On the eve of its 25th anniversary, Mozilla, the not-for-profit behind the Firefox browser, is launching an AI-focused startup. From a report: Called Mozilla.ai, the newly forged company's mission isn't to build just any AI -- its mission is to build AI that's open source and "trustworthy," according to Mark Surman, the executive president of Mozilla and the head of Mozilla.ai. "Working on trustworthy AI for almost five years, I've constantly felt a mix of excitement and anxiety," he told TechCrunch in an email interview. "The last month or two of rapid-fire big tech AI announcements has been no different. Really exciting new tech is emerging -- new tools that have immediately sparked artists, founders ... all kinds of people to do new things. The anxiety comes when you realize almost no one is looking at the guardrails."

Surman was referring to the rash of AI models in recent months that, while impressive in their capabilities, have worrisome real-world implications. At release, OpenAI's text-generating ChatGPT could be prompted to write malware, identify exploits in open source code and create phishing websites that looked similar to well-trafficked sites. Text-to-image AI like Stable Diffusion, meanwhile, has been co-opted to create pornographic, nonconsensual deepfakes and ultra-graphic depictions of violence. The creators of these models say that they're taking steps to curb abuse. But Mozilla felt that not enough was being done. "We've been working on trustworthy AI on the public interest research side for about five years, hoping other industry players with more AI expertise would step up to build more trustworthy tech," Surman said. "They haven't. So we decided mid-last year we needed to do it ourselves -- and to find like-minded partners to do it alongside us. We then set out to find someone with the right mix of academic and industry AI experience to lead it." Funded by a $30 million seed investment from the Mozilla Foundation, Mozilla's parent organization, Mozilla.ai is a wholly owned subsidiary of the Mozilla Foundation -- much like the Mozilla Corporation (the org responsible for developing Firefox) and Mozilla Ventures (the Mozilla Foundation's VC fund). Its managing director is Moez Draief, who previously was the chief scientist at Huawei's Noah's Ark AI lab and the global chief scientist at consulting company Capgemini.

Mozilla called on entrepreneurs to create trustworthy AI applications as it announced a "Responsible AI" challenge Tuesday at the South by Southwest festival in Austin, Texas. From a report: At a festival where companies could not be more eager to share their plans, half-baked and otherwise, for the explosive field of generative AI, Mozilla offered an opportunity to do so with a little more foresight. "If anything, the last few months have shown that AI is no longer our future. It's our present," Imo Udom, senior vice president of Innovations Ecosystems at Mozilla, who announced the initiative on stage during a panel discussion with Axios, said. "We believe in AI's power, commercial opportunity, and potential to solve challenging problems," Udom said. "While decades of effort have gone into reaching this point with AI, the time has come to establish the future we want with AI." Applications for the challenge will open on March 30 and winners are eligible for $50,000 prizes and a $25,000 top prize, along with mentorship and resources for "responsible AI" projects.

An anonymous reader shares this report from 9to5Linux: After Canonical's announcement that future Ubuntu releases won't include Flatpak support by default, someone already made an unofficial Ubuntu flavor that ships with support for Flatpak apps preinstalled and working out of the box, called Ubuntu Flatpak Remix.

Meet Ubuntu Flatpak Remix, an unofficial Ubuntu derivative that doesn't feature support for Snap apps and comes with support for Flatpak apps working out of the box. Several key apps are preinstalled in the Flatpak format rather than as a Snap app, including the Mozilla Firefox web browser, Mozilla Thunderbird email client, and LibreOffice office suite.... Support for the Flathub portal is installed as well, so you'll be able to install more apps with just a few clicks.

"The Rust open source project, which handles standards for the language, released a new governance plan Thursday," reports The New Stack, "the cumulation of six months of intense work." Released as a request for comment on GitHub, it will now undergo a comment period. It requires ratification by team leaders before it's accepted.

The Rust project interacts with, but is separate from, the Rust Foundation, which primarily handles the financial assets of Rust. Two years ago, the project had a very public blowup after its entire mod team resigned and publicly posted a scathing account of the core team, which the mod team called "unaccountable to anyone but themselves." It even suggested the core team was not to be trusted, although the team later recanted and apologized for that.

[Rust core team developer] Josh Triplett understandably didn't want to dwell on the kerfuffle that lead to this action. He focused instead on the underlying structural issues that lead to the leadership crisis. "As a result of that, there was widespread agreement within the project that we needed to create a better formal governance structure that removed some of those ambiguities and conflicts, and had mechanisms for dealing with this without ever having a similar crisis," Triplett told The New Stack. "We don't want to ever to have things get to that point again...."

