35 Burst results for "Mozilla"
The Bad Crypto Podcast
Why Web Pioneer Legend Brendan Eich Founded Brave?
"mozilla" Discussed on Security Now
"As I mentioned, when we talked about this before, he seemed to be extremely braggadocious about these breaches. And the more one struts around crowing, the more clues you inadvertently leave behind. Well, and also, this is the same kid that already has been arrested for the Microsoft hack, the earlier lapses hack. That's what they're saying. So this kid not only is he braggadocious. Keep learning a lesson. He's currently on parole for that. Oh, good. Or a probation, I think, not probation. It's only probably the fact that he's a minor that is saving him at this point. That's right. That's right. These are things or just this guy. Frankly. Felonies cyber intrusion. And he's using in every case he's used as social engineering. It's posing as somebody. Give me your two factors kind of thing. Okay. Okay, so let's take a break, and then we're going to talk about Mozilla saying it's no fair. It's no fair. It's no fair. It's not fair, Mark. Okay, moving right along. I'm still kind of trying to figure out what we're going to do at twit about these GDPR things because that's now what four or 5 countries that were now analytics. Everybody who is asked to rule on it rules the way they have to, which is it is a breach of the GDPR. I think mostly because GDPR considers IP addresses IIP, right? That that's a PII rather personally identifiable information. Yes. And we know that that IP addresses tend to be relatively static, but they're also going way further talking about unique tokens and referrer headers. And I mean, they're getting aggressive. I mean, this is France saying, oh la la.
"mozilla" Discussed on Security Now
"It's time for security now the show where you get really down and dirty with the technology and not dirty. You know what I mean? You can really into it with this guy right here, Steve Gibson. He is the technology wizard, we all look to when it comes to understanding better what's going on in the digital world, hi, Steve. Hello, Leo, great to be with you for our last episode of September. What happened? It's just so now we're starting into the fourth quarter of 2022 for episode 8 90. So a lot of stuff to talk about. It was a busy week in the security world. We're going to examine Europe polls, which is that the policing force enforcement side of the EU. Government, their desire to retain data on non criminal EU citizens, which is not technically legal. And we look at the fourth EU nations speaking of not legal to declare that the use of Google Analytics is an illegal breach of the GDPR. We're going to look at the question of whether teapot has been caught. It seems like. And Mozilla says it's no fair that operating systems bundle their own browsers. So here we go again. Meanwhile, chrome's forthcoming V three manifest, threatens add on ad blocker extensions. And past chrome vulnerabilities are leaving embedded browsers vulnerable, which is an aspect of chrome. We'd never talked about before or chromium rather. The engine. Windows 11 actually gets a useful feature. No. And I know it happened. No. Really? That's amazing. And some U.S. legislation proposes to improve open-source software security. We revisit the Iranian Albanian cyber conflict now that we know how Iran got into Albania's networks. And after what important and interesting bit of listener feedback about multi factor authentication fatigue and a quick spin ride update, we're going to look at some new trends in the dark underworld with the leak of another major piece of cybercrime malware, thus today's podcast is titled, darknet politics.
Practical AI: Machine Learning & Data Science
"mozilla" Discussed on Practical AI: Machine Learning & Data Science
"Driven and funded and really kind of the tone for what is developed is coming with an incentive that is being set by big tech, then you get a certain kind of research, which is different from if you are getting something that was coming at it from a different angle. Or maybe not from an elite university in the United States and maybe somewhere else or in a different language altogether. Yeah, so we look a lot at what kinds of datasets are being used for benchmarking in AI research. And again, this is an original research by us. This is compilations of research that we've put together, sometimes we've found research and then visualized it. Made it more beautiful, made it more accessible, so that more people can enjoy it and understand some of the lessons from it. Yeah, I would encourage people listeners to check out if you go to the Internet health report site, which will be linked in our show notes and there's a fax page where some of these things are visualized and I'm sure more content will be coming to, but there's some really interesting perspectives on both the sort of power imbalance on various different scales, whether that be by sort of frequency of dataset usage or investments in AI in different parts of the world, all very interesting sort of different angles at this, which tell a certain aspect of the story. Maybe as we as we get closer to the end here, I'll ask both of you to respond, but for the sort of practitioner out there who's listening to this podcast and might sort of be thinking, oh, I wasn't really thinking about as much about maybe having to say no to developing certain technologies or they're thinking, oh, there really is a lot to dig in here in terms of thinking more about the data that I'm using, thinking more about kind of downstream uses of that of the technology that I'm building. How would you encourage them based on the stories that you have told and are telling through the report and the podcast? How would you encourage them to really be a positive force in this AI field and kind of help shape the future of what AI is becoming any thoughts, either one of you could start? Well, I'll start. I just love the question. And I think in making the podcast, one of the things that really struck me are, what a great resource we have in folks who work in tech, whether you're an engineer or honestly, whatever you're doing in tech, like the stories of people who have pushed back, challenged power from within tech companies have been so impactful and inspiring to me. And so I would just say like, if you're a rank and file, tech employee, you have so much power and so much agency and there are so many folks who are using that power and wielding it in such interesting and inspiring ways. And so yeah, I would say really recognizing and owning and walking in that power. These are fields where people are constantly learning and constantly pushing themselves. And so it can also be maybe it's time to learn from a different source.
Practical AI: Machine Learning & Data Science
"mozilla" Discussed on Practical AI: Machine Learning & Data Science
Practical AI: Machine Learning & Data Science
"mozilla" Discussed on Practical AI: Machine Learning & Data Science
"Episode of practical AI. This is Daniel whitenack. I'm a data scientist with SIL international. And I'm not joined today by Chris, who is currently in a plane somewhere taking his daughter to Disney World, I think, to have a wonderful time. So we'll give him the week off, but in lieu of Chris, we have some amazing guests with us today to talk through some of what Mozilla is putting out with their IRL podcast and their latest Internet health report. We have with us Solana Larson, who is the editor of the Internet health report, and Bridget Todd, who is host of most Zilla's IRL podcast. Welcome, great to have you both. Thanks for having us. Yeah, so excited to be here. I was so excited that we got to do this. Of course, you're putting out amazing content through the Internet health report and the IRL podcast, which this time around is focused on AI and I'm sure we'll get into that, but maybe before we do Solana, would you mind just sort of introducing for those that aren't familiar with it? What is the Internet health report? And how did it come about and maybe just a little bit of context there? Sure. Well, it's an annual report, and it's published by Mozilla, and we started 5 editions ago, asking a big question, what does it even mean for the Internet to be healthy? And what happens when we think about it as an ecosystem that can be either healthy or unhealthy or bits of both at the same time? And then the important question, of course, is how do we make it healthier? So when we're talking about healthy in this case, we're thinking a lot about how it acts as an ecosystem for humans for humanity. Is it benefit to the world? Is it something that is good for people? And so when we think about the things that are unhealthy, you know, it's everything from disinformation or hate speech, but it can also be things like how many people are connected to the Internet. How many women are online? Are people able to build and code and compete, you know, what is this ecosystem that we're building? So every year we would step back and look across a lot of different topics, everything from undersea cables to codes of conduct and open-source communities and so forth. And I think over the years, a lot has changed in how we talk about the Internet and how we understand the Internet, both in the media and in technical circles, how we think about regulation, and so in terms of moving with the times a little bit, I think right now is the moment to talk about AI. And so it's the first year that we have taken just one big topic as the focus area for the Internet health report and gone deep on just that. And with AI, it's really all the things that hurt or harm the health of the Internet the most, we see those magnified or amplified with AI in a lot of ways. But there's also a lot of opportunity, right?
Techmeme Ride Home
"mozilla" Discussed on Techmeme Ride Home
"Based on the features the browser supports. In August 2021, Mozilla launched an experiment to see if the three digit Firefox 100 user agent string would cause problems with websites. Google soon followed with their own experiment for chrome 100. In both experiments, Mozilla and Google found a small number of websites that would not operate correctly when parsing a user agent string that contained a three digit version number. Since then, Mozilla has been keeping track of web bugs caused by the version 100 change and has found problems on websites for HBO go, Bethesda, Yahoo slack and those created by the duda website builder. For the most part, these issues have ranged from the website's stating the browser is unsupported to user interface issues affecting portions of the site, without a single specification to follow different browsers have different formats for the user agent string and site specific user agent parsing. It's possible that some parsing libraries may have hard coded assumptions or bugs that don't take into account three digit major version numbers. Mozilla explains in a new blog post about the upcoming user agent changes. Quote, many libraries improve the parsing logic when browsers move to two digit version numbers, so hitting the three digit milestone is expected to cause fewer problems. End quote. Mozilla and Google will continue running experiments for version 100 user agents until the browsers are released on March 29th for chrome and May 3rd for Firefox. If there are issues with sites that Mozilla or Google can not fix before these versions are released, both Google and Mozilla have backup plans ready to ensure the sites are not affected. End quote. Hey devs, why does this always happen? I mean, saving space by saving digits, that went out in about what? 1978, is it just laziness now? You're not gaining anything by taking one digit out anymore. Anyway, doesn't sound like it'll be a big deal this time, but still, this should really never happen.
