mozilla

Mozilla Nederland LogoDe Nederlandse
Mozilla gemeenschap

Monica Chew: Firefox 32 supports Public Key Pinning

Mozilla planet - wo, 27/08/2014 - 03:41
Public Key Pinning helps ensure that people are connecting to the sites they intend. Pinning allows site operators to specify which certificate authorities (CAs) issue valid certificates for them, rather than accepting any one of the hundreds of built-in root certificates that ship with Firefox. If any certificate in the verified certificate chain corresponds to one of the known good certificates, Firefox displays the lock icon as normal.

Pinning helps protect users from man-in-the-middle-attacks and rogue certificate authorities. When the root cert for a pinned site does not match one of the known good CAs, Firefox will reject the connection with a pinning error. This type of error can also occur if a CA mis-issues a certificate.
Pinning errors can be transient. For example, if a person is signing into WiFi, they may see an error like the one below when visiting a pinned site. The error should disappear if the person reloads after the WiFi access is setup.



Firefox 32 and above supports built-in pins, which means that the list of acceptable certificate authorities must be set at time of build for each pinned domain. Pinning is enforced by default. Sites may advertise their support for pinning with the Public Key Pinning Extension for HTTP, which we hope to implement soon. Pinned domains include addons.mozilla.org and Twitter in Firefox 32, and Google domains in Firefox 33, with more domains to come. That means that Firefox users can visit Mozilla, Twitter and Google domains more safely. For the full list of pinned domains and rollout status, please see the Public Key Pinning wiki.

Thanks to Camilo Viecco for the initial implementation and David Keeler for many reviews!
Categorieën: Mozilla-nl planet

Gervase Markham: Email Account Phishers Do Manual Work

Mozilla planet - di, 26/08/2014 - 21:37

For a while now, criminals have been breaking into email accounts and using them to spam the account’s address book with phishing emails or the like. More evil criminals will change the account password, and/or delete the address book and the email to make it harder for the account owner to warn people about what’s happened.

My mother recently received an email, purportedly from my cousin’s husband, titled “Confidential Doc”. It was a mock-up of a Dropbox “I’ve shared an item with you” email, with the “View Document” URL actually being http://proshow.kz/excel/OLE/PPS/redirect.php. This (currently) redirects to http://www.affordablewebdesigner.co.uk/components/com_wrapper/views/wrapper/tmpl/dropbox/, although it redirected to another site at the time. That page says “Select your email provider”, explaining “Now, you can sign in to dropbox with your email”. When you click the name of your email provider, it asks you for your email address and password. And boom – they have another account to abuse.

But the really interesting thing was that my mother, not being born yesterday, emailed back saying “I’ve just received an email from you. But it has no text – just an item to share. Is it real, or have you been hacked?” So far, so cautious. But she actually got a reply! It said:

Hi <her shortened first name>,
I sent it, It is safe.
<his first name>

(The random capital was in the original.)

Now, this could have been a very smart templated autoresponder, but I think it’s more likely that the guy stayed logged into the account long enough to “reassure” people and to improve his hit rate. That might tell us interesting things about the value of a captured email account, if it’s worth spending manual effort trying to convince people to hand over their creds.

Categorieën: Mozilla-nl planet

Mozilla announces $36 Intex Cloud FX smartphone for India - CBC.ca

Nieuws verzameld via Google - di, 26/08/2014 - 20:22

Economic Times

Mozilla announces $36 Intex Cloud FX smartphone for India
CBC.ca
The phone runs Firefox OS, a Linux-based mobile operating system made by the non-profit organization Mozilla, which is best known for its Firefox web browser. Firefox has been mainly targeting the developing world, especially Latin America, with low ...
This Is The $33 Smartphone For India That Could Ruin Samsung's Android ...Business Insider
Mozilla's $33 smartphone for India could ruin Samsung's android businessEconomic Times
Mozilla Launches $33 Smartphone in IndiaHeadlines & Global News

alle 8 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla comes up with $33 smartphone in India - The Daily Star

Nieuws verzameld via Google - di, 26/08/2014 - 20:01

Mozilla comes up with $33 smartphone in India
The Daily Star
Mozilla, a company best known for its Firefox browser, has launched a new low-cost smartphone in India that will retail for 1,999 rupees ($33; £19.90). The phone is only for sale on India's online shopping site, Snapdeal. The Intex Cloud FX runs on ...

