Microsoft, Adobe, Google and Mozilla in Patch Tuesday Blitz
Rumors of Patch Tuesday's imminent demise have been greatly exaggerated, with Microsoft releasing 13 bulletins yesterday including three critical fixes, addressing 30 vulnerabilities. MS15-043 should be the first priority for IT administrators, as it ...
en meer »
Mozilla erklärt DRM-Funktionalität von Firefox
Doch die Multimediakonzerne setzten sich durch, und Mozilla fügte der MS Windows-Version von Firefox, und offenbar nur dieser, EME hinzu, wie schon vor einem Jahr angekündigt. Die Ankündigung war unter anderem von der Free Software Foundation ...
Mozilla veröffentlicht Firefox 38soeren-hentzschel.at
Mozilla rüstet Firefox 38 mit Kopierschutz ausT-Online
Neuerungen und Download – Firefox 38 im Praxis-CheckDIE WELT
PC-Welt -WinFuture -Golem.de
alle 24 nieuwsartikelen »
Mozilla gags, but supports video copy protection in Firefox 38
Firefox 38's most notable enhancement -- and the one that Mozilla called out in a Tuesday blog post -- was support for digital rights management (DRM), the over-arching label for technologies that prevent people from pirating video, audio and written ...
Mozilla Launches A New Firefox Version Without DRM SupportTechCrunch
Mozilla's Firefox 38 patches 13 security flawsZDNet
Mozilla Firefox 38 Gets a Baker's Dozen Security UpdateseWeek
Daily News & Analysis -VentureBeat
alle 21 nieuwsartikelen »
Firefox 38 : Mozilla grimace mais ajoute le support des DRM
Et si Mozilla a dû se résoudre à implémenter le support des DRM dans Firefox, c'est car l'EME fait partie du standard HTML5 défini par le W3C. Firefox 38 intègre donc à présent Content Decryption Module (CDM) d'Adobe, permettant la lecture de contenus ...
Firefox 38 repense la gestion des DRM et propose d'en retirer la prise en chargeClubic
Firefox 38 intègre le controversé système de DRM EMEMacGeneration
Firefox s'ajoute un module Adobe pour gérer les DRMNumerama
Next INpact -Silicon -KultureGeek
alle 7 nieuwsartikelen »
Ben Klemens has written an essay criticising Mozilla’s moves towards an HTTPS web. In particular, he is worried about the difficulty of setting up an HTTPS website and the fact that (as he sees it) getting a certificate requires the disclosure of personal information. There were some misunderstandings in his analysis, so I wanted to add a comment to clarify what we are actually planning to do, and how we are going to meet his concerns.
However, he wrote it on Medium. Medium does not have its own login system; it only permits federated login using Twitter or Facebook. Here’s the personal information I would have to give away to Medium (and the powers I would have to give it) in order to comment on his essay about the problems Mozilla are supposedly causing by requiring people to give away personal information:
Don’t like that? That’s OK, I could use Facebook login, if I was willing to give away:
So I’ll have to comment here and hope he sees it. (Anyone who has decided the tradeoffs on Medium are worth it could perhaps post the URL in a comment for me.)
The primary solution to his issues is Let’s Encrypt. With Let’s Encrypt, you will be able to get a cert, which works in 99%+ of browsers anyone uses, without needing to supply any personal information or to pay, and all at the effort of running a single command on the command line. That is, the command line of the machine (or VM) that you have rented from the service provider and to whom you gave your credit card details and make a monthly payment to put up your DIY site. That machine. And the cert will be for the domain name that you pay your registrar a yearly fee for, and to whom you have also provided your personal information. That domain name.
If you have a source of free, no-information-required server hosting and free, no-information-required domain names (as Ben happens to for his Caltech Divinity School example), then it’s reasonable to say that you are a little inconvenienced if your HTTPS certificate is not also free and no-information-required. But most people doing homebrew DIY websites aren’t in that position – they have to rent such things. Once Let’s Encrypt is up and running, the situation with certificates will actually be easier and more anonymous than that with servers or domain names.