"mozilla" Discussed on AdExchanger Talks
"During the holidays. This is when a lot of us make purchase like this. And a lot of times the data hoovered up by connected devices and apps, that's the real product that companies are selling to advertisers. It's the currency. So this gift guide, it really is a gift guide is one of the ways that we're working to try and push people to be more transparent. And there were some really fun takeaways from that. The way that we frame the guide, Allison is with each product, it's this idea of creepy versus not creepy. And we've seen people really sort of adopt and use this framing, because it's easy, it makes sense. And frankly, obviously, people generally want to stay away from creepy stuff and are happy when they're using something that isn't. But this year was super interesting. So we reviewed a 151 different products. And this is a lot. I think we spend a port like 6 and a half 7 hours researching the privacy policies, et cetera of all of them. So this was a help you. Yeah. Big chunk of work, but that's important, right? Out of that 151, 49 received our warning label. Our privacy not included warning label. That's a lot. So not great. Some of the worst companies were Facebook, Samsung, peloton, Amazon. But that warning label, we base the ding on a couple of things. First, do the product meet our minimum security standards. So there's like a basic set of standards that we like people to meet. Two, how does the company handle data, right? Three relatedly, do people have control of that data? And then for what's the company's track record for security and privacy? So 49 things based on that. But then on the flip side, 22 products earned the best of designation. So that's good. 14 different companies stood out as doing really well with their privacy practices. For not clever data, et cetera. You did really well. Yeah. I mean, the best companies, I mean, Apple was The Shining star of the well-known ones, but there's some other really interesting stuff too. So Apple is the least creepy of the big 5, right? And Garmin, eco B there are some good stuff. I can kind of tell you about the trends. The things that we're liking to see. Yeah. Yeah. So people who live under GDPR or CCPA regulations like that's a good thing. We're seeing positive stuff there. People are choosing to store their data locally instead of in the cloud. There's some great work being done by public health officials who are looking to collect information about COVID-19 outbreaks in anonymized way, which is great. There's a company called whoops strap for one called kinza and aura that are helping to track this stuff. And then there's some great stuff happening in kids products. So parents of kids who want to get their kids interested in coding, right? Very online activity. And there are some really cool products on the market. My favorite one was the iRobot root. And the RD 3000. These are the good things. But then there's some bad stuff, some stuff we're concerned about. First of all, and I mentioned this, the 6 and a half hours, right?.
"mozilla" Discussed on AdExchanger Talks
"I mean, that means something to people. And that we've got this long track record of pushing back on big tech, and making decisions in our own products and the way that we work all the way down to our own corporate advertising. That really supports what we're after here. So again, I think it just depends on the audience, but ultimately, knowing that we're in the room and that we're at the table when these important conversations are happening. And when different policy decisions are being made, just gives us some gravity. And being able to help people understand that we're here. We're here to care to make sure that, you know, the right decisions are being made on their behalf. I mean, in that vein, I very recently learned that Mozilla is behind the formation of a new group at the W3C that's going to review proposals and work with different members to try and reach consensus, which, I mean, to my mind is a humongous nut to crack. It's my impression that a lot of heads are butting up against each other on the long and winding road to technical solutions that everyone can live with. Supporting the business of online advertising and doing that without scripting on user privacy. So just tell me a little bit about that new group and why would Mozilla want to step in the middle of what I think is a total 9 field. You're probably right. It's definitely a complicated space. Okay, so we just initiated what's called the private advertising technology community group. In the W3C and essentially it brings together these major players of the online add ecosystem. And the headline there is that we're trying to work together in this broader group to identify alternatives to the third to third party cookies. Alternatives, of course, that put privacy first. And what are some examples of companies that join this community group? Yeah, so it's kind of the usual suspects. It's the people that you would expect to be in the room for a conversation sort of as big and media as that. So different ad networks, publishers, Google, Facebook, Microsoft, The Washington Post. There's lots of big players in the room. So that is a group to talk about B2B technologies that will have a huge impact on consumers because we're talking about what will underpin monetization online. So B2B with a dotted line to B2C, but very squarely focused on B2C every year, Mozilla puts out a holiday shopping guide, but it's not like a regular or at least not your typical holiday shopping guide. You guys call it the privacy, not included guide to health consumers aside which tech products they can trust from a privacy perspective and which ones to steer clear of. So I had a look at it. I mean, some of the worst offenders is not super surprising, like Facebook portal, natch. Amazon echo, but surprisingly, the Nordic track treadmill. That's interesting. But yeah, so tell me a little bit about that guide. How should people use it? Why do you go through the effort of compiling it every year, just some takeaways? Yeah, for sure. I mean, this is one of the projects that I love, right? Because when we think about helping people find the good stuff online, this is just such a great way to do that. So the point here is to give people consumers regular folks, the information that they need to make buying.
"mozilla" Discussed on AdExchanger Talks
"Detect in someone's browser and spoiler alert Eric uncovers a bunch of problems with it, like the fact that it's actually possible to use it to use privacy budget mechanisms for tracking, which kind of defeats the purpose. But yeah, just taking a step back, why do you guys publish these sorts of pieces? Why do we publish them? I mean, I think, you know, I spoke to this earlier, but I think we're in a really unique position to be able to have a perspective that's unencumbered by some of the tensions that other companies have, but we've got the tech expertise to really have a strong point of view. So, you know, specifically around Google's flock proposal. You know, the goal of that efforts to make it possible to target ads based on the interests of users without revealing their browsing history. So this is really interesting in concept. We're just talking about this. And definitely worth exploring. And we love to see that the exploration of that type of work. But the current design has a number of troubling privacy properties that are difficult to fix. And I think our ability to engage and have those discussions and really have some thought leadership around them backed not just by our 20 year history of being really invested in this type of work and in this sort of territory of work, but also by the technical expertise that allows us to sort of ask the right questions. And I think, you know, that combination can be really powerful. And what sort of roles is this play, this type of thought leadership play in marketing, Mozilla, like, how do you use it from your perspective? Sure. I mean, we got to consider your audience. The first rule, the golden rule of marketing is who are we talking to? And I think that our thought leadership our expertise in this space earth obsession with protecting people over the years, it shows up differently depending on who we're talking to. I mean, when we're thinking about these regulatory bodies and folks that maybe have a little bit more foundational understanding of the ecosystem, we can really kind of get into it with the things like you're talking about the work that doing. We call Eric ecker. That's his name. Okay. Now I know. Russia, and he is eccard. Does everyone have a nickname? You know, kinda, I'm a nickname gal. But ecker is widely known as echo, I think even as kids call him up or sometimes. Not to. So, you know, that's like that's a different audience. And we can really leverage that expertise and get kind of deep. But when you're thinking about sort of broader consumer audiences, you can't have the expectation that people are going to spend hours and hours doing their homework and understanding the complexity of something that, you know, it's tough, it's tough to really talk through and understand even if we spend all day every day on it like you and I do. So when it comes to sort of a basic consumer side, I think there's just a few things that really resonate with people and one of the most important ones is that we're backed by a nonprofit..
"mozilla" Discussed on AdExchanger Talks
"And so, you know, when it comes to Firefox, it's just this really unique independent choice in a market that's flooded with options from these huge sort of behemoths that represent really complex ecosystems. And that really are optimizing for most of the time their own advertising systems. I mean, right? So in a world where the idea of online advertising is so central to the Internet, just really recognizing that's really intrusive. So I think Firefox is really looking to create a space where people can make a different choice and have a little bit of independence from all that stuff. When you said Mozilla, Firefox around for 20 years, it just this thought popped into my mind. My dad used to call Firefox, Mozilla, like he would confuse the two and he would, but he would call it Mozilla. Anyway, so I have a fond memory of that. So as you were saying, online advertising, it supports the open Internet, and I think Mozilla has a stake in keeping the open Internet alive and well. You know, you're obviously not alone in the fact that Mozilla funds itself through online advertising. So just talk a little bit about Mozilla's business model, and then after that, maybe we can talk a little bit about some of the experiments and the testing products that you guys are doing to try and create a balance between privacy protection, but also enabling the funding of oneself, one's business, publishers, everybody, through online advertising. Yeah, sure. I mean, I think foundationally like the advertising ecosystem online is fundamentally broken right now. I believe that. And that's important to keep in mind. I mean, I think the future of online advertising is more private, more transparent. And that's where my brain is. That's why I'm here. So at Mozilla, we're really thinking about highlighting the good part of the Internet while protecting people from the bad stuff. And so when we think about, what are the different levers to influence the data ecosystem and online advertising? And you mentioned this, we're sitting at this fork in the road with the end of third party cookies. We need to sort of ask ourselves, how do we build something better? Because there are really two scenarios right ahead of us when it comes to ad tech. It's either we end up with something brand new that does the same thing, right? Or worse potentially, or we move towards a better model with more privacy built in. So in the last couple of years, at Mozilla, we've started participating in that ecosystem in ways we really haven't done before..
