AmiMoJo writes: Four years ago Mozilla moved to a fixed-schedule release model, otherwise known as the Train Model, in which we released Firefox every six weeks to get features and updates to users faster. Now Mozilla is moving to a variable 6-8 week cycle, with the same number of releases per year but some flexibility to 'respond to emerging user and market needs' and allow time for holidays. The new release schedule looks like this:

• 2016-01-26 – Firefox 44
• 2016-03-08 – Firefox 45, ESR 45 (6 weeks cycle)
• 2016-04-19 – Firefox 46 (6 weeks cycle)
• 2016-06-07 – Firefox 47 (7 weeks cycle)
• 2016-08-02 – Firefox 48 (8 weeks cycle)
• 2016-09-13 – Firefox 49 (6 weeks cycle)
• 2016-11-08 – Firefox 50 (8 weeks cycle)
• 2016-12-13 – Firefox 50.0.1 (5 week cycle, release for critical fixes as needed)
• 2017-01-24 – Firefox 51 (6 weeks from prior release)

ewhac writes: Among its other desirable features, Firefox included a feature allowing very fine-grained cookie management. When enabled, every time a Web site asked to set a cookie, Firefox would raise a dialog containing information about the cookie requested, which you could then approve or deny. An "exception" list also allowed you to mark selected domains as "Always allow" or "Always deny", so that the dialog would not appear for frequently-visited sites. It was an excellent way to maintain close, custom control over which sites could set cookies, and which specific cookies they could set. It also helped easily identify poorly-coded sites that unnecessarily requested cookies for every single asset, or which would hit the browser with a "cookie storm" — hundreds of concurrent cookie requests.

Mozilla quietly deleted this feature from Firefox 44, with no functional equivalent put in its place. Further, users who had enabled the "Ask before accept" feature have had that preference silently changed to, "Accept normally." The proffered excuse for the removal was that the feature was unmaintained, and that its users were, "probably crashing multiple times a day as a result" (although no evidence was presented to support this assertion). Mozilla's apparent position is that users wishing fine-grained cookie control should be using a third-party add-on instead, and that an "Ask before accept" option was, "not really nice to use on today's Web."

LichtSpektren writes: Several tech sites have now broke the news that Canonical has revealed their BQ Aquaris M10 Ubuntu Tablet. Joey-Elijah Sneddon builds the hype: "A stunning 10.1-inch IPS touch display powered a full HD 1920×1200 pixel resolution at 240 ppi. Inside is a 64-bit MediaTek MT8163A 1.5GHz quad-core processor, 2GB of RAM, and 16GB of internal memory. A micro SD memory card is included, adding storage expansion of up to 64GB. Furthermore, the converged slate includes an 8-megapixel rear camera with autofocus and dual LED flash (and capable of recording in full 1080p), plus a front facing 3-megapixel camera for video chats, vlogs and selfies. Front facing Dolby Atmos speakers will provide a superior sound experience during movie playback. The M10 measure 246mm x 171mm x 8.2mm, weighs just 470 grams — lighter than the Apple iPad Air — and has a 7280 mAh battery to give up to 10 hours of use. ... Tablet mode offers a side stage for running two apps side-by-side, plus a full range of legacy desktop applications, mobile apps and scopes. LibreOffice, Mozilla Firefox, The GIMP and Gedit are among a 'curated collection of legacy apps' to ship pre-installed on the tablet. It will also be possible for developers and enthusiasts to install virtually any ARM compatible app available on Ubuntu using the familiar 'apt-get' command." A photo gallery can also be seen on his website here. The price is not yet announced, but the Android version of the same tablet is currently on sale for €229.

An anonymous reader writes: After Mozilla said in October that it would stop supporting Firefox plugins on the older NPAPI technology, Oracle had no choice now but to announce the deprecation of the Java browser plugin starting with the release of the JDK version 9, which is set for release in March 2017, and developers are urged to start using the Java Web Start pluginless technology instead. Security issues also had a big part in Java's demise.

An anonymous reader writes: Mozilla today launched Firefox 44 for Windows, Mac, Linux, and Android. Notable additions to the browser include push notifications, the removal of RC4 encryption, and new powerful developer tools. Mozilla made three promises for push notifications: "1. To prevent cross-site correlations, every website receives a different, anonymous Web Push identifier for your browser. 2. To thwart eavesdropping, payloads are encrypted to a public / private keypair held only by your browser. 3. Firefox only connects to the Push Service if you have an active Web Push subscription. This could be to a website, or to a browser feature like Firefox Hello or Firefox Sync." Here are the full changelogs: Desktop and Android.