“Browsers no longer supporting HTTP” may well never happen, and it’s a long way off if it does. But insofar as the changes we do make are some small infringement on your right to build an insecure website, see it as a civic requirement, like passing a driving test. This is a barrier to someone just getting in a car and driving, but most would suggest it’s reasonable given the wider benefit to society of training those in control of potentially dangerous technology. Given the Great Cannon and similar technologies, which can repurpose accesses to any website as a DDOS tool, there are no websites which “don’t need to be secure”.
Personal Computer Magazine
Mozilla voegt html5-DRM toe aan Firefox
Personal Computer Magazine
Mozilla voegde de ondersteuning gisteren toe onder druk van auteursrechtenorganisaties. Videostreamingdiensten als Netflix bouwen zulke DRM in in hun streams, zodat gebruikers het niet kunnen downloaden. Als de DRM-bescherming niet zou zijn ...
en meer »
Mozilla Pushes Web Sites To Adopt Encryption
Top Tech News
The organization behind the Firefox Web browser wants to see Web site encryption become standard practice, and it has laid out a two-part plan to help that happen. Mozilla said it plans to set a date by which all new features for its browser will be ...
en meer »
When I talk about “remoties”, I frequently get asked my thoughts on Yahoo’s now (in)famous “no more work-from-home” policy.
Richard Branson (Virgin, link to first video) and the separate comments from Jackie Reses (Yahoo, 2.27 into the link to second video) confirm what I’d heard from multiple unofficial mutterings – that Yahoo’s now (in)famous “no more work from home” decree was actually intended as a way to jolt the company culture into action.
I also liked Sheryl Sandberg (Facebook) comments about how a successful remote workplace depends on having clear measures of successful results. Rather then valuing someone by how many hours they are seen working in the office, instead it is better to have a company culture where you measure people by results. This echoes comments I’ve seen from Jason Fried in his “Remote” book, comments I’ve made in my “we are all remoties” presentations and which I’ve heard again and again from various long-term remote workers.
These two interviews discuss these points really well. The entire article is well worth a read, and both videos are only a few minutes long, so worth the quick watch.
Building a complex, long-term application? Periodically setup your local development environment from scratch.— Jason Garber (@jgarber) May 6, 2015
If you have a complex long-term application, it will be complex to set up. That means:
- it gets harder to bring new developers on board
- it gets harder to add in new pieces
- bugs start to occur between different developers deployments
- setting up the application becomes handed down knowledge
The worst thing is that you can't see the technical debt that is piling up. It's underneath your application, but because you never set up your development environment again, you don't see it. You can stay productive, setting up the application is a rite of passage for other people.
Reduce the number of settings. Make it work well out of the box. Get as few steps as possible. Document it. Script it.
Once you've got the rebuild happening quickly, you won't fear setting up your application again.
I’m blogging about the development of a new product in Mozilla, look here for my other posts in this series
Generally at Mozilla we want to engage and activate our community to further what we do. Because all our work is open source, and we default to open on our planning, we have a lot of potential to include people in our work. But removing barriers to participation doesn’t make participation happen.
A couple reasons it’s particularly challenging:
Volunteers and employees work at different paces. Employees can devote more time, and can have pressures to meet deadlines so that sometimes the work just needs to get done. So everything is going fast and a volunteer can have a hard time keeping up. Until the project is cancelled and then wham, the employees are all gone.
Employees become acclimated to whatever processes are asked of them, because whether they like it or not that’s the expectation that comes with their paycheck. Sometimes employees put up with stupid shit as a result. And sometimes volunteers aren’t willing to make investments to their process even when it’s the smart thing to do, ‘cause who knows how long you’ll stick around?
Employee work has to satisfy organizational goals. The organization can try to keep these aligned with mission goals, and keep the mission aligned with the community, but when push comes to shove the organization’s goals – including the goals that come from the executive team – are going to take priority for employees.