Ubuntu Podcast TEST
"mozilla" Discussed on Ubuntu Podcast TEST
"Pushing a new version to the snap store and updating all those machines out in the wild rather than waiting for someone to have to build a Deb of it and then upload it to the archive and go through the process in the archive, which is a lot slower. This initiative was absolutely driven by Mozilla, you know, they contacted canonical over a year and a half ago around this issue. So yeah, and I was involved in some of those initial conversations. But you know, it serves their interests well. What's interesting about this is that Mozilla have distribution rights for Firefox. So in order to ship Firefox as Firefox with modifications made to it, like for example, the default start page, you'll know that I've been to has a branded start page. Then you have to apply for distribution rights to Mozilla and there is a contract in place to support all of that. And that contract was up for renewal. Mozilla saw an opportunity to streamline the way they can deliver Firefox to Ubuntu users. And that was the start of that conversation. That's really interesting. I mean, one of the things that I quite like about this is that we've had discussions before and we've had feedback in to the show and in our telegram channel about snaps. And particular desktop snaps. Being slow to start and having other problems integrating and I spoke a while ago about how when I first tried the Firefox stamp, I stopped using it because of the integration points weren't what they ought to be. And I think it's a really good move to do this with something, not just a default installed application, but the web browser perhaps the most used default in store application because it gives all of these things absolutely nowhere to hide in the QA process. All of these things now absolutely have to work. There's no getting away from that. And what I would encourage the peanut gallery on the Internet to do is not just tweet and make YouTube videos about how this all sucks in its terrible. But speak to the developers, go to the bug tracker, raise the profile of the bugs that are already existing by marking them with the MeToo button at the top. And if you know other people who are affected by these bugs, get them to go and meet the bugs, describe the problem articulately in a friendly and respectful way on the bug tracker, because that's the way to get the developer's attention, tweeting and YouTubing and arguing on forums about this being the worst thing in the world and it's terrible because dot dot dot actually won't fix anything. The best thing to do is to talk to the people who are doing this packaging, which is Mozilla and canonical directly to the developers on the bug tracker and that will get
"mozilla" Discussed on Ubuntu Podcast
"It does make you wonder how many of these 1404 and 1604 machines there are out there. There was one fairly prominent person in canonical who reluctantly well not reluctantly would refuse to upgrade and she would keep her 1604 system on unity for a very long time. And she resisted moving off of the unity desktop and just kept her 1604 system. I think snaps are invented for her. Well, you might remember that 1204 went through this ESM process, some time ago. And as I understand it, it was a single customer that that was delivered for. So there is somebody significant out there with a lot of Ubuntu, who wanted to stay on 1204, very, very, very, very much. They threw a large bag of money at canonical. Please don't make it go away. Excellent. And finally, in completely non controversial news, which won't matter to anyone, Ubuntu is switching the default Firefox install from Deb to snap. What? Outrage. Et cetera. Yes. This was an announced by Ken van dyne from the desktop team. As a cartwheel, it is like a code freeze exception. Is that what it was called for free? This will be in the next release of Ubuntu vanilla flavor and in the next LTS of all of the other flavors. I believe is that correct? Yes, assuming all goes well. Yes. From what I hear, they were conversations between canonical and Mozilla and depending upon who's post you read. It seems unclear whether this is a canonical driven thing or a Mozilla driven thing. But the net result is the Deb of Firefox, a default application will now be replaced with the snap of Firefox, which makes it easier for canonical slash Mozilla slash however to keep that snap up to date by pushing a new version to the.
"mozilla" Discussed on Ubuntu Podcast
"Yes, assuming all goes well. Yes. From what I hear, they were conversations between canonical and Mozilla and depending upon who's post you read. It seems unclear whether this is a canonical driven thing or a Mozilla driven thing, but the net result is the Deb of Firefox, a default application will now be replaced with the snap of Firefox, which makes it easier for canonical slash Mozilla slash however to keep that snap up to date by pushing a new version to the snap store and updating all those machines out in the wild. Rather than waiting for someone to have to build a Deb of it and then upload it to the archive and go through the process in the archive, which is a lot slower. Yeah. This initiative was absolutely driven by Mozilla. You know, they contacted canonical over a year and a half ago around this issue. So yeah, and I was involved in some of those initial conversations, but you know it serves their interests well. What's interesting about this is that Mozilla have distribution rights for Firefox. So in order to ship Firefox, as Firefox, with modifications made to it, like for example, the default start page, you'll know that Ubuntu has a branded start page, then you have to apply for distribution rights to Mozilla and there is a contract in place to support all of that. And that contract was up for renewal, a Mozilla saw an opportunity to streamline the way they can deliver Firefox to Ubuntu users. And that was the start of that conversation. That's really interesting. One of the things that I quite like about this is that we've had discussions before and we've had feedback to the show and in our telegram channel about snaps. And particular desktop snaps being slow to start and having other problems integrating and I spoke a while ago about how when I first tried the Firefox snap, I stopped using it because of the integration points weren't what they ought to be. And I think it's a really good move to do this with something not just a default installed application, but the web browser perhaps the most used default in store an application because it gives all of these things absolutely nowhere to hide in the QA process. All of these things now absolutely have to work. There's no getting away from that. And what I would encourage the peanut gallery on the Internet to do is not just tweet and make YouTube videos about how this all sucks and it's terrible. But speak to the developers, go to the bug tracker, raise the profile of the bugs that are already existing by marking them with the me too button at the top. And if you know other people who are affected by these bugs, get them to go and me too the bugs describe the problem articulately in a friendly and respectful way on the bug tracker, because that's the way to get the developers attention, tweeting and YouTube being and arguing on forums about this being the worst thing in the world and it's terrible because dot dot dot actually won't fix anything. The best thing to do is to talk to the people who are doing this packaging,.
"mozilla" Discussed on Ubuntu Podcast
"Yes, assuming all goes well. Yes. From what I hear, they were conversations between canonical and Mozilla and depending upon who's post you read. It seems unclear whether this is a canonical driven thing or a Mozilla driven thing, but the net result is the Deb of Firefox, a default application will now be replaced with the snap of Firefox, which makes it easier for canonical slash Mozilla slash however to keep that snap up to date by pushing a new version to the snap store and updating all those machines out in the wild. Rather than waiting for someone to have to build a Deb of it and then upload it to the archive and go through the process in the archive, which is a lot slower. Yeah. This initiative was absolutely driven by Mozilla. You know, they contacted canonical over a year and a half ago around this issue. So yeah, and I was involved in some of those initial conversations, but you know it serves their interests well. What's interesting about this is that Mozilla have distribution rights for Firefox. So in order to ship Firefox, as Firefox, with modifications made to it, like for example, the default start page, you'll know that Ubuntu has a branded start page, then you have to apply for distribution rights to Mozilla and there is a contract in place to support all of that. And that contract was up for renewal, a Mozilla saw an opportunity to streamline the way they can deliver Firefox to Ubuntu users. And that was the start of that conversation. That's really interesting. One of the things that I quite like about this is that we've had discussions before and we've had feedback to the show and in our telegram channel about snaps. And particular desktop snaps being slow to start and having other problems integrating and I spoke a while ago about how when I first tried the Firefox snap, I stopped using it because of the integration points weren't what they ought to be. And I think it's a really good move to do this with something not just a default installed application, but the web browser perhaps the most used default in store an application because it gives all of these things absolutely nowhere to hide in the QA process. All of these things now absolutely have to work. There's no getting away from that. And what I would encourage the peanut gallery on the Internet to do is not just tweet and make YouTube videos about how this all sucks and it's terrible. But speak to the developers, go to the bug tracker, raise the profile of the bugs that are already existing by marking them with the me too button at the top. And if you know other people who are affected by these bugs, get them to go and me too the bugs describe the problem articulately in a friendly and respectful way on the bug tracker, because that's the way to get the developers attention, tweeting and YouTube being and arguing on forums about this being the worst thing in the world and it's terrible because dot dot dot actually won't fix anything. The best thing to do is to talk to the people who are doing this packaging, which is Mozilla and canonical, directly to the developers on the bug tracker, and that will get.
