For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.
The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).

Reader prisoninmate writes: Fedora Project released of the Beta milestone of the upcoming Fedora 25 Linux operating system, due for release in mid-November. Powered by Linux kernel 4.8.1, the Fedora 25 Beta is shipping with the recently released GNOME 3.22 desktop environment, which is enabled by default on top of a Wayland 1.12 session for the Workstation Edition). Of course, you'll also find the latest software versions, including the LibreOffice 5.2.2 office suite, Flatpak 0.6.12, Mozilla Firefox 49.0 web browser, and LibVirt 2.2.0. Additionally, users will find the Mesa 12.0.3 3D Graphics Library for better and faster graphics support, OpenSSH 7.3p1 and OpenSSL 1.0.2j for improved security, Python 3.5.2, Samba 4.5.0, systemd 231, TigerVNC 1.7.0, and the latest Git snapshot of the upcoming X.Org Server 1.19.0 display server. Fedora 25 Beta Workstation is available for download now.

An anonymous reader writes: Mozilla announced today Project Mortar, an initiative to explore the possibility of deploying alternative technologies in Firefox to replace its internal implementations. The project's first two goals are to test two Chrome plugins within the Firefox codebase. These are PDFium, the Chrome plugin for viewing PDF files, and Pepper Flash, Google's custom implementation of Adobe Flash. The decision comes as Mozilla is trying to cut down development costs, after Firefox took a nose dive in market share this year. "In order to enable stronger focus on advancing the Web and to reduce the complexity and long term maintenance cost of Firefox, and as part of our strategy to remove generic plugin support, we are launching Project Mortar," said Johnny Stenback, Senior Director Of Engineering at Mozilla Corporation. "Project Mortar seeks to reduce the time Mozilla spends on technologies that are required to provide a complete web browsing experience, but are not a core piece of the Web platform," Stenback adds. "We will be looking for opportunities to replace such technologies with other existing alternatives, including implementations by other browser vendors."

Mozilla announced last year that Firefox OS initiative of shipping phones with commercial partners did not bring the returns it sought. The company earlier this year hinted that it intends to shut the project. It is now sharing how it will deal with Firefox OS code base going forward. From their post: We would stop our efforts to build and ship smartphones through carrier partners and pivot our efforts with Firefox OS to explore opportunities for new use cases in the world of connected devices. Firefox OS was transitioned to a Tier 3 platform from the perspective of support by Mozilla's Platform Engineering organization. That meant as of January 31, 2016 no Mozilla Platform Engineering resources would be engaged to provide ongoing support and all such work would be done by other contributors. For some period of time that work would be done by Mozillaâ(TM)s Connected Devices team. We had ideas for other opportunities for Firefox OS, perhaps as a platform for explorations in the world of connected devices, and perhaps for continued evolution of Firefox OS TV. To allow for those possibilities, and to provide a stable release for commercial TV partners, development would continue on a Firefox OS 2.6 release. In parallel with continued explorations by the Connected Devices team, we recognized there was interest within the Mozilla community in carrying forward work on Firefox OS as a smartphone platform, and perhaps even for other purposes. A Firefox OS Transition Project was launched to perform a major clean-up of the B2G code bringing it to a stable end state so it could be passed into the hands of the community as an open source project. In the spring and summer of 2016 the Connected Devices team dug deeper into opportunities for Firefox OS. They concluded that Firefox OS TV was a project to be run by our commercial partner and not a project to be led by Mozilla. Further, Firefox OS was determined to not be sufficiently useful for ongoing Connected Devices work to justify the effort to maintain it. This meant that development of the Firefox OS stack was no longer a part of Connected Devices, or Mozilla at all. Firefox OS 2.6 would be the last release from Mozilla. Today we are announcing the next phase in that evolution. While work at Mozilla on Firefox OS has ceased, we very much need to continue to evolve the underlying code that comprises Gecko, our web platform engine, as part of the ongoing development of Firefox. In order to evolve quickly and enable substantial new architectural changes in Gecko, Mozilla's Platform Engineering organization needs to remove all B2G-related code from mozilla-central. This certainly has consequences for B2G OS. For the community to continue working on B2G OS they will have to maintain a code base that includes a full version of Gecko, so will need to fork Gecko and proceed with development on their own, separate branch.