Volunteers are unlikely to be devoted to Mozilla’s success. Instead they have their own goals that may intersect with Mozilla’s. This overlap may only occur on one project. And while that’s serendipitous, limited overlap means a limit on the relationships those volunteers can build, and it’s the relationships that are most likely to retain and reward participation.
I have a theory that agency is one of the most important attractors to open source participation. Mozilla, because of its size and because it has a corporate structure, does not offer a lot of personal agency. Though in return it does offer some potential of leverage.
I am not sure what to do with respect to participation in PageShot. If I open things up more, will anyone care? What would people care about? Maybe people would care about building a product. Maybe the building blocks would be more interesting. We have an IRC channel, but we also meet regularly over video, which I think has been important for us to assimilate the concept and goals of the project. Are there other people who would care to show up?
I’m also somewhat conflicted about trying to bring people in. Where will PageShot end up? The project could be cancelled. It’s open source, sure, but is it interesting as open source if it’s a deadend addon with no backing site? Our design is focused on making something broadly appealing such that it could be included in the browser – and if things go well, the addon will be part of the browser itself. If that happens (and I hope it will!) even my own agency with respect to the project will be at threat. That’s what it means to get organizational support.
If the project was devolved into a set of libraries, it would be easier to contribute to, and easier for volunteers to find value in their participation. Each piece could be improved on its own, and can live on even if the product that inspired the library does not continue. People who use those libraries will maintain agency, because they can remix those libraries however they want, include them in whatever product of their own conception that they have. The problem: I don’t care about the libraries! And I don’t want this to be a technology demonstration, I want it to be a product demonstration, and libraries shift the focus to the wrong part.
Despite these challenges, I don’t want to give up on the potential of participation. I just doubt would look like normal open source participation. I’ve expanded our participation section, including an invitation to our standup meetings. But mostly I need to know if anyone cares, and if you do: what do you care about and what do you want from your participation?
We’re experimenting with new features in Firefox Beta to give you more ways to connect with the people and content you want on the Web.
There’s a new tab sharing feature in Firefox Hello Beta so you can share any website you’re viewing while talking to friends, family and co-workers. We’re also testing a new integration with the popular service, Pocket. Pocket allows you to save stories, videos and websites to enjoy at a later time.
To test Firefox Hello tab sharing, follow these steps:
- Click the Hello icon in the Firefox toolbar.
- Start a conversation.
- Connect with your guest.
- Click the share icon.
To experience even more of Hello, sign up for a Firefox Account. You can then add and save contacts directly into your Hello contacts list, making it easier to connect with friends and family.
You’ll see the Firefox Accounts sign up option by clicking the Hello icon and looking at the bottom right of the conversation control center.
You can even use Firefox Hello without an account, the people you’re connecting to just need to click your link to join a call with you.
When you have a Firefox Account, you can also test the new Firefox Beta Pocket integration, following these steps:
- Click “Sign up with Firefox.”
- You’ll create your account and be asked to confirm your email.
- Open your email service and click the confirmation link in the message we’ve sent you.
You’re now ready to use Pocket. To start testing, visit any website and click the Pocket icon in the toolbar. For example, visit Yahoo news. Once there, click the Pocket icon. That page will be saved to your Pocket. You can access that content again through Firefox by clicking the Pocket icon and selecting View List. You’ll then be taken to the screen below where you can view and manage your saved content.
Pocket is available in Firefox Beta in English, German, Japanese, Russian and Spanish and more languages are coming soon.
Mozilla veröffentlicht Firefox 38
Mozilla hat Firefox 38 veröffentlicht. Die neue Version bringt wieder einige Neuerungen, ist aber auch für Nutzer der Firefox-Version mit Langzeitunterstützung relevant, denn Firefox ESR 38 beerbt Firefox ESR 31. Dieser Artikel fasst die ...