This Week In Google
"mozilla" Discussed on This Week In Google
"The reason maybe Because in schools a lot of times when you're doing a zoom class Or something like that. They wanna make sure that you're actually there and not pretending to be there for tennis purposes so this feature notifies when a user's idle it looks at things like the mouse the keyboard screen locking or user switching away from the screen applications which facilitate collaboration require more global signals about whether the user is idol that are provided by the existing mechanisms that only consider uses application with the applications interaction with the applications. I'm tag so developers from slack and google chat liked it. mozilla 's tech djelic said. I consider idle detection too. Tempting of an opportunity for surveillance. Capitalism motivated websites to invade an aspect of the users physical privacy keep long-term records of physical user behaviors discerning daily rhythms like. Oh it's his lunchtime. The computer societal for an hour or and then using that for proactive psychological manipulation. Don't you think a burger from burger king. It'd be nice right about now In addition such course patterns could be used by websites to surreptitiously max out local compute resources for proof of work computations. I it coin wasting electricity. Yeah yeah so despite The complaints chrome ninety. Four has the idle detection. Api so there's something for everybody. Google can now adjust its android auto. You i for right hand drive cars so i guess the ui users. I don't know people who on the left k. k. area..
"mozilla" Discussed on Security Now
"Okay so i'll just repeat that it would be utterly wonderful to see this added into chromium so that all those non google users of the chrome browser engine. You know brave edge opera silk. Vivaldi and others could also terminate tracking at the user's choice in. I don't think this could be done with an ad on. It probably needs to be implemented pretty deep in the browsers core. But maybe this hopefully this notion will catch on okay without understanding what happened. last tuesday. the mazzola the mozilla security blog posted an update on the bribers on the privacy. Enhancing changes. They're continuing to make and fire fox and now sadly they once again gave this new feature the rather milquetoasty name enhanced cookie clearing. Really they you know. They desperately need someone to snazzy up their naming department over there at mozilla instead of the yawn inducing enhanced cookie clearing name. I was thinking if something more line along. The lines of website history ectomy. No no no no no no no ninety one. Oh just press the website and history. Demy fire fox immediately completely utterly forgets everything and i mean everything it ever knew about that. Now leo come on. You're never gonna forget that. no. I remember it now. Yeah yeah so. So what does it do. So mozilla explains this way and provide some additional detail..
Daily Tech Headlines
Firefox 91 Pushes Privacy With New Stronger Cookie-Clearing Option
"Mozilla released. Fire fox ninety one which included enhanced cookie clearing privacy feature letting users manage all cookies and locally stored data generated by a particular website. This includes cookies tied to a sites domain or place from the site from a third party domain letting users delete an entire bucket of cookies belonging to that website across various domains.
Daily Tech News Show
"mozilla" Discussed on Daily Tech News Show
"Connection between a healthy microbiome. Our health is clear. Meat pendulum glucose control a patented medical probiotic. That's revolutionizing the dietary management of type two diabetes by the lower blood sugar and a one c levels pendulum contains unique strains of beneficial bacteria often missing in people with type two diabetes visit pendulum life dot com for product details and use code control. Twenty to save twenty dollars on your first order. What does it take to end cyber-attacks. At cyber reason we can tell you exactly what it takes. It takes an army of battle-tested defenders on a mission defenders who fight the foes that operate under the cover of digital darkness defenders who think move and adapt faster than cyber attackers defenders with the technology and effortless automation to spot an attack forming on computers mobile devices servers. And the cloud and alert you when it matters most to end cyberattacks it takes the brightest minds in global cyber intelligence working to deliver future ready protection to guard your data wherever the fight moves cyber reasons. Ready to win the battle with you and for you in the fight to end cyber attacks. We are the defenders. join us to reverse. The adversary advantage would proactive. Protection against ever evolving threats. Cyber reason end cyber-attacks for men points everywhere learn more siberian dot com and these are the daily tech headlines for friday. June twenty fifth twenty twenty. One i'm rich leo. Mozilla launched data sharing platform and plug in college rally which lets users opt into sharing browsing data with computer scientists and sociologists studying the web as well as a websites toolkit that allows researchers to create standardized browser studies on rally. This data will initially be used by princeton university for a study on how users find and share news on politics and covid nineteen at microsoft's windows eleven event. The company revealed the os will be released by the holiday season and available as a free upgrade to windows ten. The os will support running android apps. Thanks to a intel bridge. Runtime post compiler. The start menu moves to the center with integrated search. It includes a widget screen that slides in from the left anecdotes includes microsoft. Teams integration out of the box. The uk's competition and markets authority launched an investigation into amazon and. Google are doing enough to crack down on fake reviews although the regular cautioned it hasn't reached view whether either company has broken the law. As a result this follows a broader initial investigation the cma launched in may two thousand twenty assessing several platforms internal systems and processes for handling fake reviews snap to deal with universal music group which lets snapchat users use universal tracks in messages and posts as well as shared links to full songs from streaming services. Step i launched this feature in october with warner music and previously had access to song from universal and sony but not music performed by universal artists. Tcl showed off a wearable display called. Next where g at this year. Cbs and now plans to release it in july initially in australia for eight hundred ninety nine australian dollars. That's about six hundred eighty. Us dollars and eventually coming to other markets. This isn't an ar or vr headset. It includes to ten eighty micro oland panels to provide the effect of viewing a one hundred forty inch screen. A security researcher from mayo. Active joseph rodriguez discovered that many. Nfc payments systems don't validate the size of the data. Packets sent through nfc from credit card to the reader allowing him to creighton android app. To send extra large packets to spur a buffer overload. This opened the system to invisibly changing value of transactions crashing the system intercepting payment data and when combined with other experts in an atm. Getting it to distribute cash rodriguez contacted impacted vendors between seven months and a year ago but with many machines recurring physical access to its updates. Many are left vulnerable. Some owners of western digital my book nass devices report finding the devices factory recent with all data wiped with log file showing the command to reset the devices sent remotely western digital posted advisory telling customers to disconnect them from the internet and a spokesperson said. The company is investigating the incidents and did not believe is internal servers were compromised. Aws announced it acquired the secure communication service wicker which claims to be the only collaboration service that meets the security criteria of the nsa aws will continue to offer existing liquor services and begin offering her services to aws customers. Effective immediately amazon announced tends to also acquire the podcast hosting and monetization platform art. Nineteen an amazon spokesperson said. Nothing will immediately change on nineteenth platform with last year's acquisition of one three amazon now holds a podcast content creation studio hosting platform and the ability to sell audio ads. Google began testing a new prompt and search warning. That if this topic is new it can sometimes take time for results to be added by reliable sources. The company said this warning will generally only apply to developing trending topics designed not to say if the information is right or wrong but that the search involves updating situation that may change with more information base confirmed its testing letting users create instagram. Feed post from desktop browsers previously post could only be created from mobile apps. It's not clear how many users have access to the test but users can select aspect ratios apply built in filters and do basic. It's from the desktop. Google contacts received an oscar to bring it more in line with google workspace. The web app now displays context in full screen rather than a pop up with name email address phone and office location displayed in a profile card with a separate management chain showing how the person falls in an org chart and a list of recent interactions with that contact and finally artist. Mike winkelmann aka people co founded an nfc platform called. We knew designed to sell limited edition and a tease representing comic moments. In the careers of athletes and artists pittsburgh founder ryan tribes serves as the editor in chief of we knew to curate. The moment sold the platform and build stories around them. Remember from our discussion of the news of the day. Subscribe daily tech new show in new show dot com. You can find show notes and links to all these headlines there as well. Thanks listening blow talk to you next time and from all of us here at daily tech headlines remember they super sparkly day cast powers. Some of the world's best podcasts. Here's a show. We recommend hi. I'm bricked avar. Designedly and i am obsessed with all things beauty skin care and wellness. I created naked beauty to interview the women. I admire about their approach to beauty and self care. Some of my previous guests include gabrielle union. Hannah rothman and denise avaz e all incredible women and what i really tried to get to the heart of is they make the decisions they make. How do they think about their skin. Care routine how do they think about self expression and self presentation and how did the way. They grew up in form the way that they approach beauty today. If you love beauty and you love getting to know incredible women you should probably be listening to naked beauty new episodes every monday. Wherever you listen to podcasts. That's naked beauty cash..