The original Rust project governance structure evolved out of Mozilla, where Rust began and was nurtured for years. Around 2016 or 2017, a request for comment came out that established the Rust project's governance, Triplett said. It created approximately six teams, including the core, language, mod, library and cargo teams. Among the problems with the old model was that the core team became responsible for not just overseeing problems that arose, but solving them as well, Triplett said. That led to burnout and problems, said JT Turner, one of the co-authors on the new model and a member of the Rust core team.... Ultimately, the old governance model was "not a very precise document," Triplett added.

"It was just, 'Hey, here's the rough divisions of power,' and because that document was very rough and informal, it didn't scale to today," he said. "That's one of the things that led to the governance crisis."

Long-time Slashdot reader destinyland writes: They say "always be learning" — but do podcasts actually help? I've been trying to find podcasts that discuss programming, and I've enjoyed Lex Fridman's interviews with language creators like Guido van Rossum, Chris Lattner, and Brendan Eich (plus his long interviews with Donald Knuth). Then I discovered that GitHub, Red Hat, Stack Overflow, and the Linux Foundation all have their own podcast.

There's a developer podcast called "Corecursive" that I like with the tagline "the stories behind the code," plus a whole slew of (sometimes language-specific) podcasts at Changelog (including an interview with Brian Kernighan). And it seems like there's an entirely different universe of content on YouTube — like the retired Microsoft engineer doing "Dave's Garage," Software Engineering Daily, and the various documentaries by Honeypot.io. Computerphile has also scored various interviews with Brian Kernighan, and if you search YouTube enough you'll find stray interviews with Steve Wozniak.

But I wanted to ask Slashdot's readers: Do you listen to podcasts about computer science? And if so, which ones? (Because I'm always stumbling across new programming podcasts, which makes me worry about what else I've been missing out on.) Maybe I should also ask if you ever watch coding livestreams on Twitch — although that gets into the more general question of just how much content we consume that's related to our profession.
Fascinating discussions, or continuing work-related education? (And do podcasts really help keep your skills fresh? Are coding livestreams on Twitch just a waste of time?) Most importantly, does anyone have a favorite geek podcast that they're listening to? Share your own experience and opinions in the comments...

What's the best podcast about computer science?

Mozilla researchers find discrepancies between Google Play Store's Data Safety labels and privacy policies of nearly 80 percent of the reviewed apps. From the report: Google Play Store's Data Safety labels would have you believe that neither TikTok nor Twitter share your personal data with third parties. The apps' privacy policies, however, both explicitly state that they share user information with advertisers, Internet service providers, platforms, and numerous other types of companies. These are two of the most egregious examples uncovered by Mozilla's *Privacy Not Included researchers as part of a study looking at whether Google Play Store's new Data Safety labels provide consumers with accurate information about apps collect, use, and share personal data. In nearly 80 percent of the apps reviewed, Mozilla found that the labels were false or misleading based on discrepancies between the apps' privacy policies and the information apps self-reported on Google's Data Safety Form. Researchers concluded that the system fails to help consumers make more informed choices about their privacy before purchasing or downloading one of the store's 2.7 million apps.

The study -- "See No Evil: How Loopholes in the Google Play Store's Data Safety Labels Leave Companies in the Clear and Consumers in the Dark," -- uncovers serious loopholes in the Data Safety Form, which make it easy for apps to provide false or misleading information. For example, Google exempts apps sharing data with "service providers" from its disclosure requirements, which is problematic due to both the narrow definition it uses for service providers and the large amount of consumer data involved. Google absolves itself of the responsibility to verify whether the information is true stating that apps "are responsible for making complete and accurate declarations" in their Data Safety labels. In a statement Google said: "This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects. The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information."

Valentine's Day saw Mozilla releasing version 110.0 of its Firefox browser. OMG Ubuntu highlights some of its new features: Firefox already supports importing bookmarks, history, and passwords from Microsoft Edge, Google Chrome, Chromium, and Safari but once you have the Firefox 110 update you can also import data from Opera, Opera GX, and Vivaldi too — which is handy.

Other changes in Firefox 110 include the ability to clear date, time, and datetime-local input fields using using ctrl + backspace and ctrl + delete on Linux (and Windows) — no, can't say I ever noticed I couldn't do that, either.

Additionally, Mozilla say GPU-accelerated Canvas2D is now enabled by default on Linux, and we can all expect to benefit from a miscellaneous clutch of WebGL performance improvements.