Categorieën: Mozilla-nl planet

Mozilla stapt in groeimarkt India met spotgoedkope smartphone - z24

Nieuws verzameld via Google - di, 26/08/2014 - 19:18

Mozilla stapt in groeimarkt India met spotgoedkope smartphone
z24
“Meer dan zeventig procent van de bellers in India gebruikt nog een traditioneel mobieltje, en naar wij begrijpen zijn kosten en bruikbaarheid een drempel om over te stappen naar een smartphone”, zegt Jane Hsu, hoofd productontwikkeling van Mozilla, ...

en meer »
Categorieën: Mozilla-nl planet

Mozilla stapt in groeimarkt India met spotgoedkope smartphone - z24

Nieuws verzameld via Google - di, 26/08/2014 - 19:18

Mozilla stapt in groeimarkt India met spotgoedkope smartphone
z24
“Meer dan zeventig procent van de bellers in India gebruikt nog een traditioneel mobieltje, en naar wij begrijpen zijn kosten en bruikbaarheid een drempel om over te stappen naar een smartphone”, zegt Jane Hsu, hoofd productontwikkeling van Mozilla, ...

Categorieën: Mozilla-nl planet

Alex Vincent: An insightful statement from a mathematics course

Mozilla planet - di, 26/08/2014 - 17:39

I’m taking a Linear Algebra course this fall.  Last night, my instructor said something quite interesting:

“We are building a model of Euclidean geometry in our vector space. Then we can prove our axioms of geometry (as theorems).”

This would sound like technobabble to me even a week ago, but what he’s really saying is this:

“If you can implement one system’s basic rules or axioms in another system, you can build a model of that first system in the second.”

Programmers and website builders build models of systems all the time, and unconsciously, we build on top of other systems. Think about that when you write JavaScript code: the people who implement JavaScript engines are building a model for millions of people to use that they’ll never meet. I suppose the same could be said of any modern programming language, compiler, transpiler or interpreter.

The beauty for those of us who work in the model is that we (theoretically) shouldn’t need to care what platform we run on. (In practice, there are differences, which is why we want platforms to implement standards, so we can concentrate on using the theoretical model we depend on.)

On the flip side, that also means that building and maintaining that fundamental system we build on top of has to be done very, very carefully.  If you’re building something for others to use (and chances are, when you’re writing software, you’re doing exactly that), you really have to think about how you want others to use your system, and how others might try to use your system in ways you don’t expect.

It’s really quite a profound duty that we take on when we craft software for others to use.

Categorieën: Mozilla-nl planet

Chris AtLee: Gotta Cache 'Em All

Mozilla planet - di, 26/08/2014 - 16:21
TOO MUCH TRAFFIC!!!!

Waaaaaaay back in February we identified overall network bandwidth as a cause of job failures on TBPL. We were pushing too much traffic over our VPN link between Mozilla's datacentre and AWS. Since then we've been working on a few approaches to cope with the increased traffic while at the same time reducing our overall network load. Most recently we've deployed HTTP caches inside each AWS region.

Network traffic from January to August 2014 The answer - cache all the things! Obligatory XKCD Caching build artifacts

The primary target for caching was downloads of build/test/symbol packages by test machines from file servers. These packages are generated by the build machines and uploaded to various file servers. The same packages are then downloaded many times by different machines running tests. This was a perfect candidate for caching, since the same files were being requested by many different hosts in a relatively short timespan.

Caching tooltool downloads

Tooltool is a simple system RelEng uses to distribute static assets to build/test machines. While the machines do maintain a local cache of files, the caches are often empty because the machines are newly created in AWS. Having the files in local HTTP caches speeds up transfer times and decreases network load.