The Dan Bongino Show
There Is Weighing Evidence of the Wuhan Lab Leak Theory
"Don't accept the premise of a faulty question. Mike Pompeo shut that right down, He said it quite clearly. I don't accept the premise of your question. That there's a scarcity of evidence leaning towards the lab league theory. I don't accept that at all. The evidence is everywhere. I just told you what the evidence is, folks again. I know if you're a liberal listening, you have a you know, a six ft wall of lead between you your cerebral cortex and facts. I know it's Impenetrable. I know facts are like kryptonite for you. You're like liberal Kryptonians. I get that. But stop saying things like there's no evidence the evidence is everywhere. How did just ask the questions? Notice. I've been very clear. I don't make dis positive statements if I can't back them up. Do I have conclusive evidence? This came from a lab Mozilla public. I do not Do I have evidence leading me to believe that? That is the likely hypothesis? I do. Do you have evidence indicating that an alternate hypothesis? All that came from nature is true. You do not Therefore, weighing the evidence reason Rationality logic weighing the evidence, a sane person would say the lab leak looks most most likely.
Cyber Security Headlines
Google antitrust lawsuit amended to target Chrome’s Privacy Sandbox
"Google antitrust lawsuit looks privacy. Sandbox a group of fifteen attorneys-general led by texas filed an antitrust lawsuit against google in december saying google used its monopolistic power to control pricing. It's tech policies and updated filing targets google's privacy sandbox initiative the filing now questions that with gouze considerable chrome browser market share if the company's privacy sandbox initiative isn't self-serving this would follows similar moves by mozilla apple removing support for third party cookies but the lawsuit argues this would require advertisers use google as a middleman and further entrench its advertising
Edge to be updated with browser extensions "Manifest v3"
"Edge. Is going to. BE UPDATED WITH BROWSER EXTENSIONS Known as Manifest V. Three. The proposed changes to the web extensions API, which are sort of. generically known as manifest. The three just shortly known were first announced by Google two years ago back in October twenty eighteen, and this was four you know chromium. This is what Google said, what we're GONNA do. And we talked about this at the time our listeners may remember these stated plans from Google did not go over very well with the industry. When they announced their planned changes, they explained Google explained that the main intent of this manifest victory was to improve extension security, improve extension performance, and give users greater control over what extensions did and which sites they could interact with which all sounds great. But extension developers quickly pointed out that this manifest V. three updates contain changes which would cripple the ability of ad blockers Av parental control enforcement, and various privacy enhancing extensions to do their job as they had been and as a consequence Google's. Announcement, triggered a significant backlash from users, extension developers, and even other browser makers. Because among other things, the extensions had the effect of limiting the power of adblocker to block ads Of course, the Non Google community was unhappy to see Google clearly an advertising based company. Moving to limit our ability to to control the ads that are browsers would be subjecting us to and as I've often mentioned. From time to time, I will encounter a browser lacking a competent adblocker. And I'm always shocked by the experience I think wait whoa you know buckle up. It's just it's horrific. So I can imagine choosing a browser entirely based upon whether or not it allowed me to have control over just how obnoxious the ads work that I was being served. And back at the time browsers including opera brave and vivaldi quickly distanced themselves from Google's plans, announcing their intentions to ignore these manifest v. three updates and thus allow users to keep using the AD blockers. They already were using and liked, and Mozilla which had implemented. The web extensions API up to that point in Fire Fox in order to get compatibility with where the rest of the industry was going. Also explicitly denounced crumbs plans and said, it would not be following Google's web extensions API to the letter and would instead be making its own changes to allow ad blockers to continue working as they always have now. I would argue. that. Google had its heart in the right place. But that they did. Perhaps wilfully under appreciate the importance of allowing for dynamic extension based page filtering. Here's what happened at the technology level, the original web request API. And that's what it was known. The web replaced API allowed developers, of Web. Extensions. To install complete and powerful in line filters both in the query and in the reply loops sort of. Sir encircling the the browsers engine a query filter would inspect and perhaps modify any browser queries. Leaving the browser on the way to remote web servers and a reply filter would receive remote web server replies before the browser engine saw them, and this would allow the extension to make extensive edits of the received page among other things blocking subsequent requests for secondary page assets like ads. Google's. V THREE RE engineered solution. was going to discard all of that and in fact has. In favor of what they called a declarative net request API. Google explained that it would prevent extensions from inspecting web requests made on a page while providing much of the same functionality, and again I'll say that I think Google heart was in the right place because that Previ- three filtering. Which is what we've been living with for the lap for like up until now. was, awesomely powerful. A two years ago at the time of the announcement Simeon Vincent who is the developer advocate for chrome extensions said that forty two percent of all malicious extensions which Google had detected. Year to date. So from January twenty seventeen, until October, I'm sorry from January two, thousand, eighteen until October two, thousand eighteen. Forty two percent of all militias extensions were abusing that API. For nefarious purposes. He said quote with Web Request Chrome sends all the data in a network request to the listening extension including any sensitive data contained in that request like personal photos or emails. He says because all of the request data is exposed to the extension, it makes it very easy for a malicious developer to abuse that access to a user's credentials, accounts or personal information. Gives me. All of that is true. Which is why I like the idea if we can somehow like arranged to get both if we could have good blocking. While somehow not allowing extensions. That could misbehave to see everything coming and going to and from the. Web Browser. So with Google's declarative net request API, which is what is in the V. Three. Next Generation, an extension pre registers rules. That the browser reads and then applies to each web page before and after it's loaded. This hugely improves security and privacy since extensions never receive and see all of the page data which they up which they do under V two. And then the browser makes all the modifications requested on behalf of the extension only when one or more of those pre declared rules are met. An addition to enhance privacy and security this allows crumbs optimized processing paths to handle all of the actual web request filtering rather than leaving this to an extensions possibly slow Java script code. So we get a big performance boosts in addition to enhance privacy and safety. So. The the problem is these changes promised to create a number of problems. The first obvious was that this would be restricting what extensions were able to do. And I don't see any way round that you're either going to give extensions like unfettered full access to a web page or you're going to say. We know just tell us what things you're sensitive about, and we'll look for those for you and then then take care of it. So for example, at the time, the developers of no script and you block origin were not happy because they liked the power that they had. They made it clear that the new API's declarative rule system would not provide the same level of control. But the most glaring limitation that arose at the time was the total number of rules that the new engine could accommodate Google plan to allow which what what I would think would seem like plenty of rules at thirty thousand. But it was quickly revealed to be far insufficient for AD blockers. They often have to filter web requests for hundreds of thousands of AD. Related Domains these days. So during the debate which ensued, the State Requirements Range from ninety thousand to one hundred and fifty thousand some people even arguing that like look let's not. You know like have a too low limit that ad blockers could could hit their heads on. So how about half a million? Anyway Google compromised and did agree to raise their planned thirty, thousand, two, hundred, fifty, thousand individual rules. So that's where we are and that brings us to today. Manifest V. Three changes are now being tested in chrome developer channels and much of the post announcement grumbling from two years ago has died down although some adblocker extensions. The, devs have given up on their products ability to reliably block ads. Once these changes reach stable versions of chrome. And I think that may be some grumbling.