rudy_wayne writes: Former Mozilla CEO Brendan Eich has launched a new Chromium-based browser called Brave. "Brave blocks everything: initial signaling/analytics scripts that start the programmatic advertising 'dirty pipe', impression-tracking pixels, and ad-click confirmation signals," Eich wrote on the Brave site. Former Mozilla CTO Andreas Gal said in a blog post that "the web is broken," with current browser vendors unwilling to tackle the dilemma of blocking ads, while looking at alternative mechanisms for funding content. Gal said it was ironic Brave was a for-profit operation that can make money from reducing advertising.

mitcheli writes: If you're hanging on to the theory that collision attacks against SHA-1 and MD5 aren't yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have provided reason for urgency. They demonstrated a new series of transcript collision attacks centered on the SHA-1 and MD5 implementations in TLS 1.1, 1.2 and 1.3, along with IKEv1 and v2, and SSH 2. They say, "Our main conclusion is that the continued use of MD5 and SHA1 in mainstream cryptographic protocols significantly reduces their security and, in some cases, leads to practical attacks on key protocol mechanisms (PDF)." Of course, Mozilla officially began rejecting new SHA-1 certificates as of the first of the year. And as promised, there have been some usability issues. Mozilla said on Wednesday that various security scanners and antivirus products are keeping some users from reaching HTTPS websites.

prisoninmate writes: An SBC called Chirimen was designed from the outset to use web browser technologies in various science projects by extending the I2C and GPIO WebAPIs to control devices powered by Mozilla's Firefox OS 2.0 and higher operating system. As such, Web developers can easily use browser technologies to develop awesome things. The board is developed by MozillaFactory.org in Japan.

itwbennett writes: On Wednesday, Trend Micro wrote that it discovered a cyberattack on Dec. 21 that was designed to install banking malware on computers. The cybercriminals had compromised a legitimate website and set up a subdomain that led to a server under their control, wrote Joseph Chen, a fraud researcher with Trend. The subdomain used an SSL/TLS (Secure Sockets Layer/Transport Layer Security) certificate issued by Let's Encrypt, the first large-scale project to issue free digital certificates. which is run by the ISRG (Internet Security Research Group) and is backed by Mozilla, the Electronic Frontier Foundation, Cisco, and Akamai, among others. The incident has sparked disagreement over how to deal with such abuse, writes Jeremy Kirk.

RoccamOccam writes: Mozilla developers have discussed a plan to implement support for a subset of non-standard CSS prefixes used in WebKit. Mozilla developer Daniel Holbert says: "A good chunk of the web today (and particularly the mobile web) effectively relies on -webkit prefixed CSS properties & features. We wish we lived in a world where web content always included standards-based fallback (or at least multiple-vendor-prefixed fallback), but alas, we do not live in that world. To be successful at rendering the web as it exists, we need to add support for a list of frequently-used -webkit prefixed CSS properties & features."

An anonymous reader writes: Mozilla developer James Long has posted a sort of internal monologue on the difficulties of being a hobbyist open source project maintainer. He says, "I hugely admire people who give so much time to OSS projects for free. I can't believe how much unpaid boring work is going on. It's really cool that people care so much about helping others and the community. ... There are two roles for any project: starters and maintainers. People may play both roles in their lives, but for some reason I've found that for a single project it's usually different people. Starters are good at taking a big step in a different direction, and maintainers are good at being dedicated to keeping the code alive.

I am definitely a starter. I tend to be interested in a lot of various things, instead of dedicating myself to a few concentrated areas. I've maintained libraries for years, but it's always a huge source of guilt and late Friday nights to catch up on a backlog of issues. ... Here's to all the maintainers out there. To all the people putting in tireless, thankless work behind-the-scenes to keep code alive, to write documentation, to cut releases, to register domain names, and everything else."

An anonymous reader writes: Earlier this month, Mozilla announced that Firefox OS smartphones would no longer be sold via carriers. Because the company refused to talk about what's next for Firefox OS, aside from saying it will experiment with "connected devices," many were left simply to speculate as to what could be in the pipeline. Today, we have a leaked document, which Mozilla confirmed is legitimate. My favorite of the concepts is a Raspberry Pi-based keyboard.

itwbennett writes: Due to recent research showing that SHA-1 is weaker than previously believed, Mozilla, Microsoft and now Google are all considering bringing the deadline forward by six months to July 1, 2016. Websites like Facebook and those protected by CloudFlare have implemented a SHA-1 fallback mechanism. Both companies have argued that there are millions of people in developing countries that still use browsers and operating systems that do not support SHA-2, the replacement function for SHA-1, and will therefore be cut off from encrypted websites that move to SHA-2 certificates.

maxcelcat writes: I've used Thunderbird for about a decade, and Netscape Mail before that (I have an email from 1998 from Marc Andreessen, welcoming me to Netscape Email, telling me different fonts can add impact to my emails). Thunderbird has served me well, but it's getting long in the tooth. Given the lack of development and the possibility that it's going End of Life, what should I use instead? I have multiple email accounts and an archive of sixteen years of email. I could get a copy of Outlook, but I don't like it.