Results so far - 50% decrease in bandwidth

Initial deployment was completed on August 8th (end of week 32 of 2014). You can see by the graph above that we've cut our bandwidth by about 50%!

What's next?

There are a few more low hanging fruit for caching. We have internal pypi repositories that could benefit from caches. There's a long tail of other miscellaneous downloads that could be cached as well.

There are other improvements we can make to reduce bandwidth as well, such as moving uploads from build machines to be outside the VPN tunnel, or perhaps to S3 directly. Additionally, a big source of network traffic is doing signing of various packages (gpg signatures, MAR files, etc.). We're looking at ways to do that more efficiently. I'd love to investigate more efficient ways of compressing or transferring build artifacts overall; there is a ton of duplication between the build and test packages between different platforms and even between different pushes.

I want to know MOAR!

Great! As always, all our work has been tracked in a bug, and worked out in the open. The bug for this project is 1017759. The source code lives in https://github.com/mozilla/build-proxxy/, and we have some basic documentation available on our wiki. If this kind of work excites you, we're hiring!

Big thanks to George Miroshnykov for his work on developing proxxy.

Categorieën: Mozilla-nl planet

Mozilla aims to break Indian mobile market with $33 smartphone - The Drum

Nieuws verzameld via Google - di, 26/08/2014 - 13:39

Mozilla aims to break Indian mobile market with $33 smartphone
The Drum
Internet browser group Mozilla has followed in Google's footsteps by releasing a mobile device - with one difference; its smartphone will cost merely $33 - as it looks to capitalise on the growing Indian market. The 'Intel Cloud FX' will be exclusively ...

Google Nieuws
Categorieën: Mozilla-nl planet

This Is The $33 Smartphone For India That Could Ruin Samsung's Android ... - Business Insider

Nieuws verzameld via Google - di, 26/08/2014 - 11:12

Business Insider

This Is The $33 Smartphone For India That Could Ruin Samsung's Android ...
Business Insider
The low-end smartphone market has long been seen by Mozilla as the perfect place for it to gain traction with its range of smartphones. In an interview with the Wall Street Journal, Jane Hsu, Mozilla's director of product, explained that "More than 70 ...

en meer »Google Nieuws
Categorieën: Mozilla-nl planet

Mozilla launches Intex Cloud FX £20 smartphone, in India - Pocket-lint.com

Nieuws verzameld via Google - di, 26/08/2014 - 10:17

Pocket-lint.com

Mozilla launches Intex Cloud FX £20 smartphone, in India
Pocket-lint.com
Mozilla, famed for creating the Firefox browser, has announced a smartphone that it will sell in India for 1,999 rupees which is around £20. The Intex Cloud FX's runs on Mozilla's operating system, making it the first in Asia to sports the OS. It will ...

Google Nieuws
Categorieën: Mozilla-nl planet

Byron Jones: happy bmo push day!

Mozilla planet - di, 26/08/2014 - 09:49

the following changes have been pushed to bugzilla.mozilla.org:

  • [1058274] The input field for suggested reviewers when editing a component needs ‘multiple’ to be true for allowing for more than one username
  • [1051655] mentor field updated/reset when a bug is updated as a result of a change on a different bug (eg. see also, duplicate)
  • [1058355] bugzilla.mozilla.org leaks emails to logged out users in “Latest Activity” search URLs

discuss these changes on mozilla.tools.bmo.


Filed under: bmo, mozilla
Categorieën: Mozilla-nl planet

Mozilla's first low-cost smartphone on sale in India - BBC News

Nieuws verzameld via Google - di, 26/08/2014 - 08:50

BBC News

Mozilla's first low-cost smartphone on sale in India
BBC News
Mozilla, a company best known for its Firefox browser, has launched a new low-cost smartphone in India that will retail for 1,999 rupees ($33; £19.90). The phone is only for sale on India's online shopping site, Snapdeal. The Intex Cloud FX runs on ...
Mozilla Unveils $33 Intex Cloud FX SmartphoneWall Street Journal (blog)
Mozilla launches low-cost Firefox OS phone in IndiaCNET
Mozilla taps India market with $33 smartphoneCNBC
The Next Web -Bloomberg
alle 264 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla's first low-cost smartphone on sale in India - BBC News