Equity Shot: The DoJ, Google, and the suit could mean for startups
"Hello and welcome to an equity shot. My name is Alex Wilhelm. I Have Danny Crichton on the phone Danny, how are you? I'm doing. All right. Alex how are you today? Better than Google who has been sued by the DOJ and eleven state aid over anticompetitive behaviour. Now, Danny we have known for a long time that this was coming. It was pre sage tr- think rather heavily I had a chance to dig into the actual filing. I have many many opinions but just going to set the ground people are tuning in and unsure of why we've reached this moment why Google and why? Now why did take me a little bit of time to find the filing I using bang and after I gave up and Use Google which may be part of the problem but let let's let's boil it down. Obviously big tech has gotten really really large over the last decade there's been increasing concerns about all the big tech companies everything from facebook to apple, Google and onwards and onwards. What are the angles that the government is trying to take on unto regulating these companies is around antitrust. In the United States the major antitrust act is the Sherman. act. That Jay filed under this morning under section two it's specifically focused on search and particularly search advertising and so. One of the things on the conference call with journalists. This morning that the wd was talking about is obviously there's a lot of concerns about social media bias. There's a lot of concerns Abou- Anti competitive practices around android and chrome, and a bunch of other issues all around tech. This lawsuit from you Jay is only focused on searching particularly search advertising and the reason. That sort of comes out of some of theories out of Yale and some other law schools which are focused on Google's consolidation of the ad market over the the arts and teen to its acquisition of Doubleclick and a bunch of other at tech companies over the years. So they've launches lawsuit they have eleven Geez all those agencies were gop, agee's and it's filed this morning. To point out that this is all about focused on search search access in some way more than I expected the circular benefits that Google gets scale as google has more data coming into view usage you can improve its products and therefore it's better than everyone else, and so the is how does Google maintain all of this market share and my read of of of the lawsuits some of the points are pretty good. Some were bad. So I think that there's a key paragraph that I went to bring us everyone listening. That I pulled out from the filing. This is from deeper into it. So if you go just meet the I won't see it but it's a good summation. So if you'll excuse my terrible reading voice here, we here's a DOJ's opinion about all the stuff google has unlawfully maintained its monopoly by implementing force in a series of exclusionary agreements with distributors or at least the last decade particularly when taken together Google exclusionary agreements have denied rivals rivals access to the most important distribution channels. In fact, Google exclusionary conduct cover almost sixty percent. Of US search queries be things like it's android device agreements. I'd add almost half of the remains are funneled through properties owned and operated directly by Google. So essentially, this boils down to Google has used commercial relationships to essentially force other companies specifically device manufacturers to pre install google software and give Google search preeminence. Google then gives manufactures often cut revenue back to make it look like a transaction but in reality if you want to run ANDROID, you have to use Google on your phone or you can't get access to anything. That you need, and then therefore you become a partner and the consumer gets Google kind of pre installed and pre defaulted. It might my issue at this is a pre default or a preset default is not a death sentence and this DOJ filing kind of treats a preset default, the end of the conversation for that consumer. So if consumers were just more active in picking what they wanted us, there won't be much of an issue here. So I'm curious about your view on their relative strengths of the different arguments as you've rhythm. To me the with nuts here is to think back to use v Microsoft you know what? Two decades ago in one was a landmark trust case particularly in tech but even just generally, it was focus on defaults of browsers within explorer explorer on windows and twenty years for we're still talking about default search engines that are browsers but through browsers, it's not even about the browser. Today. But basically, what search engine is in the bar up I, think that this is an interesting angle. Again, I think the advertising pieces much more critical. The advertising market Google is very dominant and it's network effects is very, very strong and network only exists because Google owns a frivolous vertically integrated sort of add operation right now and can really join in any part of the tier. Tracking the can't do analytics because Google owns a whole stack and so to me that has always been the strongest part the the browsers are tricky, right so so Google does pay apple for instance, billions of dollars to be in safari and particularly mobile safari. It pays Mozilla hundreds of millions of dollars of not billions of dollars to be the default search engine in Mozilla, and that's one of the largest revenue sources for the foundation and the company. Google's argument has always been consumers have choice. In fact, BING DOT COM is less characters than google dot com it takes less work to get to Bengal com a crazy as it sounds but the reality is that has this victory in search for reason, is because they own so many different components they have you know excerpts from different sites that are built around technologies that you know even here tech-rich we have integrate with Google search to ensure that our articles are given priority in those search engines so we can't just. Ignore, Google entirely, and so I i. think the argument is fairly decent. Now, the challenge here is that there's so many different angles there seventy lost his the democratic. AGEE's have their own lawsuit underway and they've said they're going to continue to do that separately from the DOJ congress's looking into second to thirty, which affects more facebook but also potentially goodwill as a sort of open harbor and forgetting the term. Now you say her safe harbor harbor it's a safe harbor I think safe harbors would have opened component they'd be lake. Exactly, the pond. Yes. The savings bond, but you know there's all these different angles I think what's interesting is the timing obviously the the DVD and his staff this morning really emphasizing this sort of the right time he said, it was after sixteen months of investigatory work on the antitrust division happened to be exactly two weeks before major US election to the reality is is as has been a discussion at the DJ. For a decade. So you know it is obviously particularly all-time. The reality is they've been doing this work since you've only years possibly even to the Bush years as well.
Mozilla: UNFCKD the Internet
"So the Internet is not working says Lindsay Shepherd who likes to be called Chap and she works for Missoula Org and they have a new campaign get ready called UN F C Caid the Internet and she's GonNa. Tell us all about the campaign. Hey shop what do you say hold a person good to talk to you. So the problem in nutshell is what? The problem in nutshell is that the Internet has gone from something that is full of magic and incredible experiences to being riddled with systems that. Work under incentives that aren't about people there about prophets and so you know we've set up a series of actions that people can take simple things. You don't have to be some tech expert to understand how to do this stuff, but just simple things that people can do. Has More. Let's go down the. Shore. So we started off. This campaign with a first set of actions, and that's going to be changing over time because you know things change super quickly. Obviously. Online our first action is pretty simple. It's download fire Fox rate fire. Fox is really an independent browser. It doesn't track you. It doesn't keep your data and it's a way to kind of have that freedom of experience on the web. So that's always going to be like an easy recommendation US fire Fox browser gets you off to a good start. But. Then you start thinking about the different pieces of the Internet that people are using rate. one please little lot of people spend a lot of time time online as facebook. But what people don't know is that while they're posting picture their kids and their pets. There's lots of trackers that follow them around the web even after they leave. Right. So when you go to facebook and you leave facebook is following you around to understand where you're going what you're doing and using that to inform the content that you see on facebook and we don't think that's okay. We, think people should be able to sort of control that. So we recommend that people install our facebook container, which is basically an add on that prevents facebook from following you around on the web that's in Fire Fox. It's an add on fire Fox. Yes it is really effective. Can It really stop facebook from trucking? It really does we call it a container because sort of keeps facebook in a box where facebook is seeing what happens when you're on facebook. But not once you leave. One. Act to actions. What would a similar ones? You know we also want people to understand a little bit more about the situation Salako saying education is so critically important. So we are recommending that people take the time to watch the social dilemma on. Netflix, have you watched that yet? which is humanity about the the downside of being mind day. That's right and you know sort of profiles, some of these deeper rated problems in the system and so many folks are finding that really useful to understand helpings truly work. We don't believe that that necessarily gives the full breadth of the conversation, right? It's it's a bit of myopic view from a very specific group of people. So we recommend that people watch that, but we've also put together a compendium of different articles from different perspectives has a little bit more diversity to it. I'm for people to get a fuller sort of richer picture of what's going on there. So that that's another action that we recommend just educating yourself but not just from this one place like at the full breadth of perspective. W to. Bachelor. We do we have something called YouTube regrets? And basically it's another extension of fire. Fox in what it does is it lets you report regrettable recommendations that you've been served. People go to find out about the campaign at some of these other companies that. Iraq recommend. It's MAZZOLA DOT com slash U. N. F. C. K.