An anonymous reader quotes a report from MIT Technology Review: Many software projects emerge because -- somewhere out there -- a programmer had a personal problem to solve. That's more or less what happened to Graydon Hoare. In 2006, Hoare was a 29-year-old computer programmer working for Mozilla, the open-source browser company. Returning home to his apartment in Vancouver, he found that the elevator was out of order; its software had crashed. This wasn't the first time it had happened, either. Hoare lived on the 21st floor, and as he climbed the stairs, he got annoyed. "It's ridiculous," he thought, "that we computer people couldn't even make an elevator that works without crashing!" Many such crashes, Hoare knew, are due to problems with how a program uses memory. The software inside devices like elevators is often written in languages like C++ or C, which are famous for allowing programmers to write code that runs very quickly and is quite compact. The problem is those languages also make it easy to accidentally introduce memory bugs -- errors that will cause a crash. Microsoft estimates that 70% of the vulnerabilities in its code are due to memory errors from code written in these languages.

Most of us, if we found ourselves trudging up 21 flights of stairs, would just get pissed off and leave it there. But Hoare decided to do something about it. He opened his laptop and began designing a new computer language, one that he hoped would make it possible to write small, fast code without memory bugs. He named it Rust, after a group of remarkably hardy fungi that are, he says, "over-engineered for survival." Seventeen years later, Rust has become one of the hottest new languages on the planet -- maybe the hottest. There are 2.8 million coders writing in Rust, and companies from Microsoft to Amazon regard it as key to their future. The chat platform Discord used Rust to speed up its system, Dropbox uses it to sync files to your computer, and Cloudflare uses it to process more than 20% of all internet traffic.

When the coder discussion board Stack Overflow conducts its annual poll of developers around the world, Rust has been rated the most "loved" programming language for seven years running. Even the US government is avidly promoting software in Rust as a way to make its processes more secure. The language has become, like many successful open-source projects, a barn-raising: there are now hundreds of die-hard contributors, many of them volunteers. Hoare himself stepped aside from the project in 2013, happy to turn it over to those other engineers, including a core team at Mozilla. It isn't unusual for someone to make a new computer language. Plenty of coders create little ones as side projects all the time. But it's meteor-strike rare for one to take hold and become part of the pantheon of well-known languages alongside, say, JavaScript or Python or Java. How did Rust do it?

A Rust-based re-implementation of GNU core utilities like cp and mv is "reaching closer to parity with the widely-used GNU upstream and becoming capable of taking on more real-world uses," reports Phoronix: Debian developer Sylvestre Ledru [also an engineering director at Mozilla] began working on uutils during the COVID-19 pandemic and presented last week at FOSDEM 2023 on his Coreutils replacement effort. With uutils growing into increasingly good shape, it's been packaged up by many Linux distributions and is also used now by "a famous social network via the Yocto project...."

The goals with uutils are to try to create a drop-in replacement for GNU Coreutils, strive for good cross-platform support, and easy testing. Ledru's initial goals were about being able to boot Debian, running the most popular packages, building key open-source software, and all-around it's been panning out to be a great success.... [M]ore performance optimizations are to come along with other work for compatibility against the GNU tools and implementing some still missing options in different programs

An anonymous reader quotes a report from Ars Technica: Why does Thunderbird look so old?" That's one of the most frequently asked questions about Thunderbird, according to Thunderbird Project Design Manager Alessandro Castellani (along with "Is Thunderbird dead?"). And it's one he seeks to answer definitively in a new blog post about Thunderbird's planned 2023 release, codenamed Supernova.

The Supernova release will include an overhaul of Thunderbird's user interface. Castellani didn't share screenshots, but he indicated that the new UI would be "simple and clean" and targeted mostly at new users. For "veteran users," the interface will also be "flexible and adaptable" so that people who prefer the way Thunderbird looks now can "maintain that familiarity they love." Supernova will also include several other big changes, including a redesigned calendar and support for Firefox Sync.

Mozilla is planning for the day when Apple will no longer require its competitors to use the WebKit browser engine in iOS. From a report: Mozilla conducted similar experiments that never went anywhere years ago but in October 2022 posted an issue in the GitHub repository housing the code for the iOS version of Firefox that includes a reference to GeckoView, a wrapper for Firefox's Gecko rendering engine. Under the current Apple App Store Guidelines, iOS browser apps must use WebKit. So a Firefox build incorporating Gecko rather than WebKit currently cannot be distributed through the iOS App Store.

