An anonymous reader quotes a report from TechCrunch: When HashiCorp announced it was changing its Terraform license in August, it set off a firestorm in the open source community, and actually represented an existential threat to startups that were built on top of the popular open source project. The community went into action and within weeks they had written a manifesto, and soon after that launched an official fork called OpenTF. Today, that group went a step further when the Linux Foundation announced OpenTofu, the official name for the Terraform fork, which will live forever under the auspices of the foundation as an open source project. At the same time, the project announced it would be applying for entry into the Cloud Native Computing Foundation (CNCF).

"OpenTofu is an open and community-driven response to Terraform's recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business Source License v1.1 providing everyone with a reliable, open source alternative under a neutral governance model," the foundation said in a statement. The name is deliberately playful says Yevgeniy (Jim) Brikman from the OpenTofu founding team, who is also co-founder of Gruntwork. "I'm glad your reaction was to laugh. That's a good thing. We're trying to keep things a little more humorous," Brikman told TechCrunch, but the group is dead serious when it comes to building an open fork. [...]

"The first thing was to get an alpha release out there. So you can go to the OpenTofu website and download OpenTofu and start using it and trying it out," he said. "Then the next thing is a stable release. That's coming in the very near future, but there's work to do. Once you have a stable release, people can start using it. Then we can start growing adoption, and once we start growing adoption, some of the big players will start stepping in when some of the big players start stepping in other big players will start stepping in as well."

The Justice Department will press its argument Thursday that Google sought to strike agreements with mobile carriers to win powerful default positions on smartphones to dominate search in an antitrust trial that could change the future of the internet. From a report: The government will wrap up questioning Thursday of Antonio Rangel, who teaches behavioral biology at the California Institute of Technology. Other witnesses will be James Kolotouros, for Google, and Brian Higgins, from Verizon Communications. The government says the Alphabet unit paid $10 billion annually to wireless companies like AT&T, device makers like Apple and browser makers like Mozilla to fend off rivals and keep its search engine market share near 90%. The government has also alleged that Google illegally took steps to protect communications about the payments.

The government called witnesses on Tuesday and Wednesday to show that Google, as far back as the mid-2000s, sought to attract a large number of search queries by winning default status on mobile devices. Another witness, Rangel, discussed how powerful default status was, although data he used to show this was largely redacted. Google's clout in search, the government alleges, has helped Google build monopolies in some aspects of online search advertising. Search is free so Google makes money through advertising.

The Justice Department sought on Wednesday to show how Google did all it could to get people to use its search engine and build itself into a $1 trillion search and advertising giant on the second day of a once-in-a-generation antitrust trial. From a report: First out of the gate, the government questioned a former Google executive, Chris Barton, about billion-dollar deals with mobile carriers and others that helped make Google the default search engine. Barton, who was at Google from 2004 to 2011, said the number of Google executives working to win default status with mobile carriers grew dramatically when he was with the company, recognizing the potential growth of handheld devices and early versions of smartphones.

Google's clout in search, the government argues, has helped Google build monopolies in some aspects of online search advertising. Since search is free, Google makes money through advertising. The government says the Alphabet unit paid $10 billion annually to wireless companies like AT&T, device makers like Apple and browser makers like Mozilla to fend off rivals and keep its search engine market share near 90%. In revenue-sharing deals with mobile carriers and Android smartphone makers, Google pressed for its search to be the default and exclusive. If Microsoft's search engine Bing was the default on an Android phone, Barton said, then users would have a "difficult time finding or changing to Google."

Barton said on his LinkedIn profile that he was responsible for leading Google's partnerships with mobile carriers like Verizon and AT&T, estimating that the deals "drive hundreds of millions in revenue." Hal Varian, Google's chief economist, told the court that scale, or the number of search queries Google received, was important, but pushed back during questioning on how important. He also acknowledged giving a speech in which he said certain search queries, for instance for a tennis racquet, were important in effectively advertising to the person who made the query and to subsequent ad revenues.

Mozilla has released emergency security updates to fix a critical zero-day vulnerability exploited in the wild, impacting its Firefox web browser and Thunderbird email client. From a report: Tracked as CVE-2023-4863, the security flaw is caused by a heap buffer overflow in the WebP code library (libwebp), whose impact spans from crashes to arbitrary code execution. "Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild," Mozilla said in an advisory published on Tuesday. Mozilla addressed the exploited zero-day in Firefox 117.0.1, Firefox ESR 115.2.1, Firefox ESR 102.15.1, Thunderbird 102.15.1, and Thunderbird 115.2.2. Even though specific details regarding the WebP flaw's exploitation in attacks remain undisclosed, this critical vulnerability is being abused in real-world scenarios.

