/bin",
"/sbin",
"/tmp"
],
"sha256": [
"73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489",
"ae3b4f296957ee0a208003569647f04e585775be1f3992921af996b320cf520b",
"2d3e0be24ef668b85ed48e81ebb50dce50612fb8dce96879f80306701bc41614",
"2ff32fcfee5088b14ce6c96ccb47315d7172135b999767296682c368e3d5ccac",
"1f5f14853819800e740d43c4919cc0cbb889d182cc213b0954251ee714a70e4b"
],
"regexes": [
"/bin/busybox;echo -e '\\\\147\\\\141\\\\171\\\\146\\\\147\\\\164'"
]
}
}
}
},
{
"module": "netstat",
"parameters": {
"connectedip": [
"108.162.197.26",
"162.253.66.76",
"89.238.150.154",
"198.46.135.194",
"166.78.61.142",
"23.235.43.31",
"54.228.25.245",
"23.235.43.21",
"23.235.43.27",
"198.58.106.99",
"23.235.43.25",
"23.235.43.23",
"23.235.43.29",
"108.174.50.137",
"201.67.234.45",
"128.199.216.68",
"75.127.84.182",
"82.118.242.223",
"24.251.197.244",
"166.78.61.142"
]
}
}
],
"description": {
"author": "Julien Vehent",
"email": "ulfr@mozilla.com",
"revision": 201409252305
},
"syntaxversion": 2
}
Categorieën: Mozilla-nl planet

Mozilla addresses bug allowing signature forgery in NSS - SC Magazine

Nieuws verzameld via Google - vr, 26/09/2014 - 00:04

Threatpost

Mozilla addresses bug allowing signature forgery in NSS
SC Magazine
On Wednesday, Mozilla patched a vulnerability in Network Security Services (NSS) libraries, which impacted its Firefox web browser, Thunderbird email client and SeaMonkey internet suite. The critical bug (CVE-2014-1568) was discovered by researcher ...
Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSSThreatpost
Mozilla patches Firefox NSS vulnerabilityPC Pro
Critical Mozilla vulnerability discoveredFedScoop
Dark Reading -Naked Security
alle 17 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Armen Zambrano: Making mozharness easier to hack on and try support

Mozilla planet - do, 25/09/2014 - 21:42
Yesterday, we presented a series of proposed changes to Mozharness at the bi-weekly meeting.

We're mainly focused on making it easier for developers and allow for further flexibility.
We will initially focus on the testing side of the automation and make ground work for other further improvements down the line.

The set of changes discussed for this quarter are:

  1. Move remaining set of configs to the tree - bug 1067535
    • This makes it easier to test harness changes on try
  2. Read more information from the in-tree configs - bug 1070041
    • This increases the number of harness parameters we can control from the tree
  3. Use structured output parsing instead of regular where it applies - bug 1068153
    • This is part of a larger goal where we make test reporting more reliable, easy to consume and less burdening on infrastructure
    • It's to establish a uniform criteria for setting a job status based on a test result that depends on structured log data (json) rather than regex-based output parsing
    • "How does a test turn a job red or orange?" 
    • We will then have a simple answer that is that same for all test harnesses
  4. Mozharness try support - bug 791924
    • This will allow us to lock which repo and revision of mozharnes is checked out
    • This isolates mozharness changes to a single commit in the tree
    • This give us try support for user repos (freedom to experiment with mozharness on try)


Even though we feel the pain of #4, we decided that the value gained for developers through #1 & #2 gave us immediate value while for #4 we know our painful workarounds.I don't know if we'll complete #4 in this quarter, however, we are committed to the first three.
If you want to contribute to the longer term vision on that proposal please let me know.

In the following weeks we will have more updates with regards to implementation details.

Stay tuned!

Creative Commons License
This work by Zambrano Gasparnian, Armen is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.
Categorieën: Mozilla-nl planet

Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSS - Threatpost

Nieuws verzameld via Google - do, 25/09/2014 - 19:36

Threatpost

Mozilla Patches RSA Signature Forgery in Firefox, Thunderbird, NSS
Threatpost
The Mozilla Foundation has issued a security alert informing users that they have updated a number of their products in order to fix a vulnerability that could allow an attacker to forge RSA certificate signatures and perform man-in-the-middle attacks.
Critical Mozilla vulnerability discoveredFedScoop
Mozilla addresses bug allowing signature forgery in NSSSC Magazine
Mozilla fixes "phishing friendly" cryptographic bug in Firefox and ThunderbirdNaked Security
Dark Reading -WhaTech
alle 15 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla Release Management Team: Firefox 33 beta6 to beta7

Mozilla planet - do, 25/09/2014 - 18:27

This beta has been driven by the NSS chemspill. We used this unexpected beta to test the behavior of 33 without OMTC under Windows.

  • 8 changesets
  • 232 files changed
  • 73163 insertions
  • 446 deletions

ExtensionOccurrences cc73 h45 py23 c11 vcproj8 sh7 xcconfig6 mn6 pump4 mk4 cpp3 cbproj3 txt2 sln2 plist2 pbxproj2 m42 html2 def2 mm1 list1 +1 js1 in1 groupproj1 dep1 cmake1 am1 ac1

ModuleOccurrences security151 security69 image4 widget1 modules1 +1 js1 gfx1

List of changesets:

Michael WuBug 1062886 - Fix one color padded drawing path. r=seth, a=sledru - 232c3b4708b9 Michael WuBug 1068230 - Don't use the gfxContext transform in intermediate surface. r=seth, a=sledru - bca0649c9b79 Douglas CrosherBug 1013996 - irregexp: Avoid unaligned accesses in ARM code. r=bhackett, a=sledru - 5e2a5b6c7a0d Bas SchoutenBug 1030147 - Switch off OMTC on windows. r=milan, a=sylvestre - f631df57b34c Steven MichaudBug 1056251 - Changing to a Firefox window in a different workspace does not focus automatically. r=masayuki a=lmandel - 7c118b1cf343 Kai EngertBug 1064636, upgrade to NSS 3.17.1 release, r=rrelyea, a=lmandel - fb8ff9258d02 Matt WoodrowBug 1030147 - Release the DrawTarget to drop the surface ref in ThebesLayerD3D9. r=Bas a=lmandel CLOSED TREE - 280407351f1b L. David BaronBug 1064636 followup: Add new function to config/external/nss/nss.def r=khuey a=bustage CLOSED TREE - 2431af782661

Categorieën: Mozilla-nl planet

Pagina's