Reader Zocalo writes: Over the last several months Mozilla has been investigating a large number of breaches of what Mozilla deems to be acceptable CA protocols by the Chinese root CA WoSign and their perhaps better known subsidiary StartCom, whose acquisition by WoSign is one of the issues in question. Mozilla has now published their proposed solution (GoogleDocs link), and it's not looking good for WoSign and Startcom. Mozilla's position is that they have lost trust in WoSign and, by association StartCom, with a proposed action to give WoSign and StartCom a "timeout" by distrusting any certificates issued after a date to be determined in the near future for a period of one year, essentially preventing them issuing any certificates that will be trusted by Mozilla. Attempts to circumvent this by back-dating the valid-from date will result in an immediate and permanent revocation of trust, and there are some major actions required to re-establish that trust at the end of the time out as well.
This seems like a rather elegant, if somewhat draconian, solution to the issue of what to do when a CA steps out of line. Revoking trust for certificates issued after a given date does not invalidate existing certificates and thereby inconvenience their owners, but it does put a severe -- and potentially business-ending -- penalty on the CA in question. Basically, WoSign and StartCom will have a year where they cannot issue any new certificates that Mozilla will trust, and will also have to inform any existing customers that have certificate renewals due within that period they cannot do so and they will need to go else where -- hardly good PR!

What does Slashdot think? Is Mozilla going too far here, or is their proposal justified and reasonable given WoSign's actions, making a good template for potential future breaches of trust by root CAs, particularly in the wake of other CA trust breaches by the likes of CNNIC, DigiNotar, and Symantec?

An anonymous reader writes: Mozilla today launched Firefox 49 for Windows, Mac, Linux, and Android. The new version includes expanded multi-process support, improvements to Reader Mode, and offline page viewing on Android. The built-in voice and video calling feature Firefox Hello, meanwhile, has been removed from the browser. First up, Firefox 49 brings two improvements to Reader Mode. You can now adjust the text (width and line spacing), fonts, and even change the theme from light to dark. There is also a new Narrate option that reads the content of the page aloud. Next is the Mozilla's crusade to enable multi-process support, a feature that has been in development for years as part of the Electrolysis project. With the release of Firefox 48, Mozilla enabled multi-process support for 1 percent of users, slowly ramping up to nearly half of the Firefox Release channel. Initial tests showed a 400 percent improvement in overall responsiveness.Mozilla says at least "half a billion people around the world" use its Firefox browser.

Mozilla is investigating whether the fully patched version of Firefox is affected by the same cross-platform, malicious code-execution vulnerability patched on Friday in the Tor browser. Dan Goodin, reporting for ArsTechnica: The vulnerability allows an attacker who has a man-in-the-middle position and is able to obtain a forged certificate to impersonate Mozilla servers, Tor officials warned in an advisory. From there, the attacker could deliver a malicious update for NoScript or any other Firefox extension installed on a targeted computer. The fraudulent certificate would have to be issued by any one of several hundred Firefox-trusted certificate authorities (CA). While it probably would be challenging to hack a CA or trick one into issuing the necessary certificate for addons.mozilla.org, such a capability is well within reach of nation-sponsored attackers, who are precisely the sort of adversaries included in the Tor threat model. In 2011, for instance, hackers tied to Iran compromised Dutch CA DigiNotar and minted counterfeit certificates for more than 200 addresses, including Gmail and the Mozilla addons subdomain.

An anonymous Slashdot reader quotes Softpedia: Mozilla has announced this week that it is delaying the release of Firefox 49 for one week to address two unexpected bugs. Firefox 49, which was set for release on Tuesday, September 13, will now launch the following Tuesday, on September 20... Firefox 49 is an important release in Mozilla's grand scheme of things when it comes to Firefox. This is the version when Mozilla will finish multi-process support rollout (a.k.a. e10s, or Electrolysis), and the version when Firefox launches the new WebExtensions API that replaces the old Add-ons API, making Firefox compatible with Chromium extensions.
Firefox's release manager explained the delays as "two blocking issues and the need for a bit more time to evaluate the results of their fixes/backouts" -- one of which apparently involves opening Giphy GIFS on Twitter.