Companies choose Alphabet's Google as the default search engine for their browsers and smartphones because it is the best one, and not because of a lack of competition, a Google lawyer said Tuesday at the start of a high-stakes antitrust trial in Washington. From a report: Consumers use Google "because it delivers value to them, not because they have to," John Schmidtlein, a partner at Williams & Connolly LLP who is representing the company, said during his opening statements on the first day of the trial. "Users today have more search options and ways to access information online than ever before."

Schmidtlein pushed back on claims by US Justice Department antitrust enforcers that Google has used its market power -- and billions of dollars in exclusive deals with web browsers -- to illegally block rivals. Users have choices, and it's easy to switch, he said. For example, Microsoft pre-selects its own search engine, Bing, on Windows PCs, yet most PC users switch to Google because it's a better product, he said. Web browsers offered by Apple and Mozilla, which makes Firefox, have long chosen a default search engine in exchange for a revenue-share that helps pay for innovations, Schmidtlein said.

According to Mozilla's *Privacy Not Included project, every major car brand fails to adhere to the most basic privacy and security standards in new internet-connected models, and all 25 of the brands Mozilla examined flunked the organization's test. Gizmodo reports: Mozilla found brands including BMW, Ford, Toyota, Tesla, and Subaru collect data about drivers including race, facial expressions, weight, health information, and where you drive. Some of the cars tested collected data you wouldn't expect your car to know about, including details about sexual activity, race, and immigration status, according to Mozilla. [...] The worst offender was Nissan, Mozilla said. The carmaker's privacy policy suggests the manufacturer collects information including sexual activity, health diagnosis data, and genetic data, though there's no details about how exactly that data is gathered. Nissan reserves the right to share and sell "preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes" to data brokers, law enforcement, and other third parties.

Other brands didn't fare much better. Volkswagen, for example, collects your driving behaviors such as your seatbelt and braking habits and pairs that with details such as age and gender for targeted advertising. Kia's privacy policy reserves the right to monitor your "sex life," and Mercedes-Benz ships cars with TikTok pre-installed on the infotainment system, an app that has its own thicket of privacy problems. The privacy and security problems extend beyond the nature of the data car companies siphon off about you. Mozilla said it was unable to determine whether the brands encrypt any of the data they collect, and only Mercedes-Benz responded to the organization's questions.

Mozilla also found that many car brands engage in "privacy washing," or presenting consumers with information that suggests they don't have to worry about privacy issues when the exact opposite is true. Many leading manufacturers are signatories to the Alliance for Automotive Innovation's "Consumer Privacy Protection Principles (PDF)." According to Mozilla, these are a non-binding set of vague promises organized by the car manufacturers themselves. Questions around consent are essentially a joke as well. Subaru, for example, says that by being a passenger in the car, you are considered a "user" who has given the company consent to harvest information about you. Mozilla said a number of car brands say it's the drivers responsibility to let passengers know about their car's privacy policies -- as if the privacy policies are comprehensible to drivers in the first place. Toyota, for example, has a constellation of 12 different privacy policies for your reading pleasure.

The latest version of the flagship FOSS browser is out, and it's picked up one of the main features for which we keep Chrome around. From a report: The Firefox version 117 feature list might not look all that impressive, but it does have a big-ticket feature that may tempt people back: automatic translation. The snag is it's disabled by default in the release version, and you'll have to manually enable it. Although it was enabled in the betas, Mozilla has decided to go for a staged rollout and not enable it for everyone until Firefox 118 in six weeks or so.

The new feature is integrated, privacy-respecting machine translation between multiple languages. This was already possible in older versions, but it needed an extension, and that had two side effects. One is that the extension hooked deep into the core of the browser in ways that Mozilla wasn't comfortable about, and the other is that once your text had been sent out to a third-party website, it could be snooped upon -- but the victims of any snooping would blame the browser, even if it wasn't the browser's fault. To enable it, go to the configuration page (enter about:config in the address bar), and search for a setting called browser.translations.enable.