Mozilla: Firefox 38 erscheint mit Web-DRMGolem.de
Firefox 38 mit DRM: Mozilla beugt sich zähneknirschend der RealitätWinFuture
Mozilla veröffentlicht Firefox in Version 38Hard Tecs 4U
derStandard.at -ZDNet.de -com-magazin.de
alle 13 nieuwsartikelen »
Mozilla Firefox 38 Gets a Baker's Dozen Security Updates
"Security researcher Ucha Gobejishvili used the Address Sanitizer tool to find a buffer overflow while parsing compressed XML content," Mozilla warned in its advisory. This was due to an error in how buffer space is created and modified when handling ...
For 2015, one of Mozilla’s primary goals is to grow Firefox. In order to achieve the growth we are looking for we looked closely at all of our programs and channels to identify opportunities. We focused on how we can better leverage our most powerful differentiator; our global community of contributors, supporters and users. We quickly realized that Firefox Affiliates was limiting our community’s potential. We needed a program that allowed people to participate in spreading the word in a way that aligns with how people share on the Web today.
Firefox Affiliates in its current form was outdated. It was focused on banner creation that supporters could post to their sites/blogs to spread the word about Mozilla and it wasn’t built to be available on mobile. Today, the majority of Web users are consumers of content vs creators of content and a large percentage of people are consuming this content on a mobile device. These are two of the reasons why social media engagement took off so quickly. Sharing content is a simple action that anyone can take without having to go through the process of actually creating content to share and it’s easily accessible on a mobile device.
Some of the biggest brands in technology, retail and nonprofit industries are having huge success with word of mouth marketing programs all focused on making it really simple for fans, contributors and supporters to share content the way people consume it on the Web today.
We decided that our referral program needed to better reflect how people engage with content today. We did extensive research, talked to a number of companies, followed by a very thorough RFP process to learn more about word of mouth marketing programs and eventually select a partner. Volunteer contributors helped by demoing the top potential partners and providing feedback.
Once we dug in, we knew we were on the right track as our own research showed that the more people know about why we do what we do, the happier they are about using Firefox. And the happier users are about using Firefox the more inclined they are to tell other people and the more they know about us, the more they love us.
There is also industry research confirming the power of referral marketing:
- One third of sales can be attributed to word of mouth, it amplifies paid media
- Third party conversations and recommendations are responsible for 13-20% of consumer purchases
- A single word of mouth impressions accounts for 5 times more sales than a single paid media impression
- 74% of Internet users rely on social media to guide their day to day decisions
- Impact of an online referral is more immediate than any other type of promotion
Source: 2014 WOMMA Study
The data reinforces our need to introduce a new program that would arm our community with:
- Content! News & updates around Firefox & Mozilla
- Tools! To help amplify those messages and conversations around Firefox & Mozilla
This is how Firefox Friends was born! Firefox Friends is our new social sharing program that offers a fresher, better way to show your support for Firefox and all things Mozilla.
With Firefox Friends, you’re at the forefront of our mission, sharing our latest news and announcements with the world. And much like Affiliates, you’re able to track your impact (but with even more stats & data) and get rewarded along the way! Plus Firefox Friends is available on mobile, so its really easy to participate from wherever you are.
It’s really easy to get started with Firefox Friends. Just go to friends.mozilla.org and sign up. You’ll be asked to give your email and create a password. We ask for the password just so you can keep track of your activities and see the impact you’re making along the way. Plus, this way we can recognize you for the great work you’re doing.
We need everyone’s help to ensure we are hitting our goals and growing the number of long-term relationships we hold. That is the key to our success. Firefox Friends will help us foster these long term relationships.
Sign up with Firefox Friends today. (friends.mozilla.org)
If you’re interested in contributing to Firefox Friends, please contact us email@example.com.
Timeline & details for phasing out Firefox Affiliates:
Mozilla Firefox 38 ganha duas versões com e sem suporte a DRM; entenda
Uma nova atualização do Firefox já está disponível para os usuários. A versão 38 introduz novos recursos e correções de bugs, além de passar a suportar conteúdo com DRM através de HTML5. A maior mudança também dá aos usuários a opção de baixar ...