An anonymous reader quotes a report from MSPoweruser: Microsoft today announced that the company is bringing support for WebVR to Microsoft Edge on Windows 10. With WebVR, users can experience Virtual Reality content from their web browser on a virtual reality headset such as the Oculus Rift. WebVR support on Microsoft Edge may also be useful for the Windows Holographic Shell on Windows 10, which is expected to arrive sometime later this year. For those unfamiliar, Microsoft will be allowing virtual reality headset owners to use Windows Holographic on their Windows 10 PC -- therefore, Microsoft Edge supporting WebVR can turn out to be very useful. WebVR is already supported in browsers like Google Chrome and Firefox, but it'll be coming to Microsoft Edge in the near-future. At the moment, Microsoft isn't sharing many details about WebVR on Microsoft Edge. While there isn't any official info on when the company plans to release this feature, we suspect it'll be coming with Windows 10 Redstone 2 which is expected to arrive in early 2017.

An anonymous Slashdot reader quotes BetaNews about new legal documents filed Friday: Microsoft is fighting the US Justice Department in an attempt to quash a law that prevents companies informing customers that the government is requesting their data. The technology giant has the backing of other tech companies as well as media outlets. Amazon, Apple, Google, Fox News, Electronic Frontier Foundation and Mozilla are among those offering their support to Microsoft. The lawsuit says that blocking companies from keeping their customers informed is unconstitutional, and it comes at a time when tech companies in particular are keen to be as open and transparent as possible about government requests for data....

As EFF Senior Staff Attorney Lee Tien puts it: "Whether the government has a warrant to rifle through our mail, safety deposit boxes, or emails stored in the cloud, it must notify people about the searches. When electronic searches are done in secret, we lose our right to challenge the legality of law enforcement invasions of privacy. The Fourth Amendment doesn't allow that, and it's time for the government to step up and respect the Constitution."
Mozilla argues transparency "is critical to our vision of an open, trusted, secure web that places users in control of their experience online," in a blog post announcing that they'd joined a brief filed by Apple, Twilio, and Lithium Technologies.

And a statement from an EFF staff attorney argues that notifying the targets of searches "provides a free society with a crucial means of government accountability."

You asked, he answered!

VideoLan President and Lead Developer of VLC Jean-Baptiste Kempf has responded to questions submitted by Slashdot readers. Read on to find out about the upcoming VideoLAN projects; how they keep VLC sustainable; what are some mistakes they wish they hadn't made; and what security challenges they face, among others!

Megan Geuss, writing for ArsTechnica: Mozilla is trying a rebranding. Back in June, the browser developer announced that it would freshen up its logo and enlist the Internet's help in reaching a final decision. The company hired British design company Johnson Banks to come up with seven new "concepts" to illustrate the company's work. The logos rely on vibrant colors, and several of them recall '80s and '90s style. In pure, nearly-unintelligible marketing speak, Mozilla writes that each new design reflects a story about the company. "From paying homage to our paleotechnic origins to rendering us as part of an ever-expanding digital ecosystem, from highlighting our global community ethos to giving us a lift from the quotidian elevator open button, the concepts express ideas about Mozilla in clever and unexpected ways," Mozilla's Creative Director Tim Murray writes in a blog post. Mozilla is soliciting comment and criticism on the seven new designs for the next two weeks, but this is no Boaty McBoatface situation. Mozilla is clear that it's not crowdsourcing a design, asking anyone to work on spec, or holding a vote over which logo the Internet prefers. It's just asking for comments.

An anonymous Slashdot reader quotes a report from fossBytes: Linux Mint 18 'Sarah' KDE Edition Beta is now available for download and testing. This release is based on the long-term supported Linux 4.4 kernel and KDE Plasma 5.6 desktop environment. The final release of this widely popular distro is expected to arrive in September... Just like MATE, Cinnamon, and Xfce releases, the KDE release is a long term release that will remain supported until 2021.

Linux Mint 18 'Sarah' KDE Edition ships with Mozilla Firefox as default web browser and LibreOffice as the default office suite. The Linux distro also features a wide range of popular KDE apps like Kontact, Dolphin, Gwenview, KMail, digiKam, KTorrent, Skanlite, Konversation, K3b, Konsole, Amarok, Ark, Kate, Okular, and Dragon Player.
"Unlike other Linux Mint editions, the KDE edition will ship with the SDDM display manager," reports the Linux Mint blog. Distrowatch notes that it's based on Ubuntu 16.04, and suggests "Mint's 'KDE' flavour might turn out to be the most interesting of the bunch, especially if the project's usually excellent quality assurance is applied to this edition in the same manner as in its 'MATE' and 'Cinnamon' variants."