"Terraform, arguably the most popular Infrastructure as Code products, has been forked after the parent company HashiCorp changed its license from the Mozilla Public License (MPL) to the Business Source License v1.1 (BSL)," writes long-time Slashdot reader ochinko. "Our view is that we're actually not the fork because we're just changing the name but it's the same project under the same license," Sebastian Stadil, co-founder and CEO of DevOps automation biz Scalr told The Register. "Our position is that the fork is actually HashiCorp that has forked its own projects under a different license." From the report: HashiCorp's decision to issue new licensing terms for its software follows a path trodden by numerous other organizations formed around open source projects to limit what competitors can do with project code. As the biz acknowledged in its statement about the transition, firms like Cockroach Labs, Confluent Sentry, Couchbase, Elastic, MariaDB, MongoDB, and Redis Labs have similarly adopted less-permissive software licenses to create a barrier for competitors. You can see the OpenTF manifesto here.

Mozilla has implemented the WebExtensions system in its browser, allowing Firefox users to import select extensions from other browsers like Chrome. gHacks reports: The feature, which is in testing at the moment, can be enabled by all users of the latest stable version of Firefox.

1. Load about:config in the browser's address bar.
2. Confirm that you will be careful to continue.
3. Search for browser.migrate.chrome.extensions.enabled.
4. Set the feature to True, which enables it.
5. Restart Firefox.

Mozilla has integrated it into the browser's import functionality, which users may use on first run or at any time from the Settings page. To do so, select Menu > Settings > Import Data (button), or load about:preferences#general in the browser's address bar and activate the import data button on the page. Select Chrome from the list, expand the available import options and make sure extensions are checked. Imports are usually limited to some data, such as bookmarks or the browsing history. Firefox is the first major browser, maybe the first browser at all, that adds extensions to the list of supported imports.

The feature is limited at the time to Google Chrome and select extensions. Even though Firefox and Chrome extensions use the same framework, WebExtensions, they are not compatible immediately. Firefox users who attempt to install extensions from Chrome's Web Store may notice that this is not working. Mozilla decided to create a list of extension pairs for extensions that are available on the Chrome Web Store and the Mozilla Add-ons Store. Instead of importing the Chrome extension directly, Firefox is installing the Firefox version of the extension from Mozilla's own extension store.

The Mozilla Foundation has started a petition to stop the French government from forcing browsers like Mozilla's Firefox to censor websites. "It would set a dangerous precedent, providing a playbook for other governments to also turn browsers like Firefox into censorship tools," says the organization. "The government introduced the bill to parliament shortly before the summer break and is hoping to pass this as quickly and smoothly as possible; the bill has even been put on an accelerated procedure, with a vote to take place this fall." You can add your name to their petition here.

The bill in question is France's SREN Bill, which sets a precarious standard for digital freedoms by empowering the government to compile a list of websites to be blocked at the browser level. The Mozilla Foundation warns that this approach "is uncharted territory" and could give oppressive regimes an operational model that could undermine the effectiveness of censorship circumvention tools.

"Rather than mandate browser based blocking, we think the legislation should focus on improving the existing mechanisms already utilized by browsers -- services such as Safe Browsing and Smart Screen," says Mozilla. "The law should instead focus on establishing clear yet reasonable timelines under which major phishing protection systems should handle legitimate website inclusion requests from authorized government agencies. All such requests for inclusion should be based on a robust set of public criteria limited to phishing/scam websites, subject to independent review from experts, and contain judicial appellate mechanisms in case an inclusion request is rejected by a provider."

Michael Larabel writes via Phoronix: Mozilla developers are celebrating that they are now faster than Google Chrome with the SunSpider JavaScript benchmark, although that test has been superseded by the JetStream benchmark. Last week a new Firefox Nightly News was published that outlines that "We're now apparently beating Chrome on the SunSpider JavaScript benchmark!" The provided numbers now show Firefox easily beating Chrome in this decade-old JavaScript benchmark. The benchmarks come from AreWeFastYet.com. Meanwhile for the newer and more demanding JetStream 2.0 benchmark, Google Chrome continues to win easily over Firefox. You can learn more about the latest Firefox Nightly build advancements via Firefox Nightly News.

OS News' managing editor calls Firefox "the single most important desktop Linux application," shipping in most distros (with some users later opting for a post-installation download of Chrome).