Things I like about Thunderbird: Supports multiple email accounts; simple interface; storage structure is not one monolithic file; plain text email editor; filtering. Things I don't like: HTML email editor; folders are hard to change and re-arrange.

An anonymous reader writes: Jonas Echterhoff from Unity has posted the latest Unity WebGL benchmark results on the Unity blog. He writes, "A bit over a year ago, we released a blog post with performance benchmarks for Unity WebGL, to compare WebGL performance in different browsers. We figured it was time to revisit those benchmarks to see how the numbers have changed. Microsoft has since released Windows 10 with their new Edge browser (which supports asm.js and is now enabling it by default) – so we were interested to see how that competes. Also, we have an experimental build of Unity using Shared Array Buffers to run multithreaded code, and we wanted to see what kind of performance gains to expect. So we tested this in a nightly build of Firefox with Shared Array Buffer support." The benchmark concludes that Firefox 42 64-bit is the fastest, Edge takes second, and Chrome and Safari share third place.

An anonymous reader writes: Mozilla today launched Firefox 43 for Windows, Mac, Linux, and Android. Notable additions to the browser include a 64-bit version for Windows (finally!), a new strict blocklist for the browser's tracking protection feature, and tab audio indicators on Android. "There is, however, a bit of a caveat. Firefox 64-bit for Windows has limited support for plugins. Certain sites that require plugins and work in Firefox 32-bit might not work in this 64-bit version. But Mozilla doesn’t see this as a big problem, and says it is by design. After all, the company plans to drop support for NPAPI plugins in Firefox by the end of the year (though it will keep Flash around). Mozilla has just over two weeks to deliver on that promise." Here are the changelogs: desktop and Android.

An anonymous reader writes: A couple months ago, we discussed news that Mozilla was planning to give back to the open source projects they rely on, to the tune of $1 million. Now, Mozilla has announced the first round of awards, giving out $503,000 in the process. The biggest payout, $200,000, went to Bro, who makes network monitoring software. They plan to use the funds to create "a public repository for sharing 3rd-party scripts and plug-ins." The Django project received $150,000, and they'll use it to "rewrite the core of Django to support (among other things) WebSockets and background tasks," and a few other goodies. Mercurial was awarded $75,000, which will go toward "better support for 'blame' (showing who last changed some code) and a better web UI." Also receiving awards were Read The Docs ($48,000), Discourse ($25,000), CodeMirror ($20,000), and BuildBot ($15,000).

itwbennett writes: As previously reported on Slashdot, browser makers are considering an accelerated retirement of the older and increasingly vulnerable SHA-1 function. But Facebook and CloudFlare are warning some 37 million users of old browsers and operating systems that don't support SHA-2 will be left without access to encrypted websites. The majority of them are located in some of the "poorest, most repressive, and most war-torn countries in the world," CloudFlare's CEO Matthew Prince said Wednesday in a blog post. Facebook has solved this problem by building a mechanism that allows its certificates to be switched automatically based on the browser used by the visitor.

An anonymous reader writes: Mozilla announced today at its developer event in Orlando that the company is ending its smartphone experiment. Mozilla will stop developing and selling Firefox OS smartphones. Ari Jaaksi, Mozilla's SVP of Connected Devices, said, "We are proud of the benefits Firefox OS added to the Web platform and will continue to experiment with the user experience across connected devices." However, he added that it didn't end up providing a great user experience, so they decided to move their efforts elsewhere within the "connected devices" ecosystem. The TechCrunch article notes, "Mozilla has been on a streamlining track lately. Last week it announced that it would be looking for alternative homes for its Thunderbird email and chat client. The aim is for the company to focus more on its strongest and core products and reputation."

An anonymous reader writes: Mozilla today launched an iOS content blocker called Focus by Firefox. It's a "content blocker" because although Focus is capable of blocking some ads, this latest project from the non-profit is aimed at stopping trackers. The free app is made possible thanks to iOS 9's content-blocking feature, which requires some setting up. Like with any content blocker, after you download Focus, you'll have to activate Focus' content-blocking features within your system-wide iOS settings (launching the app will provide a guide to finish configuration). It's worth noting that Focus only works with Safari. Mozilla says, "This was not our choice—Apple has chosen to make content blocking unavailable to third party browsers on iOS." Here is the Focus GitHub repo and its feedback tool.