An anonymous reader writes: [Softpedia reports:] "Mozilla plans to include a webpage screenshot sharing feature to Firefox as part of the Test Pilot program, a spokesperson confirmed to Softpedia. The new feature is called Page Shot, and will initially roll out on Firefox Test Pilot in late-Q3 of this year. The Firefox Test Pilot program allows users to test experimental Firefox features using a special add-on. Based on user feedback, those features will end up as built-in Firefox features, or self-standing add-ons." The pageshot.net website is now offline as Mozilla prepares to launch the add-on via Test Pilot, but Softpedia has the screenshots. You can view the screenshots here.

An anonymous reader writes from a report via Softpedia: "Researcher Jerry Decime revealed details about a security vulnerability that allows an attacker to gain a Man-in-the-Middle position and intercept HTTPS traffic thanks to flaws in the implementation of proxy authentication procedures in various products," reports Softpedia. The flaw can be used to collect user credentials by tricking victims into re-authenticating, sending data to a third-party. Multiple software vendors deploy applications that can handle proxy connections. Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others.

Reader LichtSpektren writes: Widevine, the media protocol that allows users to watch videos on Netflix, is supported in Firefox for Windows and macOS. But until now, its users on Linux were required to use a plug-in. That changes with v49, which offers out-of-the-box support for Netflix.Mozilla plans to offer plug-in streaming for Netflix as well as Amazon Prime Video and other similar services. The v49 will be available on Linux in September. Mozilla adds that it will be removing support for NPAPI plugins from its browser in the near future, plugins that some video streaming sites rely on for playback. "Mozilla plan to support the Widevine CDM on Linux, letting users watch Netflix without plugins," the company said.

Firefox has announced a new add-on dubbed No More 404s in its Test Pilot platform which aims to change the way we see 404 links on the web. The add-on, Firefox says, replaces the Error 404 from missing webpages, and replaces them with saved archives from the Wayback Machine. From a report on Gadgets 360: Normally, when presented with a missing link, the browser shows the 404 error. However, Mozilla's No More 404s add-on will give Firefox users the choice to see old Internet snapshots saved in the Internet Archive's Wayback Machine. This is especially handy for users trying to do research or just digging up some old graves out of curiosity. For now, this add-on is only available in Firefox's experimental Test Pilot platform, with no details on availability for regular Firefox users. Interested users can install the test version here. Apart from this, the Test Pilot platform also introduced improved search results through the Awesome Bar, redesigned the Tabs bar to the side, and even tweaked the history feed.

Mozilla on Tuesday released Firefox v48, touted as one of the most important updates the browser has ever received. With the new version, Firefox starts migrating users to using mullti-process threads (e10s, Electrolysis), and it is also the first version to ship with Rust component. In addition, Firefox is now also making add-on signing mandatory. From a Softpedia article: Announced last year, Electrolysis, e10s, or multi-process support is Firefox's ability to process core browser operations separately from the content viewed on a Web page. Multi-process support allows a page to crash without bringing the entire browser down with it and improves the browser's overall performance. e10s rollout will take place in two phases, first in Firefox 48, and it will finish in Firefox 49, set for release on September 13, 2016. Mandatory add-on signing refers to Firefox preventing users from installing any add-ons that have not been approved by Mozilla's testers. This is something similar to what Chrome employs, but Firefox users have been spoiled all these years, always having the capability of installing any add-on they've desired. Rust is a programming language that's a revamped and improved version of C++ but that protects developers from accidentally including dangerous memory bugs in their code. It achieves this by how the language was constructed and by how developers write the code.

Firefox's voice and videoconferencing add-on was described as "the first global communications system built directly into a browser" -- but things change. An anonymous Slashdot reader writes: An entry on Mozilla's issue tracker opened on July 17 reveals ongoing efforts from Mozilla engineers to remove the Hello system add-on from default Firefox installations starting with version 49, set for public release on September 13, 2016. Mozilla added Hello to Firefox in version 34, released on December 1, 2014, and from the beginning, it was part of the browser's core code, but was moved in December 2015 into a separate add-on, one that came pre-installed with Firefox, making Hello its first ever system add-on.

Mozilla plans to remove Hello from the codebases of Firefox Beta 49, Firefox Developer Edition 50, and Firefox Nightly 51. Based on the currently available information, the deadline for the Hello code removal operations is for this Monday, August 1, after which the first Firefox builds with no Hello integration will be available for testing, and will ship out in the fall with the stable release.
The article suggests this may have been a space-saving measure, "since Mozilla is focused on rebuilding Firefox's code from scratch to keep up with speedier competitors like Chrome, Opera, and Vivaldi."

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?Let's get this going.