Nova versão do Firefox chega com proteção DRM e mudanças no Androidcanaltech (Blogue)
alle 4 nieuwsartikelen »
Mozilla geeft Firefox-versie met html5-drm vrij
Mozilla heeft dinsdag html5-ondersteuning voor digital rights management toegevoegd aan Firefox. De browsermaker bouwde de functie niet van harte in, maar zei niet anders te kunnen. Dankzij de drm-ondersteuning kunnen bedrijven als Netflix hun ...
Nova versão do Firefox chega com proteção DRM e mudanças no Android
A Mozilla liberou nesta terça-feira (12) a versão 38 de seu navegador Firefox, trazendo mudanças significativas tanto para os usuários de PC quanto para quem usa o software no sistema operacional Android. Entre as novidades estão um novo sistema de ...
Mozilla Firefox 38 ganha duas versões com e sem suporte a DRM; entendaBoa Informação
alle 4 nieuwsartikelen »Google Nieuws
Community is a word that means a lot of things to different people. When there is talk of community at an A*Team meeting, some people perk up and others tune out. Taking a voluntary role in leading many community efforts on the A*Team over the last year, here are some thoughts I have towards accepting contributions, growing community, and making it work within the team.
Historically on the A*Team we would file bugs which are mentored (and discoverable via bugsahoy) and blog/advertise help wanted. This is always met with great enthusiasm from a lot of contributors. What does this mean for the mentor? There are a few common axis here:
- High-Touch vs Low-Touch
- High-Touch is where there is a lot of time invested in getting the current problem solved. Usually a lot of bug comments, email, irc chatter to solve a good first bug. Sometimes this can take hours!
- Low-Touch is where a person comes in, a patch randomly appears and there is little to no feedback for the patch.
- High-Reward vs Low-Reward:
- High-Reward is where we have contributors that solve larger problems. A rewarding experience for both the contributor and the mentor
- Low-Reward is where a contributor is fixing useful things, but they are little nits or polish. This isn’t as rewarding for the contributor, nor the mentor.
- Short-Term vs Long-Term:
- Short-Term – a contributor shows up for a few days, fixes however many bugs they can and disappears. This is a common workflow for folks who are on break from school or shifting around in different stages of their lives.
- Long-Term – a contributor who shows up on a regular basis, continues to contribute and just the fact of them being around has a much larger impact on the team.
We need to appreciate all types of contributions and ensure we do our best to encourage folks to participate. As a mentor if you have a lot of high-touch, low-reward, short-term contributors, it is exhausting and de-moralizing. No wonder a lot of people don’t want to participate in mentoring folks as they contribute. It is also unrealistic to expect a bunch of seasoned coders to show up and implement all the great features, then repeat for years on end.
The question remains, how do you find low-touch contributors or identify ones that are high-touch at the start and end up learning fast (some of the best contributors fall into this latter category).
The simple answer here is file a bunch of bugs. In fact whenever we do this they get fixed real fast. This turns into a problem when you have 8 new contributors, 2 mentors, and 10 good first bugs. Of course it is possible to find more mentors, and it is possible to file more bugs. In reality this doesn’t work well for most people and projects.
The real question to ask is what kind of growth are you looking for? To answer this is different for many people. What we find of value is slowly growing our long-term/low-touch contributors by giving them more responsibility (i.e. ownership) and really depending on them for input on projects. There is also a need to grow mentors and mentors can be contributors as well! Lastly it is great to have a larger pool of short-term contributors who have ramped up on a few projects and enjoy pitching in once in a while.
How can we foster a better environment for both mentors and contributors? Here are a few key areas:
- Have good documentation.
- Set expectations up front and make it easy to understand what is expected and what next steps are.
- Have great mentors (this might be the hardest part),
- Focus more on what comes after good first bugs,
- Get to know the people you work with.
Just focusing on the relationships and what comes after the good first bugs will go a long way in retaining new contributors and reducing the time spent helping out.