Microsoft's 0-Day Folly
"But. At some level if you can get a lot of them, that's aggregated value. It's it's not good. Speaking of not good. Last week's patch Tuesday. When when zd net subs up We've patch Tuesday saying Microsoft says attackers have used a windows zero day to spoof file signatures and another Roku Remote Code execution in the Internet explorer scripting engine to execute code on. USERS devices. We need to take a closer look and actually those two things are the subject of the podcast that we will get to because. It's just hard to believe what a closer look reveals. But we have a hundred and twenty new flaws. In Microsoft's software fixed last week making it the third largest patch bundle of all time topped only by each of the previous two months with good and July, weighing in with one hundred, twenty, nine and one, hundred, twenty, three fixes respectively. This month's bundle carried a bit more urgency than usual. Since one of those seventeen flaws which were classified critical was zero day underactive attack at the time of the updates and one of the remaining more than one hundred flaws rated as merely important was also a zero day being exploited in the wild and publicly disclosed. So not even secret. The first of the two is titled It's e Two, thousand twenty, thirteen, eighty scripting engine memory corruption vulnerability being scripting engine problem. We should not be surprised to learn that the source of the trouble is e eleven. It was reported by a researcher at Kaspersky lab, and since it could be invoked by a militias office document, the belief is that it was probably spotted being used in fishing campaign. Microsoft. Had this to say about it. They said in a web-based attacks scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through I e and then. Convince a user to view the website. An attacker could also embed an activex control marked safe initialisation in an application or Microsoft Office document that hosts the I e. rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user provided content or advertisements. These websites could contain specially crafted content that could exploit owner ability in other words. Anything, that puts content. On a website that is able to evoke I e which we know they can. Can. Can do this. So keep this in mind when we get to the other end of this podcast because. It's unbelievable what the history of this is. So that remains a threat to anybody who hasn't yet applied last Tuesday's updates to their installation of windows ten. So obviously, it would be good to do that the second zero day despite being actively exploited in the wild and publicly known is only rated as important, which seems odd since it is CV twenty, twenty, fourteen, sixty, four and labeled someone innocuously as a windows spoofing vulnerability. Okay I suppose the scale of the problem should relate to what's being spoofed bugs description will catch your attention because it allows attackers to spook the identities of other companies when signing digitally signing an executable. Now, that's the way the press covered. We will get to the details a bit later and Microsoft's words. They said these spoofed signatures could allow an attacker to bypass security features. Intended to prevent improperly signed files from being loaded. Now, all of this is a bit of misdirection because the signatures are actually not being spoofed as we'll. We'll exp explain that later. So this too is not good but. Will cover the details at the end beyond those two day those two zero days. Five of the other critical bug fixes are for Microsoft's Windows Media Foundation, the multimedia framework and infrastructure, which has been used to render digital content ever since windows seven and since windows server two, thousand eight. In these cases successful exploitation would allow an attacker to install militias south ware manipulate data, or create new accounts. And among the rest because again, we had one hundred and twenty to choose from There's also twenty, two, thousand, ten, forty, six, another nasty one in the dot net framework affecting versions two point zero through four point eight. It's a remote code execution flaw. In the way dot net handles imports. An attacker could exploit this vulnerability to gain admin level control of the vulnerable system. This vulnerability would be exploited by uploading a specially crafted file to a web APP, which is, of course, not a heavy lift these days there's all kinds of Web APPs that are saying you know that that involve uploading user submitted stuff. This allows that to be exploited. So as always don't wait too long before
Mozilla Suspends "Send" Due to Persistent Malware Abuse
"Someone were to go to send dot fire Fox Dot Com. At the moment they would be greeted by the little screen shot I have at the top of the security news of our show notes, which reads Fox and is temporarily unavailable while we work on product improvements, we appreciate your patience while we make the fire. Fox, Send Experience Better and Leo I think you did just go there did yes, and there it is so back because I really love. Fire Fox sent it so it's my go-to. Yes, it's my become my go-to file. Sharing Service the good news. It'll be back. The. Bad News is why it went away. Just to remind our listeners, we've talked about it before. IT allows files of up to one GIGABYTE if you're not signed in. Or two and a half gigabytes if you are to be locally encrypted in the browser. Optionally Password protected so that only the recipient is able to retrieve and decrypt the sent file. You get retention controls allowing the sender to set the time that is the duration and or a download count after which that content will expire from the Fire Fox send cloud and be removed. Unfortunately. As with anything that is simple, free and effective. Like think e mail. It's also subject to abuse by nefarious forces. The bad guys also love Fire Fox. Send because it lets them generate short-term links based on good-looking trusted domains for sharing arbitrary evil wear to unwitting victims, so thanks to fire Fox said the bad guys don't need to set up their own file sharing server. You know and like try to get a legitimate looking URL domain. They don't have to worry about making sure that you are. ells expire automatically. Mozilla does that for them and links it only work once create an extra challenge for security researchers. Even if the militias url is captured in a log by then it's probably been used so it's not possible to go back and obtain the original because it's been removed already. And, of course, since the IP is one of Mozilla servers. It's not one that anyone wants to just put a blanket block on. know I was GONNA say they wouldn't want to blacklist it but I'm working to be better. over the past few months fire, Fox, send it turns out has been used increasingly to store payloads for all sorts of cybercrime operations from ransomware through financial crime banking trojans. SPYWARE and used to target human rights. Defenders Fin seven revival also known as a so dino cabby. You are sniff. which is also the dream dot? Network and Z. loader are just some of the malware gangs and strains that have been seen hosting payloads using fire Fox, send as a consequence. The cyber security industry has has finally tipped its collective hat to Mozilla for suspending what has become a widely used and unfortunately now only abused service you know Mozilla did didn't just say Oh you know we recognize there's a problem we will be considering some changes in the future. They just shut it down. They said okay. We're GONNA. We're just GONNA. Stop making available until we can. You know upgraded? Cyber security researchers have suggested various changes to strengthen the service. One is to add a report abuse button so that flagging or killing militias links could be made much more quick and easy What Mozilla said in their statement about this, they said before relaunching. We will be adding an abuse reporting mechanism to augment the existing feedback form. And we will require all users wishing to share content using fire Fox send to sign in with a Fire Fox account. So. It's sad that once again we see the Internet's inherent anonymity, being abused and then having to be restricted. It was cool to be able to send up to one GIG with a twenty four hour expiration without needing an account with Mozilla. Even though I have one, but just zoom was forced to limit what they would allow to be done with full anonymity, so to now has Mozilla and as we know, even requiring an account is not a very high bar and my sense is, it's not going to be very effective, but at least it will help a bit, and it will help Mozilla to say hey, you know we've done all we can. We're doing you know we're doing all the we can do.
Apple forces the industry down to one-year web browser certificate lifespans
"February We talked about apple's surprise announcement during the CA Browser Forum. That in the future. And this was just unilateral that in the future it. First Affari on all of its platforms would rejecting any web server certificate having a not valid before date, which is technically the way the the date ranges stated, so it's very clear, not valid before. Date after August thirty first of this year of Twenty Twenty! And, which has a certificate lifetime greater than total lifetime greater than three hundred ninety eight days, so in other words starting just two months from now that is to say from September first on all CA certificates issued for use by web. Browsers must be issued with a one year plus thirty three days lifetime or shorter, not longer so this is the death of the more arguably convenient two or three year web server search that we've traditionally been using. Essentially sort of apple, biting the bullet and pushing an issue that the various non certificate authority participants in the so-called. The CAB forum to see a browser forum had been asking for for a long time. Google had put forth this issue. This measure for a vote at at the prior meeting and it had been in voted down. In a partisan vote by the certificate authorities said No. We don't want to shorten. Server certificates to a year. Well, Apple said okay tough. We're just we're just knocking on. Accept any and arguably safari is strong enough that Basically. They forced the issue so. When I talked about this initially in February. I discussed the many implications of this in great depth and detail so I'm not going to go into all that again if anyone. has joined us since then or wants a refresher. It's back in February. The reason this is back in the news. Is that now? The other two significant browsers in the industry, Mozilla and Google. Premium based offshoots of of Google's chrome browser have also announced there exactly aligned policies yes. Roy. Resting Wow. Yes that'll Ryan sleepy. Yeah he posted in. As sort of like they're, they're equivalent of things. We're going to change in the chromium blog. He said in force three ninety eight day validity for certificates issued on or after twenty, twenty, nine, a one September first of this year, and then the body of the messages enforce publicly trusted t LS server certificates have a lifetime of three hundred ninety eight days or less, if they are issued honor after you know September first twenty twenty and he said certificates that violate this will be rejected with an and the error. is error certificate validity too long and we'll be treated as miss issued. And also following up. Mozilla is Kathleen Wilson posted. Limit Reuse of domain name verification to three ninety five days and that was. A pound two. Oh six. And I think she did say three ninety five. I copied and pasted so that they're off by three three ninety eight. I believe that because our member three thirty one year plus thirty three was. That's just sort of give people a little bit such room. So. There is a long and very interesting discussion for people who've like such things. among the industry insiders who are the ones who make these essentially earthmoving decisions so I've included the Google groups discussion through a link in the show notes for anyone who's interested. I. Mean It's you know it's back and forth and a lot of discussion, but basically it comes down to well. You know this is what we wanted. Thank you apple for a biting the bullet. I. WE'RE ALL GONNA. Jump on board, so I mean so. And you know th the certificate authorities will end up changing their model rather than like for example you having to have a a cash transaction annually. You'll be able to. Purchase some block of time that you WANNA have certificates from them. And I imagine since that does create a little bit of lock in that they may extend that. You know they may say. Hey, we know. Stay with us, com-, commit to staying with us for ten years and we will lower the per year cost of certificates, and then it'll be like you know you log into your account, and basically you re issue a certificate before the one you have expires. What this will also do. We always run across instances where people are forgetting or sort of. Like it laps, or maybe it's a holiday, or it's a covert nineteen event one way or the other server certificates are expiring, and they're finding out only when people are screaming that they can no longer access the website, so maybe it being an annual thing, and it's as opposed to for example every three years, which maybe you're more likely to forget. That might help prevent that
Techmeme Ride Home
Mozilla Lays Off 70
"Speaking of the browser world things seemed to be somewhat more tumultuous over at Mozilla which is apparently laid off around seventy staffers the reason for the layoffs. It seems that the big plans that Mazzola had last year to diversify its revenue stream beyond simply cashing big checks from Google for their share of the search revenue. Those blades not exactly panned out quoting tech crunch in an internal memo Mozilla chairwoman and interim CEO Mitchell Baker specifically Wrigley mentioned the slow roll out of the organization's new revenue generating products as the reason. For why it needed to take this action. The overall number may still be higher though as Mozilla is is still looking into how this decision will affect workers in the UK and France in two thousand Eighteen Masili Corporation as opposed to the much smaller Mozilla Foundation said it had about afoul employees worldwide quote. You may recall that we expect it to be earning revenue in two thousand nine hundred and twenty thousand from new subscription products as well as higher revenue from sources outside outside of search. This did not happen. Baker writes in her memo are twenty nineteen plan underestimated how long it would take to build and ship new revenue generating products given that and all we learned in two thousand nineteen about the pace of innovation. We decided to take a more conservative approach to projecting our revenue for twenty twenty. We also agreed to a principle of living within within our means of not spending more than we earn for the foreseeable future and quote Mozilla had been testing a bunch of subscription based services like the Fire Fox private network and a device level.