As we reported last week, Mozilla is not alone in anticipating an iOS App Store regime that tolerates browser competition. Google has begun work on a Blink-based version of Chrome for iOS. The major browser makers -- Apple, Google, and Mozilla -- each have their own browser rendering engines. Apple's Safari is based on WebKit; Google's Chrome and its open source Chromium foundation is based on Blink (forked from WebKit a decade ago); and Mozilla's Firefox is based on Gecko. Microsoft developed its own Trident rendering engine in the outdated Internet Explorer and a Trident fork called EdgeHTML in legacy versions of Edge but has relied on Blink since rebasing its Edge browser on Chromium code.

When you share your email, "you're sharing a lot more," warns the New York Times' lead consumer technology writer: [I]t can be linked to other data, including where you went to school, the make and model of the car you drive, and your ethnicity....

For many years, the digital ad industry has compiled a profile on you based on the sites you visit on the web.... An email could contain your first and last name, and assuming you've used it for some time, data brokers have already compiled a comprehensive profile on your interests based on your browsing activity. A website or an app can upload your email address into an ad broker's database to match your identity with a profile containing enough insights to serve you targeted ads.
The article recommends creating several email addresses to "make it hard for ad tech companies to compile a profile based on your email handle... Apple and Mozilla offer tools that automatically create email aliases for logging in to an app or a site; emails sent to the aliases are forwarded to your real email address." Apple's Hide My Email tool, which is part of its iCloud+ subscription service that costs 99 cents a month, will create aliases, but using it will make it more difficult to log in to the accounts from a non-Apple device. Mozilla's Firefox Relay will generate five email aliases at no cost; beyond that, the program charges 99 cents a month for additional aliases.

For sites using the UID 2.0 framework for ad targeting, you can opt out by entering your email address [or phone number] at https://transparentadvertising.org.

Phoronix compares the performance of Firefox and Chrome on the Linux desktop. They used recent releases (at default settings) for both browsers on an Intel Core i9 13900K "Raptor Lake" system with Radeon RX 6700XT graphics, concluding "out-of-the-box Google Chrome continues performing much better overall than Mozilla Firefox."

One area where Firefox does better out-of-the-box is around the HTML5 Canvas such as measured via the CanvasMark test case. For the demanding JetStream 2 benchmark as one of the most demanding browser tests currently, Chrome on Linux was 67% faster than Firefox on this same Intel Raptor Lake desktop.

Firefox did have a small win in the rather basic JavaScript Maze solver benchmark. Firefox at least was in a competitive space for the WebAssembly (WASM) benchmarks, but aside from that Google Chrome continues holding strong on Linux in the performance department.

2022 was the year that Microsoft retired its Internet Explorer web browser (to concentrate on its Chromium-based Microsoft Edge browser).

Yet Ghacks reports that Internet Explorer "is still haunting some from its grave." Some websites and apps use code to determine the user agent. The user agent informs the site about several parameters, including the used web browser (engine) and operating system. When done correctly, it may reveal the used browser and that may then lead to a custom user experience.

When done incorrectly, it may lead to false identification; this is exactly what is happening on some sites currently regarding Internet Explorer user agent sniffing and the Firefox web browser. Some sites identify Firefox as Internet Explorer because of inaccurate user agent sniffing..
Internet Explorer 11's user agent ends by identifying its release version as rv:11.0, the article points out. So when a Firefox user visits a website using Firefox 110 (or any other version up to Firefox 119), "The site in question checks for rv:11 in the user agent [and] Firefox's rv:110 value is identified wrongly as Internet Explorer."

Instead of risking problems with functionality, compatibility, or other display issues for Firefox versions 110 through 119, Mozilla has "decided to freeze part of Firefox's version." Instead of echoing rv:110, rv:111 and so on up to rv:119, Firefox returns rv:109 instead. The end of the user agent string displays the actual version of Firefox still. Mozilla plans to restore the original user agent of Firefox with the release of Firefox 120. The organization plans to release Firefox 120 on November 21, 2023.

Mozilla recently fixed a bug that was first reported 18 years ago in Firebox 1.0, reports How-to Geek: Bug 290125 was first reported on April 12, 2005, only a few days before the release of Firefox 1.0.3, and outlined an issue with how Firefox rendered text with the ::first-letter CSS pseudo-element. The author said, "when floating left a :first-letter (to produce a dropcap), Gecko ignores any declared line-height and inherits the line-height of the parent box. [...] Both Opera 7.5+ and Safari 1.0+ correctly handle this."