Nieuws verzameld via Google - di, 26/08/2014 - 08:45

BBC News

Mozilla's first low-cost smartphone on sale in India
BBC News
Mozilla, a company best known for its Firefox browser, has launched a new low-cost smartphone in India that will retail for 1,999 rupees ($33; £19.90). The phone is only for sale on India's online shopping site, Snapdeal. The Intex Cloud FX runs on ...

en meer »
Categorieën: Mozilla-nl planet

Mozilla Unveils $33 Intex Cloud FX Smartphone - Wall Street Journal (blog)

Nieuws verzameld via Google - di, 26/08/2014 - 06:01

Wall Street Journal (blog)

Mozilla Unveils $33 Intex Cloud FX Smartphone
Wall Street Journal (blog)
On Monday, Mozilla unveiled its first ultra low-cost smartphone, Intex Cloud FX, together with Indian handset company Intex Technologies India Ltd. The smartphone runs on Mozilla's Firefox software and supports two SIM cards and is powered by a one ...
Mozilla launches low-cost Firefox OS phone in IndiaCNET
Mozilla's first low-cost smartphone on sale in IndiaBBC News
Mozilla is launching its first Firefox OS smartphone in India this weekThe Next Web
Financial Post -Sydney Morning Herald
alle 228 nieuwsartikelen »
Categorieën: Mozilla-nl planet

Mozilla launches Firefox OS smartphone in India only, for $35 - Sydney Morning Herald

Nieuws verzameld via Google - di, 26/08/2014 - 05:00

Sydney Morning Herald

Mozilla launches Firefox OS smartphone in India only, for $35
Sydney Morning Herald
Mozilla isn't the only company interested in tapping the lower-end of India's smartphone market. At Google I/O, Google announced its Android One program that promises to bring a 4.5-inch screen, dual-SIM, FM-radio enabled Android device to India for ...

Categorieën: Mozilla-nl planet

Mozilla's first low-cost Firefox OS phone for India hits the market - VentureBeat

Nieuws verzameld via Google - di, 26/08/2014 - 04:12

Mozilla's first low-cost Firefox OS phone for India hits the market
VentureBeat
Mozilla's plan for a low-cost smartphone for India was first reported in early June, backed up by comments from Mozilla chief operating officer Gong Li that phones above $60 “are still too expensive for most consumers in India and other Southeast Asian ...

Categorieën: Mozilla-nl planet

Mozilla debuts $33 Cloud FX smartphone in bid to capture Indian market - Financial Post

Nieuws verzameld via Google - di, 26/08/2014 - 00:05

Mozilla debuts $33 Cloud FX smartphone in bid to capture Indian market
Financial Post
The Cloud FX phone will run Mozilla's Firefox operating system and offer games and other content through its applications store, Jane Hsu, the company's Taipei-based director of product marketing said at a New Delhi briefing yesterday. The device has ...

Google Nieuws
Categorieën: Mozilla-nl planet

Daniel Stenberg: Credits in the curl project

Mozilla planet - ma, 25/08/2014 - 22:38

Friends!

When we receive patches, improvements, suggestions, advice and whatever that lead to a change in curl or libcurl, I make an effort to log the contributor’s name in association with that change. Ideally, I add a line in the commit message. We use “Reported-by: <full name>” quite frequently but also other forms of “…-by: <full name>” too like when there was an original patch by someone or testing and similar. It shouldn’t matter what the nature of the contribution is, if it helped us it is a contribution and we say thanks!

curl-give-credits

I want all patch providers and all of us who have push rights to use this approach so that we give credit where credit is due. Giving credit is the only payment we can offer in this project and we should do it with generosity.