Black Friday with privacy in mind
Daily Tech Headlines
Mozilla's Firefox 70 is out: Privacy reports reveal whose cookies are tracking you
This Week In Google
Firefox Web Browser
"Wanted to private browser but I think fire Fox is really really on the forefront. Now there's including <hes> the ability to use start page in the search bar as it searched default search engine <hes>. It's very easy to configure if you're GONNA START PAGE DOT COM and you've got fire Fox and there's one other thing I want to mention. Steve Gibson's been talking a lot. What about <hes> D._N._S. over H._T._T._p._s. the ferry bottom of the network settings in general settings of <hes> Fire Fox? If you enable D. H. D. S. over H._T._T._p._S. and use cloudflare. What'll happen is it'll use cloudflare's D._N._S.? Not Your I._S._P.'S D._N._S. Your I._S._p.. Every time you use you know go out and you know look up a site. Your is getting information about what sites you visit and many I._S._P.'s sell that information to marketers and other people and maybe that's something they don't deserve so <hes> they don't like it in fact the British Internet society or whatever said the Mozilla was the enemy of the year. They nominated them because they were enabling D._N._S. over H._T._T._p._S. Security N._S.. Because it would make it hard for the British authorities to filter sites another good reason to use it <hes> i. I'm starting to really feel like Mozilla with its sync with its features with its privacy. <hes> is is my choice choice for a browser. If you WANNA block trackers cookies crypto miners and finger printers <hes> all the features that <hes> that a privacy advocate would want her in here and <hes> and I'm starting to think what brave with its with its crypto currency and and some of the things it's doing maybe I maybe WanNa go with somebody who really has no axe to grind and that is of course a fire Fox Fire Fox plus start page. That's my new default for searching the interface start page in his searching the Internet start page each dot com.
Mozilla bans surveillance vendor from Firefox certificate whitelist
Latest In Tech News
Mozilla experiment to pollute what advertisers know about you
"Restart after everything freezes now for the former there are a lot of yet sites luxury designers stock market sites. Expensive watches in some equestrian real estate brokers. A page of sign up for a MasterCard gold card and a page book go room at the GM grand for ladder links to survival supplies. Checklists tents Mylar blankets, do Zeh movies, and a lot of conspiracy theories or hasn't that suit. Now as zilla noted in a blog post announcing the tool, it will likely only work as intended for a few days, and then we'll revert back to showing you adds more in line with your actual viewing preferences. This will show you ads for products. You might not be interested in at all. So it's really just throwing off brands who wanted to advertise various specific type of person you'll still be seeing ads eventually, if you use the internet as you typically would day today, you'll start seeing ads again at align more closely to your normal browsing habits. Of course, you're probably not gonna fire up one hundred tabs to routinely trick advertisers.
Marketplace Tech with Molly Wood
Could a challenger to iOS and Android come from China?
"This marketplace podcast is brought to you by the Michigan economic Development Corporation, Evan Lyle of rush enterprises, is a big fan of Michigan as he put it the future of mobility, is going to be decided right here in the state, visit planet dot com to find out why. That's P. L. A. N. E T, M dot com. Could the mobile operating system to challenge? I o s an Android come from China from American public media. This is marketplace. Tech demystifying the digital economy, I'm Ali would. The Chinese electronics guy in while way is the world's second biggest smartphone manufacturer. And it suddenly finds itself without an official mobile operating system. Google is scheduled to cut off while ways access to its official version of Android as of August that follows a US ban on doing business with w-way while we says it's been working on its own mobile operating system. And meanwhile, the Chinese company bite dance, which owns the hit social network, tick tock, said it would explore launching its own custom phone with preloaded by dance apps, but many have tried to build alternatives to either Android or Apple's. I o s and so far all have failed Julius gets a principal analyst at Forrester research. She said the reason is any new mobile operating system, just doesn't have enough apps. It just takes a lot of momentum to build out an ecosystem with a developer community that's going to build enough services and apps. For your platform, or for your operating system to make the device compelling to consumers. Do you think that the way to success for a third party mobile OS developer is to sort of re imagine the ecosystem, like, for example, where we're talking about to Chinese companies. We know that integrated messaging is already huge in China, like, is it possible that, that a company could come along, and say, we're going to build a new mobile operating system. That is that's one hundred percent dependent on messaging and mobile web. So I think a company could come along and do that. And that would fit a slice of the market, and that would be a good plan. That might carry a company for the next three to five to eight years. We haven't seen that success replicated though outside of China. So it may be the right strategy for China, but I think you have to also be willing to look beyond and say, what about voice and immersive experiences. And what's next either things that are more ambient? So you think we're. For the duopoly is likely to continue until we actually transcend. Let's say smartphones completely. I think Molly. I mean we've both been in mobile long enough to remember when the center of power was in Europe and Nokia dominated the world with their Symbian operating system. So I don't think there's ever like a forever in this picture. I think absolutely. We could see the center of gravity shifts west and into Asia. And then who knows what's next this gets to my theory about the parallel tech economy in China that it could the only place that could incubate competition at that level. Really is China. And then it could depending on, you know, global relations sort of come screaming out of there like real competition to apple and Google hasn't happened yet. But could. Right. But I tell you Marley ever pretty limited perspective. Right. We've watched ten cent tried to come to the US. We've watched by do and we've watched them put beachheads out in Silicon Valley. But I haven't seen much of it yet Julie, ask as a principal. Analyst at Forrester research, while way has said it's mobile operating system should be ready to launch by twenty twenty. And now for some related links now Julius was diplomatic about whether Asia could end up producing the next great mobile operating system business insider, not so much. It's got a story with two charts showing how back in two thousand ten there were six or seven mobile operating systems, and, yes, Nokia's Symbian was by far, the most popular and nine years later, there are two and that is it. I mean, the poor windows phone didn't even make it onto either chart. That's how fast it came and went. Samsung tried to build its own s twice. Blackberry would not give up Mozilla tried with fire, FOX us, I mean, even Amazon had a go at it and jerks like me would review those phones ago. Yeah. But there's no official Instagram hap and now the thirty percent cut that apple takes from abseiled the amount of money that developers can make selling absence services on these phones pretty much. Means the app economy is here to stay as long as that's the experience. We expect on our smartphones. It's beyond an uphill climb for Weiwei way or by dance or anyone else. Now that said the economist has a story from April about yet another challenger rising in India, based on Mozilla Firefox. So s it's on fifty million or so lower. End phones in India, and Indonesia and raised all over there will appreciate this. It's called high. Oh, S. I'm Molly would. And that's marketplace tech. This is a PM.
Podcast company one of world's most innovative businesses
"Winter podcast up fronts and opportunity for podcast creators to pitch to ad agencies. Was yesterday in Beverly Hills, California in the US willing to want digital learnt at the event in our show notes and in our newsletter, including some very colorful descriptions of shirtless. Comedian also at the event wonder released their two thousand nine thousand nine hundred eight of programming the company has new partnerships with the LA times Bloomberg and a new documentary from Ramsey insight Star Wars, the company has also just launched one plus one about the world's greatest collaborations. Also, the winter podcast up fronts. Iheart radio announced a new slate of true crime podcasts starting the season. Three of disgrace land, the season three premiere will be played out on iheart media broadcast radio stations the day before release WNYC's new slate includes a suite of podcasts featuring stand up and storytelling from emerging and established comedians. They also preview and new podcast from God. Missed the hyper local websites that WNYC purchased a year ago in other news Marvel's wolverine. The loss trail has a release date. It'll be exclusively available on Stitcher premium for March the twenty fifth that will cost you four dollars ninety nine a month. White what the podcast creator and quotes media invention company and as this morning that it has raised four million dollars in funding. The company was founded by former Ted executives June Cohen, and Darin trip and is responsible for the webby award winning masters of scale. So now have released a new WordPress podcast theme called cast oppress Google podcast has mysteriously and quite annoyingly disappeared from Android auto reported number of annoyed retinas and me speaker has added trimming functionality to its IRS app. The New York Times has promoted THEO bowel, come to executive producer of the daily news. Congratulations as well to cadence thirteen who've been recognized by fast company. As one of the world's most innovative. They share the accolade with twitch Domino's and Mozilla we highlight three podcasts in our newsletter in our show notes, including bawdy storytelling, celebrating twelve years a stage show this week. The two year old podcast has just hit a million downloads. It's allies storytelling podcast much like the math, but covering rather different subject matter,