Recently, Firefox had an incident in which most add-ons stopped working. This was due to an error on our end: we let one of the certificates used to sign add-ons expire which had the effect of disabling the vast majority of add-ons. Now that we’ve fixed the problem for most users and most people’s add-ons are restored, I wanted to walk through the details of what happened, why, and how we repaired it. An in-depth look at the cause and fixes for the devastating extensions bug that hit Firefox users over the weekend, written by Firefox CTO Eric Rescorla.
The last time I saw Mark Zuckerberg was in the summer of 2017, several months before the Cambridge Analytica scandal broke. We met at Facebook’s Menlo Park, Calif., office and drove to his house, in a quiet, leafy neighborhood. We spent an hour or two together while his toddler daughter cruised around. We talked politics mostly, a little about Facebook, a bit about our families. When the shadows grew long, I had to head out. I hugged his wife, Priscilla, and said goodbye to Mark. Since then, Mark’s personal reputation and the reputation of Facebook have taken a nose-dive. The company’s mistakes — the sloppy privacy practices that dropped tens of millions of users’ data into a political consulting firm’s lap; the slow response to Russian agents, violent rhetoric and fake news; and the unbounded drive to capture ever more of our time and attention — dominate the headlines. It’s been 15 years since I co-founded Facebook at Harvard, and I haven’t worked at the company in a decade. But I feel a sense of anger and responsibility. This New York Times articles, written by Facebook co-founder Chris Hughes, is an absolute must-read. Facebook – along with Apple, Google, and possibly Amazon and Microsoft – must be broken up to reduce their immense power. Hughes quotes John Sherman, who said in the late 19th century on the floor of US Congress, “If we will not endure a king as a political power, we should not endure a king over the production, transportation and sale of any of the necessities of life.If we would not submit to an emperor, we should not submit to an autocrat of trade with power to prevent competition and to fix the price of any commodity.” He was right then, and he’s still right now.
This process will no doubt sound familiar to those of you who have used Linux. Most Linux distributions offer bootable images that can be flashed to a USB drive or burned to a CD/DVD. When the computer boots from the Linux drive, a complete desktop environment is present, allowing the user to easily test applications and perform other tasks. Nothing is installed to the computer’s internal drive, and all data is deleted when Linux shuts down. Android Q will include similar functionality, which is currently being called ‘Dynamic System Updates’ (though ‘Live Images’ and ‘Dynamic Android’ were also being used to refer to it). A temporary system partition is created, and an alternative Generic System Image (GSI) can be installed to it. A notification appears when the process is done, and tapping it reboots the phone into the GSI. When you’re done, simply reboot the phone, and you’re returned to your phone’s regular build of Android. This will be a very welcome feature not just for developers, but also for people like me who would love to test public beta releases before committing.
An IEEE Spectrum article outlines some interesting new OS-related research. Martin Maas, a University of California, Berkeley, PhD student who is now at Google, designed “a new type of device that relieves the CPU from its garbage collection duties.” Maas notes that CPUs, which have traditionally been assigned garbage collection, were never specifically designed for the task. “CPUs are built to be flexible and run a wide range of applications. As a result, they are relatively large and can take up a significant amount of power,” he explains.Instead, Maas and his colleagues created a compact accelerator unit that requires a small amount of chip area and power. It can be added to the CPU, similar to how many modern processor chips are integrated into graphics processing units.“While the software application is running on the CPU, this unit sits on the side and performs garbage collection for the application,” says Maas. “In principle, this means that you could build a system where the software does not have to worry about garbage collection at all and just keeps using the available memory.”
At Google I/O, Google quietly announced that “all devices launched this year will be Linux-ready right out of the box.” A ZDNet article has more details. Earlier, you could run Debian, Ubuntu and Kali Linux on Chrome OS using the open-source Crouton program in a chroot container. Or, you could run Gallium OS, a third-party, Xubuntu Chromebook-specific Linux variant. But it wasn’t easy. Now? It’s as simple as simple can be. Just open the Chrome OS app switcher by pressing the Search/Launcher key and then type “Terminal”. This launches the Termina VM, which will start running a Debian 9.0 Stretch Linux container.