The green bars on the right show the results from the question how good we are at giving credit in the project from the 2014 curl survey, where 5 is really good and 1 is really bad. Not too shabby, but I’d say we can do even better! (59% checked the top score, 15% checked the 3′)

I have a script called contributors.sh that extracts all contributors since a tag (typically the previous release) and I use that to get a list of names to thank in the RELEASE-NOTES file for the pending curl release. Easy and convenient.

After every release (which means every 8th week) I then copy the list of names from RELEASE-NOTES into docs/THANKS. So all contributors get remembered and honored after having helped us in one way or another.

When there’s no name

When contributors don’t provide a real name but only a nick name like foobar123, user_5678 and so on I tend to consider that as request to not include the person’s name anywhere and hence I tend to not include it in the THANKS or RELEASE-NOTES. This also sometimes the result of me not always wanting to bother by asking people over and over again for their real name in case they want to be given proper and detailed credit for what they’ve provided to us.

Unfortunately, a notable share of all contributions we get to the project are provided by people “hiding” behind a made up handle. I’m fine with that as long as it truly is what the helpers’ actually want.

So please, if you help us out, we will happily credit you, but please tell us your name!

keep-calm-and-improve-curl

Categorieën: Mozilla-nl planet

Mozilla Release Management Team: Firefox 32 beta8 to beta9

Mozilla planet - ma, 25/08/2014 - 22:24

  • 42 changesets
  • 78 files changed
  • 1175 insertions
  • 782 deletions

ExtensionOccurrences cpp26 js20 h7 html5 py4 jsm2 ini2 xul1 xml1 json1 in1 cc1 build1

ModuleOccurrences browser12 layout10 content9 toolkit7 js6 dom6 security5 services4 netwerk3 testing2 config2 tools1 modules1 memory1 image1 gfx1 extensions1

List of changesets:

Mike HommeyBug 1050029 - Improve Makefile checks for deprecated or moz.build variables. r=mshal a=NPOTB - 2a617532286d Mike ShalBug 1047621 - Move link.py to config for importing expandlibs_exec; r=gps a=NPOTB - a09c51fcbd98 Mike ShalBug 1047621 - Have link.py import and call expandlibs_exec.py; r=gps a=NPOTB - bd02db1d22d0 Tim TaubertBug 1054815 - Fix browser_tabview_bug712203.js to not connect to google.com. r=smacleod, a=test-only - 2309c50ccc6c Ryan VanderMeulenNo Bug - Change min expected assertions for test_playback_rate.html to 3. a=test-only - 1815786bfc6d Ryan VanderMeulenNo Bug - Widen the allowable number of asserts in test_bug437844.xul to 19-21 so we don't have to keep adjusting it everytime something randomly perturbs it. a=test-only - 3f100f099542 Martijn WargersBug 1024535 - Fix for failing video test on Windows 7. r=jwwang, a=test-only - d2714b6fc28d David Rajchenbach-TellerBug 1024686 - Add missing return in Sqlite.jsm. r=mak, a=test-only - da78e23cbe3d Martijn WargersBug 1051783 - Fix test_pointerlock-api.html. r=Enn, a=test-only - 90b5e0b87666 Terrence ColeBug 1055219. r=terrence, a=abillings - 7c7145e95cb5 Wes KocherBacked out changeset 90b5e0b87666 (Bug 1051783) for an added assert a=backout - ec5427a8e674 Steven MacLeodBug 1035557 - Migrate crash checkpoints with the session so that we don't appear to crash during reset. r=ttaubert, a=lmandel - 8d583074b918 Monica ChewBug 1055670: Disable remote lookups (r=gcp,a=lmandel) - b554afc480aa C.J. KuBug 1055040 - Send mouse events base on canvas position and enable this test case on all B2G builds. r=ehsan, a=test-only - fadc34768c8b Jared WeinBug 947574 - Switch browser_426329.js to use tasks to avoid intermittent failure. r=Gijs, a=test-only - 023ef0541072 Michael WuBug 1045977 - Clear heap allocated volatile buffers. r=njn, r=seth, a=sledru - bff13e7445c5 Michal NovotnyBug 1054425 - cache2: leak in CacheFileMetadata::WriteMetadata. r=jduell, a=sledru - 342c0c26e18d Shane CaraveoBug 1047340 - Fix annotation of marks by using the browser url rather than cannonical url. r=jaws, a=lmandel - 54949d681a14 Aaron KlotzBug 1054813 - Add some missing MutexAutoLocks in nsZipReaderCache. r=mwu, a=lmandel - 50590d1557c4 Jim ChenBug 1013004 - Fix support for sampling intervals > 1 second. r=BenWa, a=lmandel - 61980c2f6177 Gregory SzorcBug 1055102 - Properly handle Unicode in Bagheera payloads. r=bsmedberg, a=lmandel - 4f18903bc230 Steve WorkmanBug 1054418 - Rewrite AppCacheUtils.jsm to use HTTP Cache v2 APIs. r=michal, a=sledru - fa7360fe9779 Michal NovotnyBug 1054819 - Ensure that the dictionary is released on the main thread. r=ehsan, a=sledru - c06efff91ed3 Honza BambasBug 1053517 - Enable the new HTTP cache during automation testing. r=jduell, a=test-only - f5d4b16203aa Douglas CrosherBug 1013996 - irregexp: avoid unaligned accesses in ARM code. r=bhackett, a=lmandel - 093bfa0f1dee Joel MaherBug 1056199 - Update talos on Fx32 to the latest revision. r=RyanVM, a=test-only - ec3e586813b5 Tim TaubertBug 1041527 - Ensure that about:home isn't the initial tab when opening new windows in tabview tests. r=ehsan, a=test-only - c340fefc0fe8 Marco BonardoBug 1002439 - browser_bug248970.js is almost perma fail when run by directory on osx opt. r=mano, a=test-only - 0b44c271f755 Ryan VanderMeulenBug 906752 - Disable test_audioBufferSourceNodeOffset.html on deBug builds. a=test-only - d94be43c729c Seth FowlerBug 1024454 - Part 1: Eagerly propagate dirty bits so absolute children of table parts get reflowed reliably. r=dbaron, a=lmandel - 8e6b808eed02 Bill McCloskeyBug 1053999 - Be more conservative in recursion checks before brain transplants. r=bholley, a=lmandel - ac551f43e2b4 Paul AdenotBug 1056032 - Make sure COM is initialized when trying to decode an mp3 using decodeAudioData. r=cpearce, a=lmandel - f17ade17a846 Paul AdenotBug 1056032 - Test that we can decode an mp3 using decodeAudioData. r=ehsan, a=lmandel - 53d300e03f5b Markus StangeBack out Bug 1000875 in order to fix the regression tracked in Bug 1011166. a=backout - 11a5306111d0 Peter Van der BekenBug 1036186 - Reset Migration wizard no longer skips the first step to choose a browser. r=smaug, a=lmandel - ac8864d8ecc0 Camilo VieccoBug 1047177 - Treat v4 certs as v3 certs (1/2). r=keeler. a=lmandel - 6049537c2510 Camilo VieccoBug 1047177 - Treat v4 certs as v3 certs. Tests (2/2). r=keeler. a=lmandel - 74a58e14d1d3 Bill McCloskeyBug 1008107 - Allow SandboxPrivate to be null in sandbox_finalize. r=bz, a=lmandel - 85318a1536ee Sami JaktholmBug 1055499 - StyleEditor: Properly wait for the toolbox to be destroyed before ending test run and causing windows to leak. r=harth, a=test-only - 8f49d60bf5c9 Honza BambasBug 1040086 - EV identifier missing when restoring session with HTTP cache v2. r=michal, a=lmandel - 33ea2d7e342e Shane CaraveoBug 1056415 - Fix updating the marks buttons during tabchange. r=jaws, a=lmandel - 2f61f6e44a33 Shane CaraveoBug 1047316 - Fix docshell swapping Bug by removing usage in marks (unecessary here). r=jaws, a=lmandel - 58eb677e55f3

Categorieën: Mozilla-nl planet

Pagina's