The initial problem was that the Mac version of Firefox handled line heights differently than Firefox on other platforms, which was fixed in time for Firefox 3.0 in 2007. The issue was then re-opened in 2014, when it was decided in a CSS Working Group meeting that Firefox's special handling of line heights didn't meet CSS specifications and was causing compatibility problems. It led to some sites with a large first letter in blocks of text, like The Verge and The Guardian, render incorrectly in Firefox compared to other browsers.

The issue was still marked as low priority, so progress continued slowly, until it was finally marked as fixed on December 20, 2022. Firefox 110 should include the updated code, which is expected to roll out to everyone in February 2023.

Esper: The world's biggest tech companies have lost confidence in one of the Internet's behind-the-scenes gatekeepers. Microsoft, Mozilla, and Google are dropping TrustCor Systems as a root certificate authority in their products. Starting in Chrome version 111 for desktops, the browser will no longer trust certificates issued by TrustCor Systems. The same change is coming to Android, but unlike Chrome for desktops, Android's root certificate store can't be updated independently of the OS, meaning it'll take some time for the certificate changes to roll out. Thankfully, that may no longer be the case in Android 14, as Google is preparing to implement updatable root certificates in the next release.

Speedometer 3 will be a "cross-industry collaborative effort" from the Chrome, Safari and Firefox makers to create a new model that balances the companies' visions for measuring responsiveness. Engadget reports: Three companies making a tool that will rate the effectiveness of their competing products sounds like a recipe for disaster. However, Speedometer's governance policy includes a consent system that differs based on potential ramifications. For example, significant changes will require approval from the other two companies, while "non-trivial changes" will need consent from one of the other two parties. Meanwhile, "trivial changes" can be green-lit by a reviewer from any of the three browser makers. The policy's aim is that "the working team should be able to move quickly for most changes, with a higher level of process and consensus expected based on the impact of the change."

The project will follow Speedometer 2, the current de facto benchmark developed by Apple's WebKit team. The Speedometer 3 project is still in its infancy, and its GitHub page warns that it is "in active development and is unstable." The groups recommend using Speedometer 2.1 until development is further along, though we don't yet know when Speedometer 3 will be ready.

Google this week released OSV-Scanner -- an open source vulnerability scanner linked to the OSV.dev database that debuted last year. From a report: Written in the Go programming language, OSV-Scanner is designed to scan open source applications to assess the security of any incorporated dependencies -- software libraries that get added to projects to provide pre-built functions so developers don't have to recreate those functions on their own. Modern applications can have a lot of dependencies. For example, researchers from Mozilla and Concordia University in Canada recently created a single-page web application with the React framework using the create-react-app command. The result was a project with seven runtime dependencies and nine development dependencies.

But each of these direct dependencies had other dependencies, known as transitive dependencies. The react package includes loose-envify as a transitive dependency -- one that itself depends on other libraries. All told, this basic single-page "Hello world" app required a total of 1,764 dependencies. As Rex Pan, a software engineer on Google's Open Source Security Team, observed on Tuesday in a blog post, vetting thousands of dependences isn't something developers can do on their own.

A new feature in Firefox version 108 that may please musicians is the improved support for the Web MIDI API. "The MIDI standard is very close to a remarkable 40 years old, and Web MIDI does just what the name implies: it allows web apps to send and receive MIDI signals to and from musical instruments," reports The Register. "In principle this will allow sequencer apps to be implemented in Javascript." From the report: Amusingly, the last time The Reg mentioned Web MIDI, it was because Apple was taking it off Safari users, allegedly because of security concerns. Firefox 108 addresses that with a new security mechanism for preventing, and optionally permitting, apps inside browser tabs to access hardware resources -- in this instance, your MIDI ports. No, this does not mean that you can listen to CANYON.MID directly within Firefox. .MID files are not the same as General MIDI. But if you are nostalgic for that for some reason, help is at hand. A full list of features and changes can be found here.

couchslug writes: Mozilla's Firefox once commanded a large chunk of the browser market share, but now it stands under a pitiful 5 percent. Google money removes need to compete from a management POV as they'll get paid either way but they're still leaving money on the table.

What should Mozilla do to help Firefox regain its lost market share? Not so long ago Internet Explorer was only used to download Firefox when geeks reloaded Windows machines for others. Today, Edge, however pathetic, still outranks Firefox. Were FF not arguably the best available browser for Linux, share would be even less.

Were you the king for a day what would you do to make Firefox great again? If you dropped or deprecated Firefox what shooed you off? This is not about Firefox being good or bad but about regaining casually discarded market share.