In 2017, we saw several new MCUs hit the market, as well as general trends continuing in the industry: the migration to open-source, cross-platform development environments and toolchains; new code-generator tools that integrate seamlessly (or not so seamlessly…) into IDEs; and, most notably, the continued invasion of ARM Cortex-M0+ parts into the 8-bit space. I wanted to take a quick pulse of the industry to see where everything is — and what I’ve been missing while backed into my corner of DigiKey’s web site. It’s time for a good ol’ microcontroller shoot-out.
Senator Josh Hawley (R-MO) today announced a bill that would ban loot boxes and pay-to-win microtransactions in “games played by minors”, a broad label that the senator says will include both games designed for kids under 18 and games “whose developers knowingly allow minor players to engage in microtransactions”. Loot boxes are clearly gambling, and ought to be treated as such. I’m by no means enough of a lawyer to determine if this specific proposed bill does enough – or possibly too much – to curtail the predatory practices in games, but it’s a good sign people are paying attention. We sure won’t be able to count on Google or Apple, since both of them profit greatly from these predatory practices.
Google is tackling version fragmentation with initiatives such as Project Treble, a major rearchitecting of Android resulting in a separation between the Android OS framework components and the vendor HAL components, extended Linux kernel LTS, mandatory security patch updates for 2 years, and Android Enterprise Recommended. At Google I/O 2019, the company announced its latest initiative to speed up security updates: Project Mainline for Android Q. A fairly detailed look at how this new initiative works. Sadly, as always, this only affects Android Q devices or devices that get updated to Android Q – the vast install base of earlier versions see no benefit at all.
With Android Q, we’ve focused on three themes: innovation, security and privacy, and digital wellbeing. We want to help you take advantage of the latest new technology — 5G, foldables, edge-to-edge screens, on-device AI, and more — while making sure users’ security, privacy, and wellbeing are always a top priority. This year, Android Q Beta 3 is available on 15 partner devices from 12 OEMs — that’s twice as many devices as last year! It’s all thanks to Project Treble and especially to our partners who are committed to accelerating updates to Android users globally — Huawei, Xiaomi, Nokia, Sony, Vivo, OPPO, OnePlus, ASUS, LGE, TECNO, Essential, and realme. Android Q doesn’t seem like a massive release, but I do like the growing number of Treble-enabled devices that can install this new beta.
Based on technology developed by Hewlett-Packard, Microsoft’s IntelliMouse Explorer arrived with a price tag that could be justified by even cash-strapped students like me. Even better, the underside of the mouse was completely sealed, preventing even the tiniest speck of dirt from penetrating its insides, and it improved on its predecessors by working on almost any surface that wasn’t too reflective. I remember getting back to my dorm room and plugging in the Explorer for the first time, wondering who had a rig fancy enough to use the included PS2 to USB adapter. There were undoubtedly a few driver installation hiccups along the way, but once Windows 98 was happy, I fired up Photoshop and strapped in for the smoothest mouse experience I’d ever had. Problem solved. The changeover from ball mice to optical mice is something few will ever rave about, but I remember it as one of the biggest changes in computer use I’ve personally ever experience. Everything about optical mice is better than ball mice, and using an optical mouse for the first time roughly two decades ago was a complete game-changer.
Today marks an important milestone for the Flutter framework, as we expand our focus from mobile to incorporate a broader set of devices and form factors. At I/O, we’re releasing our first technical preview of Flutter for web, announcing that Flutter is powering Google’s smart display platform including the Google Home Hub, and delivering our first steps towards supporting desktop-class apps with Chrome OS. Do any OSNews readers with a far better grip on such frameworks than I do have experience with Flutter?
Today we’re unveiling the newest architecture for the Windows Subsystem for Linux: WSL 2! Changes in this new architecture will allow for: dramatic file system performance increases, and full system call compatibility, meaning you can run more Linux apps in WSL 2 such as Docker. This is a massive new release of WSL, and for the first time for consumer-facing Windows, Microsoft will be shipping a full Linux kernel with its operating system. Beginning with Windows Insiders builds this Summer, we will include an in-house custom-built Linux kernel to underpin the newest version of the Windows Subsystem for Linux (WSL). This marks the first time that the Linux kernel will be included as a component in Windows. This is an exciting day for all of us on the Linux team at Microsoft and we are thrilled to be able to tell you a little bit about it. All changes will go upstream, and the kernel itself will be updated through Windows Update. Of course, this Linux kernel, which contains patches to optimise it for WSL 2, will be fully GPL compliant, so anyone will be able to build to their own custom kernel using these patches.