But "I'm genuinely worried about the state of browsers on Linux, and the future of Firefox on Linux in particular..." While both GNOME and KDE nominally invest in their own two browsers, GNOME Web and Falkon, their uptake is limited and releases few and far between. For instance, none of the major Linux distributions ship GNOME Web as their default browser, and it lacks many of the features users come to expect from a browser. Falkon, meanwhile, is updated only sporadically, often going years between releases. Worse yet, Falkon uses Chromium through QtWebEngine, and GNOME Web uses WebKit (which are updated separately from the browser, so browser releases are not always a solid metric!), so both are dependent on the goodwill of two of the most ruthless corporations in the world, Google and Apple respectively.

Even Firefox itself, even though it's clearly the browser of choice of distributions and Linux users alike, does not consider Linux a first-tier platform. Firefox is first and foremost a Windows browser, followed by macOS second, and Linux third. The love the Linux world has for Firefox is not reciprocated by Mozilla in the same way, and this shows in various places where issues fixed and addressed on the Windows side are ignored on the Linux side for years or longer. The best and most visible example of that is hardware video acceleration. This feature has been a default part of the Windows version since forever, but it wasn't enabled by default for Linux until Firefox 115, released only in early July 2023. Even then, the feature is only enabled by default for users of Intel graphics — AMD and Nvidia users need not apply. This lack of video acceleration was — and for AMD and Nvidia users, still is — a major contributing factor to Linux battery life on laptops taking a serious hit compared to their Windows counterparts... It's not just hardware accelerated video decoding. Gesture support has taken much longer to arrive on the Linux version than it did on the Windows version — things like using swipes to go back and forward, or pinch to zoom on images...

I don't see anyone talking about this problem, or planning for the eventual possible demise of Firefox, what that would mean for the Linux desktop, and how it can be avoided or mitigated. In an ideal world, the major stakeholders of the Linux desktop — KDE, GNOME, the various major distributions — would get together and seriously consider a plan of action. The best possible solution, in my view, would be to fork one of the major browser engines (or pick one and significantly invest in it), and modify this engine and tailor it specifically for the Linux desktop. Stop living off the scraps and leftovers thrown across the fence from Windows and macOS browser makers, and focus entirely on making a browser engine that is optimised fully for Linux, its graphics stack, and its desktops. Have the major stakeholders work together on a Linux-first — or even Linux-only — browser engine, leaving the graphical front-end to the various toolkits and desktop environments....

I think it's highly irresponsible of the various prominent players in the desktop Linux community, from GNOME to KDE, from Ubuntu to Fedora, to seemingly have absolutely zero contingency plans for when Firefox enshittifies or dies...

Scott DeVaney, writing at Mozilla blog: In the coming months Mozilla will launch support for an open ecosystem of extensions on Firefox for Android on addons.mozilla.org (AMO). We'll announce a definite launch date in early September, but it's safe to expect a roll-out before the year's end. Here's everything developers need to know to get their Firefox desktop extensions ready for Android usage and discoverability on AMO.

For the past few years Firefox for Android officially supported a small subset of extensions while we focused our efforts on strengthening core Firefox for Android functionality and understanding the unique needs of mobile browser users. Today, Mozilla has built the infrastructure necessary to support an open extension ecosystem on Firefox for Android. We anticipate considerable user demand for more extensions on Firefox for Android, so why not start optimizing your desktop extension for mobile-use right away?

williamyf writes: Today, Mozilla released Firefox 115. Changes most visible to users include:

But the most important feature is that this release is the new ESR. Why this is important? y'all ask, well:

Mozilla: Firefox version 115 will be the last supported Firefox version for users of Windows 7, Windows 8 and Windows 8.1. If you are using these versions of Windows you will be moved to the Firefox Extended Support Release (ESR) channel by an application update. Mozilla will provide security updates for these users until September 2024. No security updates will be provided after that date.

Firefox users have been complaining about very intrusive full-screen advertisements promoting Mozilla VPN displayed in the web browser when navigating an unrelated page. From a report: The ads popping in Firefox disable the web browser's functionality, denying users access to the interface and graying out everything in the background until they close them. Some users reported on Reddit that the annoying full-screen ads even cause Firefox to become unresponsive for up to 30 seconds, forcing them to terminate the browser's process. [...] BleepingComputer has contacted Mozilla about the matter and received the following statement following the barrage of complaints from Firefox users: "We're continuously working to understand the best ways to communicate with people who use Firefox. Ultimately, we accomplished the exact opposite of what we intended in this experiment and quickly rolled the experience back. We apologize for any confusion or concern."

