Responding to Firefox marketing head Eric Petitt's blog post from earlier this week, Andreas Gal, former chief technology officer of Mozilla (who spent seven years at the company) offers his insights. Citing latest market share figures, Gal says "it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated." From his blog post (edited and condensed for length): With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn't manage to catch up with Android's explosive growth. Mozilla's strategic rationale for building Firefox OS was often misunderstood. Mozilla's founding mission was to build the Web by building a browser. [...] Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric -- who heads Mozilla's marketing team -- uses Chrome every day as he mentioned in the first sentence, it's not surprising that almost 65% of desktop users are doing the same. [...] I don't think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It's like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted.

Eric Petitt, head up Firefox marketing, writing in a blog: I use Chrome every day. Works fine. Easy to use. There are multiple things that bug me about the Chrome product, for sure, but I'm OK with Chrome. I just don't like only being on Chrome. And that's what Chrome wants. It wants you to only use Chrome. Chrome is not evil, it's just too big for its britches. Its influence on the internet economy and individuals is out of balance. Chrome, with 4 times the market share of its nearest competitor (Firefox), is an eight-lane highway to the largest advertising company in the world. Google built it to maximize revenue from your searches and deliver display ads on millions of websites. To monetize every... single... click. And today, there exists no meaningful safety valve on its market dominance. Beyond Google, the web looks more and more like a feudal system, where the geography of the web has been partitioned off by the Frightful Five. Google, Facebook, Microsoft, Apple and Amazon are our lord and protectors, exacting a royal sum for our online behaviors. We're the serfs and tenants, providing homage inside their walled fortresses. Noble upstarts are erased or subsumed under their existing order. (Footnote: Petitt has made it clear that the aforementioned views are his own, and not those of Mozilla.)

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM's discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice... It's available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance).

The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell.
By Tuesday Arca Noae was reporting "excessive traffic on the server which is impacting our ordering and delivery process," though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a "truly overwhelming response."

An anonymous reader quotes a report from BleepingComputer: Starting with the release of Firefox 55, the Adobe Flash plugin for Firefox will be set to "Ask to Activate" by default for all users. This move was announced in August 2016, as part of Mozilla's plan to move away from plugins built around the NPAPI technology. Flash is currently the only NPAPI plugin still supported in Firefox, and moving its default setting from "Always Activate" to "Ask to Activate" is just another step towards the final step of stop supporting Flash altogether. This new Flash default setting is already live in Firefox's Nightly Edition and will move through the Alpha and Beta versions as Firefox nears its v55 Stable release. By moving Flash to a click-to-play setting, Firefox will indirectly start to favor HTML5 content over Flash for all multimedia content. Other browsers like Google Chrome, Brave, or Opera already run Flash on a click-to-play setting, or disabled by default. Firefox is scheduled to be released on August 8, 2017.

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.

mspohr shares a report written by Jason Koebler via Motherboard who makes the case for why you should break up with Chrome and switch to the Opera browser: Over the last few years, I have grown endlessly frustrated with Chrome's resource management, especially on MacOS. Admittedly, I open too many tabs, but I'd wager that a lot of you do, too. With Chrome, my computer crawls to complete unusability multiple times a day. After one too many times of having to go into Activity Monitor to find that one single Chrome tab is using several gigs of RAM, I decided enough was enough. I switched to Opera, a browser I had previously thought was only for contrarians. This, after previous dalliances with Safari and Firefox left me frustrated. Because Opera is also based on Blink, I almost never run into a website, plugin, script, or video that doesn't work flawlessly on it. In fact, Opera works almost exactly like Chrome, except without the resource hogging that makes me want to throw my computer against a brick wall. This is exactly the point, according to Opera spokesperson Jan Standal: "What we're doing is an optimized version of Chrome," he said. "Web developers optimize most for the browser with the biggest market share, which happens to be Chrome. We benefit from the work of that optimization."

Slashdot reader mspohr adds: "I should note that this has also been my experience. I have a 2010 MacBook, which I was ready to trash since it had become essentially useless, coming to a grinding halt daily. I tried Opera and it's like I have a new computer. I never get the spinning wheel of death. (Also, the built-in ad blocker and VPN are nice.)" What has been your experience with Google Chrome and/or Opera? Do you prefer one over the other?

An anonymous reader quotes ZDNet: With this week's monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft's browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January's stable release of Chrome 56, and Firefox's February cut-off... Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3... Once Tuesday's updates are installed, Microsoft's browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site's certificate.