How we make it work in the A*Team:
The A*Team is not perfect. We have few mentors and community is not built into the way we work. Some of this is circumstantial, but a lot of it is within our control. What do we do and what does and does not work for us.
Once a month we meet to discuss what is going on within the community on our team. We have tackled topics such as project documentation, bootcamp tools/docs, discoverability, good next bugs, good first projects, and prioritizing our projects for encouraging new contributors.
While that sounds good, it is the work of a few people. There is a lot of negative history of contributors fixing one bug and taking off. Much frustration is expressed around helping someone with basic pull requests and patch management, over and over again. While we can document stuff all day long, the reality is new contributors won’t read the docs and still ask questions.
The good news is in the last year we have seen a much larger impact of contributors to our respective projects. Many great ideas were introduced, problems were solved, and experiments were conducted- all by the growing pool of contributors who associate themselves with the A*Team!
Recently, we discussed the most desirable attributes of contributors in trying to think about the problem in a different way. It boiled down to a couple things, willingness to learn, and sticking around at least for the medium term.
Going forward we are working on growing our mentor pool, and focusing on key projects so the high-touch and timely learning curve only happens in areas where we can spread the love between domain experts and folks just getting started.
Keep an eye out for most posts in the coming week(s) outlining some new projects and opportunities to get involved.
Mozilla has sent a Communication to the Certification Authorities (CAs) who have root certificates included in Mozilla’s program. Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to support cross-platform development of security-enabled client and server applications. The NSS root certificate store is not only used in Mozilla products such as the Firefox browser, but is also used by other companies in a variety of applications.
- Confirm that they are the current Primary POC, or give alternative details;
- Confirm that Mozilla has the correct link to their most recent Baseline Requirements audit statement;
- Update us on their progress in eliminating use of SHA-1 as a certificate signature algorithm;
- Inform us whether they are still issuing certificates with certain problems identified when we moved to mozilla::pkix; and
- Tell us about their support for IPv6.
With this CA Communication, we re-iterate that participation in Mozilla’s CA Certificate Program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe. Nevertheless, we believe that the best approach to safeguard that security is to work with CAs as partners, to foster open and frank communication, and to be diligent in looking for ways to improve.
Mozilla Security Team
This week, the U.S. House of Representatives is scheduled to vote on the USA FREEDOM Act, a bipartisan, bicameral piece of legislation that would significantly reform surveillance activities conducted under the USA PATRIOT Act.
Mozilla supports this legislation, which passed out of the House Judiciary Committee on a 25-2 vote. This version of USA FREEDOM Act would:
- curtail bulk collection activities under Section 215 as well as Pen Register/Trap and Trace and National Security Letter authorities;
- bring increased transparency to surveillance activities, including through the declassification of Foreign Intelligence Surveillance Court (FISC) opinions and new reporting requirements on the government;
- allow companies to report the scope and scale of national security demands in smaller ranges (bands of 500 as opposed to 1,000) than is allowed today;
- enable outside attorneys to participate in FISC cases involving novel interpretations of law, providing an important check on the government; and
- not require any data retention mandates.
While we believe many more surveillance reforms are needed, this legislation would be a significant step forward to enhancing user privacy and security. Indeed, the 2nd Circuit ruled last week that the government’s mass surveillance of call detail records — information about who you called, when you called, for how long you spoke, an incredibly detailed map of your private life — under Section 215 is illegal. Congress must act now to reform these surveillance authorities.
Despite the 2nd Circuit ruling and significant grassroots pressure (including from the Mozilla community), some senators are pushing for a reauthorization of these illegal surveillance activities without any reforms. Any delay in passing the USA FREEDOM Act is likely to lead to weakened reforms, so we urge Members of Congress to reject even a short term reauthorization of Section 215 and the two other PATRIOT Act statutes which are set to expire at the end of the month.
We hope the House will overwhelmingly approve the USA FREEDOM Act this week, reflecting the significant and diverse support for this legislation, and we hope that the Senate will swiftly follow suit in passing the bill without harmful amendments.