According to The Information, Microsoft wants to bid to make Bing Firefox's default search engine. Android Police reports: The browser's contract with Google is set to expire this year, at which point Mozilla could either renew it or switch to a different search engine. Microsoft would very much like to take Google's place in Firefox. It's not a guarantee that it will actually help boost Bing's usage -- after all, Firefox users who don't want to use Bing could just switch to a different search engine, as Yahoo found out a few years ago -- but Microsoft sees potential in such a deal.

The report also notes that there's also a potentially more juicy opportunity coming up for Microsoft if it really wants to get serious about pushing Bing. Apple's Safari browser, which is the main web browser on Apple devices, will have its Google contract expire next year. Despite throwing shade constantly, Google really benefits from the deal it currently has with Apple, and Microsoft could sweep in and try to get Bing to become the main browser on iPhones.

Mozilla announced today that it has acquired Fakespot, a startup that offers a website and browser extension that helps users identify fake or unreliable reviews. From a report: The financial terms of the deal were not disclosed. Fakespot's offerings can be used to spot fake reviews listed on various online marketplaces including Amazon, Yelp, TripAdvisor and more. Founded in 2016, New York-based Fakespot uses an AI and machine learning system to detect patterns and similarities between reviews in order to flag those that are most likely to be deceptive. Fakespot provides a rating or grade for the product's reviews in order to help consumers make more informed decisions when making a purchase. The goal behind the company's website and browser extension is to give users the ability to quickly see where deceptive reviews may be artificially inflating a product's ranking in search engines.

An anonymous reader shares a report: Firefox has a reputation of being something of a resource hog, even among modern browsers. But it might not be entirely earned, because it looks like a CPU bug affecting Firefox users on Windows was actually the fault of Windows Defender. The latest update to the ubiquitous security tool addresses the issue, and should result in measurably lower CPU usage for the Windows version of Firefox. According to Mozilla senior software engineer Yannis Juglaret, the culprit was MsMpEng.exe, which you might recognize from your Task Manager. It handles the Real-Time protection feature that monitors web activity for malicious threats.

The bug was causing Firefox to call on the service much more frequently than comparable browsers like Chrome or Edge, resulting in notable CPU spikes. Said CPU spikes could reduce performance in other applications or affect a laptop's battery life. The issue was first reported on Mozilla's bug tracker system way back in 2018 and quickly assigned to the MsMpEng service, but some more recent and diligent documentation on the part of Juglaret resulted in more swift action from Microsoft's developers.

On the eve of its 25th anniversary, Mozilla, the not-for-profit behind the Firefox browser, is launching an AI-focused startup. From a report: Called Mozilla.ai, the newly forged company's mission isn't to build just any AI -- its mission is to build AI that's open source and "trustworthy," according to Mark Surman, the executive president of Mozilla and the head of Mozilla.ai. "Working on trustworthy AI for almost five years, I've constantly felt a mix of excitement and anxiety," he told TechCrunch in an email interview. "The last month or two of rapid-fire big tech AI announcements has been no different. Really exciting new tech is emerging -- new tools that have immediately sparked artists, founders ... all kinds of people to do new things. The anxiety comes when you realize almost no one is looking at the guardrails."

Surman was referring to the rash of AI models in recent months that, while impressive in their capabilities, have worrisome real-world implications. At release, OpenAI's text-generating ChatGPT could be prompted to write malware, identify exploits in open source code and create phishing websites that looked similar to well-trafficked sites. Text-to-image AI like Stable Diffusion, meanwhile, has been co-opted to create pornographic, nonconsensual deepfakes and ultra-graphic depictions of violence. The creators of these models say that they're taking steps to curb abuse. But Mozilla felt that not enough was being done. "We've been working on trustworthy AI on the public interest research side for about five years, hoping other industry players with more AI expertise would step up to build more trustworthy tech," Surman said. "They haven't. So we decided mid-last year we needed to do it ourselves -- and to find like-minded partners to do it alongside us. We then set out to find someone with the right mix of academic and industry AI experience to lead it." Funded by a $30 million seed investment from the Mozilla Foundation, Mozilla's parent organization, Mozilla.ai is a wholly owned subsidiary of the Mozilla Foundation -- much like the Mozilla Corporation (the org responsible for developing Firefox) and Mozilla Ventures (the Mozilla Foundation's VC fund). Its managing director is Moez Draief, who previously was the chief scientist at Huawei's Noah's Ark AI lab and the global chief scientist at consulting company Capgemini.