An anonymous reader writes: "Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff," reports Bleeping Computer. "The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products." According to two privacy and security experts, Lukasz Olejnik and Artur Janc, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.

Nobody likes it when a web browser bombs instead of opening up a website. Mozilla is addressing that in the newly released v53 of its Firefox browser, which it claims crashes 10 percent fewer times. CNET adds: The improvement comes through the first big debut of a part of Project Quantum, an effort launched in 2016 to beef up and speed up Firefox. To improve stability, Firefox 53 on Windows machines isolates software called a compositor that's in charge of painting elements of a website onto your screen. That isolation into a separate computing process cuts down on trouble spots that can occur when Firefox employs computers' graphics chips, Mozilla said.

Mozilla said today it is killing the Firefox Aurora channel, six years after it was first introduced in April 2011. The move comes as, Aurora failed to live up to the company's expectations as a "first stabilization channel." Moving forward, the absence of Aurora will help the company streamline its browser's release process and bring stable new features to users and developers faster. From a report: The Firefox Aurora channel sat between the Nightly and Beta channels. Until now, Firefox development started with Nightly, which consists of the latest Firefox code packaged up every night for bleeding-edge testers, and was then followed by Aurora, which includes everything that is labeled as "experimental," then Beta, and then finally the release channel for the broader public. Going forward, builds will move from Nightly to Beta to Release. The Firefox Developer Edition, which the company calls "the first browser created specifically for developers," will be based on the Beta channel instead of Aurora. Developer Edition users should keep their existing profile, themes, tools, preferences, and "should not experience any disruption," Mozilla promises.

An anonymous reader writes: With the launch of the Windows 10 Creators Update and Edge 40 (EdgeHTML 15), Microsoft has released a new battery usage test that, naturally, trashes the company's competition. This new test shows that Edge uses less power than both Chrome 57 and Firefox 52, and is bound to draw a response from its competition, especially Google, who doesn't like it when Microsoft takes a jab at Chrome's efficiency. The same thing happened last year, in June, when a similar test showcasing Edge's longer battery life was met with responses from both Google and Opera.

The most recent tests were performed for the launch of Windows 10 Creators Update. Two tests were carried out until a laptop's battery gave out. For each browser, a minimum of 16 iterations were recorded per test. The first test measured normal browsing performance and the second ran a looped Vimeo fullscreen video. In the normal browsing performance test, Microsoft claims Edge used 31% less power than Chrome 57, and 44% less power than Firefox 52. In the second test, Edge played a looped Vimeo video in fullscreen for 751 minutes (12:31:08), while Chrome lasted 557 minutes (9:17:03) and Firefox for only 424 minutes (7:04:19). That's a whopping three hours over Chrome, and five hours above Firefox.

An anonymous reader quotes a report from BleepingComputer: Mozilla engineers are working on a new section in the browser's preferences that will let users control the browser's performance. Work on this new section started last Friday when an issue was opened in the Firefox bug tracker. Right now, the Firefox UI team has proposed a basic sketch of the settings section and its controls. Firefox developers are now working to isolate or implement the code needed to control those settings [1, 2, 3]. According to the current version of the planned Performance settings section UI, users will be able to control if they use UI animations (to be added in a future Firefox version), if they use page prefetching (feature to preload links listed on a page), and how many "content" processes Firefox uses (Firefox currently supports two processes [one for the Firefox core and one for content], but this will expand to more starting v54).

"The Ask.com search engine went through some sort of technical issue late Friday night, as its servers were exposing the internal Apache server status page, revealing recently processed search queries," reports BleepingComputer. An anonymous reader writes: The issue is now fixed, but a copy of the server status page with some search queries can still be viewed in Google's search engine cache. "Some of the weirdest search queries were collected by users in a Hacker News thread," reports BleepingComputer, adding "As you'd expect, the server page included plenty of searches for porn."

The issue also affected localized Ask.com servers, such as uk.ask.com/server-status, us.ask.com/server-status, and de.ask.com/server-status, but no user data was exposed, as the search queries passed through load balancers and already hid user IPs.