Today, we’re announcing that the next release after .NET Core 3.0 will be .NET 5. This will be the next big release in the .NET family. There will be just one .NET going forward, and you will be able to use it to target Windows, Linux, macOS, iOS, Android, tvOS, watchOS and WebAssembly and more. We will introduce new .NET APIs, runtime capabilities and language features as part of .NET 5. This will be a Microsoft-heavy day, since Microsoft’s developer conference is underway.
Linux 5.1 released has just been released. The main feature in this release is io_uring, a high-performance interface for asynchronous I/O. There are also improvements in fanotify to provide a scalable way of watching changes on large file systems, and it adds a method to allow safe delivery of signals in presence of PID reuse. Persistent memory can be used now as hot-plugabble RAM, Zstd compression levels have been made configurable in Btrfs, and there is a new cpuidle governor that makes better power management decisions than the menu governor. In addition, all 32 bit architectures have added the necessary syscalls to deal with the y2038 problem; and live patching has added support for creating cumulative patches. There are many other features and new drivers in the KernelNewbies changelog.
At its Build 2019 developers conference today, Microsoft announced a slew of offerings for Windows developers, including Windows Terminal, Windows Subsystem for Linux (WSL) 2, XAML Islands, React Native for Windows, and MSIX Core. Windows Terminal, available in preview now, is a new application for command-line users that promises a user interface with “graphics-processing-unit-accelerated text rendering.” The application features tabs; tear-away windows; shortcuts; and full Unicode support, including East Asian fonts, emojis, ligatures, theming, and extensions. Windows Terminal is meant for users of PowerShell, Cmd, WSL, and other command-line applications. Windows Terminal seems to address quite a few shortcomings of Windows when it comes to its terminal – or lack thereof – and is certainly going to make a lot of developers and administrators quire, quite happy.
Since macOS 10.15 will remove support for 32bit binaries, it might be time to start preparing for this as a user. Steven Troughton-Smith linked to this older article from last year: macOS High Sierra 10.13.4 gets us a step closer to ditching 32-bit mode for apps. In fact, you can force your Mac to run only in 64-bit mode if you aren’t afraid to pay a visit to the command line. This way, you can see if any applications you use are 32bit, and if you can live without them – if not, you can start looking for alternatives.
Update: a partial fix has been shipped by Mozilla A few hours ago a security certificate that Mozilla used to sign Firefox add-ons expired. What this means is that every add-on signed by that certificate, which seems to be nearly all of them, will now be automatically disabled by Firefox as security measure. In simpler terms, Firefox doesn’t trust any add-ons right now. Basically, all your Firefox extensions will be disabled and won’t work until Mozilla fixes this embarrassing issue. Until they do, you can go to about:config and set xpinstall.signature.required to false. This is obviously a major security issue, so only change this flag if you know what you’re doing, and don’t forget to set it back to true once Mozilla fixes the issue.
GCC 9.1 is a major release containing substantial new functionality not available in GCC 9.x or previous GCC releases. In this release C++17 support is no longer marked experimental. The C++ front-end implements the full C++17 language (already previous GCC major version implemented that) and the C++ standard library support is almost complete. The C++ front-end and library also have numerous further C++2a draft features. GCC has a new front-end for the D language. GCC 9.1 has newly partial OpenMP 5.0 support and almost complete OpenACC 2.5 support.
With as quickly as Fuchsia is being developed, this may not be relevant for too long, but I hope that it can help at least a few people for the time being. Horus125 and I have been working on this for the past couple days or so and we’re glad we finally got it working and are happy to share our process. We still have no idea what Google intends to do with Fuchsia, but at least we can run in the Android Emulator.
You can already use your Google Account to access simple on/off controls for Location History and Web & App Activity, and if you choose—to delete all or part of that data manually. In addition to these options, we’re announcing auto-delete controls that make it even easier to manage your data. Choose a time limit for how long you want your activity data to be saved—3 or 18 months—and any data older than that will be automatically deleted from your account on an ongoing basis. These controls are coming first to Location History and Web & App Activity and will roll out in the coming weeks. And now we have to assume that they will actually delete said data. Do we really have any way to check? Or due to a complete lack of oversight into the kind of data these companies store, can we only believe them on their blue eyes?
Submitted by