An anonymous reader writes: "The Tor Browser, a heavily modified version of the Firefox browser with many privacy-enhancing features, will include more code written in the Rust programming language," reports BleepingComputer. In a meeting held last week in Amsterdam, Tor developers decided to slowly start using Rust to replace the C++ code. The decision comes after Mozilla started shipping Rust components with Firefox in 2016. Furthermore, Rust is a memory-safe(r) language than C++, the language used for Firefox and the customized Tor code, which means less memory corruption errors. Less of these errors means better privacy for all.
"Part of our interest in using safer languages like Rust in Tor is because a tiny mistake in C could have real consequences for real people," Tor developer Isis Agora Lovecruft posted on Twitter, adding "Also the barrier to entry for contributing to large OSS projects written in C is insanely high."

dryriver writes: A company named Arca Noae is working on a new release of the X86 OS/2 operating system code named "Blue Lion" and likely called ArcaOS 5 in its final release. Blue Lion wants to be a modern 21st Century OS/2 Warp, with support for the latest hardware and networking standards, a modern accelerated graphics driver, support for new cryptographic security standards, full backward compatibility with legacy OS/2, DOS and Windows 3.1 applications, suitability for use in mission-critical applications, and also, it appears, the ability to run "ported Linux applications". Blue Lion, which appears to be in closed beta with March 31st 2017 cited as the target release date, will come with up to date Firefox browser and Thunderbird mail client, Apache OpenOffice, other productivity tools, a new package manager, and software update and support subscription to ensure system stability. It is unclear from the information provided whether Blue Lion will be able to run modern Windows applications.

FedEx's Office Print department is offering customers $5 to enable Adobe Flash in their browsers. Why would they do such a thing you may ask? It's because they want customers to design posters, signs, manuals, banners and promotional agents using their "web-based config-o-tronic widgets," which requires Adobe Flash. The Register reports: But the web-based config-o-tronic widgets that let you whip and order those masterpieces requires Adobe Flash, the enemy of anyone interested in security and browser stability. And by anyone we mean Google, which with Chrome 56 will only load Flash if users say they want to use it, and Microsoft which will stop supporting Flash in its Edge browser when the Windows 10 Creators Update debuts. Mozilla's Firefox will still run Flash, but not for long. The impact of all that Flash hate is clearly that people are showing up at FedEx Office Print without the putrid plug-in. But seeing as they can't use the service without it, FedEx has to make the offer depicted above or visible online here. That page offers a link to download Flash, which is both a good and a bad idea. The good is that the link goes to the latest version of Flash, which includes years' worth of bug fixes. The bad is that Flash has needed bug fixes for years and a steady drip of newly-detected problems means there's no guarantee the software's woes have ended. Scoring yourself a $5 discount could therefore cost you plenty in future.

Earlier this month, a Slashdot reader asked fellow Slashdotters what they recommended regarding the use of password managers. In their post, they voiced their uncertainty with password managers as they have been hacked in the past, citing an incident in early 2016 where LastPass was hacked due to a bug that allowed users to extract passwords stored in the autofill feature. Flash forward to present time and we now have news that three separate bugs "would have allowed a third-party to extract passwords from users visiting a malicious website." An anonymous Slashdot reader writes via BleepingComputer: LastPass patched three bugs that affected the Chrome and Firefox browser extensions, which if exploited, would have allowed a third-party to extract passwords from users visiting a malicious website. All bugs were reported by Google security researcher Tavis Ormandy, and all allowed the theft of user credentials, one bug affecting the LastPass Chrome extension, while two impacted the LastPass Firefox extension [1, 2]. The exploitation vector was malicious JavaScript code that could be very well hidden in any online website, owned by the attacker or via a compromised legitimate site.

Brian Fagioli, writing for BetaNews: For a while, Netflix was not available for traditional Linux-based operating systems, meaning users were unable to enjoy the popular streaming service without booting into Windows. This was due to the company's reliance on Microsoft Silverlight. Since then, Netflix adopted HTML5, and it made Google Chrome and Chromium for Linux capable of playing the videos. Unfortunately, Firefox -- the open source browser choice for many Linux users -- was not compatible. Today this changes, however, as Mozilla's offering is now compatible with Netflix!

An anonymous reader shares a report: If you're a Linux user who upgraded to Firefox 52 only to find that the browser no longer plays sound, you're not alone. Firefox 52 saw release last week and it makes PulseAudio a hard dependency -- meaning ALSA only desktops are no longer supported. Ubuntu uses PulseAudio by default (as most modern Linux distributions do) so the switch won't affect most -- but some Linux users and distros do prefer, for various reasons, to use ALSA, which is part of the Linux kernel. Lubuntu 16.04 LTS is one of the distros that use ALSA by default. Lubuntu users who upgraded to Firefox 52 through the regular update channel were, without warning, left with a web browser that plays no sound. Lubuntu 16.10 users are not affected as the distro switched to PulseAudio.

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."