Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Wednesday November 18 2020, @10:14PM   Printer-friendly
from the moving-forward dept.

Firefox 83 Released With Warp'ed JavaScript, HTTPS-Only Mode Option

Most notable with Firefox 83 is the SpiderMonkey "Warp" upgrade aiming to deliver better website responsiveness and other real-world JavaScript performance improvements. Mozilla describes the Warp benefits as "improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%. We have replaced part of the JavaScript engine that helps to compile and display websites for you, improving security and maintainability of the engine at the same time."

Firefox 83 also ships with an option for an HTTPS-only mode whereby every Firefox connection aims to be secure and will warn the user should HTTPS not be supported.

Mozilla Punts Servo Web Engine Development To The Linux Foundation

Ever since the mass layoffs at Mozilla earlier this year and some Mozilla projects in jeopardy many have been wondering: what about Servo? Well, today it's heading off to the Linux Foundation.

Mozilla and the Linux Foundation are jointly announcing this morning that the Servo web engine development will now be hosted by the Linux Foundation.

The Rust-written code-base that's served as a long in development "next-gen" web engine at Mozilla will now be developed under the Linux Foundation umbrella. Besides Mozilla, this move has the support of other industry stakeholders like Samsung and Let's Encrypt.

See also: Firefox 84 Beta Begins Enabling WebRender By Default On Linux
Chrome 87 Released With More Performance Improvements
Google Is Already Experimenting With WebP2 As Successor To WebP Image Format

Previously: Mozilla Lays Off 250, Including Entire Threat Management Team
Following Layoffs, Mozilla and Core Rust Developers Are Forming a Rust Foundation


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by SomeGuy on Wednesday November 18 2020, @10:41PM (12 children)

    by SomeGuy (5632) on Wednesday November 18 2020, @10:41PM (#1078989)

    Firefox 83 also ships with an option for an HTTPS-only mode

    This should not be a thing.

    An HTTPS only internet (it will no longer be The Web) is something that only Nazis with a certificate sales hard-on wants.

    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 4, Interesting) by takyon on Wednesday November 18 2020, @10:47PM (8 children)

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Wednesday November 18 2020, @10:47PM (#1078995) Journal

    Don't self-signed certificates and the Let's Encrypt CA avert that?

    Also, if The Web gets too bad (and it is kinda bad), you will be voluntarily relocated to the Dark One.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
    • (Score: 0) by Anonymous Coward on Wednesday November 18 2020, @11:08PM (2 children)

      by Anonymous Coward on Wednesday November 18 2020, @11:08PM (#1079005)

      setting aside all the possible shenenigans that identification of sites and encrypting coms with those sites might allow i think the big news is that the behemoth and show-case of closed source has totally and utterly lost the internet wars: open-source_code browsers and webservers are now probably 100% market share. so there's reason to hope and forks are available at the buffet ^_^

      • (Score: 3, Insightful) by Anonymous Coward on Thursday November 19 2020, @12:02AM (1 child)

        by Anonymous Coward on Thursday November 19 2020, @12:02AM (#1079020)

        Too-big-to-audit replaced closed source. How many people with the knowledge and skills to really understand the code aren't already on Google's payroll? How many have the time? Qt/GTK ports of spend all of their time playing catch-up with upstream...

        • (Score: 0) by Anonymous Coward on Thursday November 19 2020, @12:36AM

          by Anonymous Coward on Thursday November 19 2020, @12:36AM (#1079029)

          True, but with access to the source code people can dig and find the source of various problems. So it would be difficult to audit the entire codebase reliably, but if some nefarious behavior is noticed then it isn't as difficult to find the cause.

    • (Score: 4, Insightful) by unauthorized on Wednesday November 18 2020, @11:53PM (1 child)

      by unauthorized (3776) on Wednesday November 18 2020, @11:53PM (#1079018)

      All mainstream browsers will cry bloody murder at self-signed certificates. Let's Encrypt is a gatekeeper even if it's a free one.

      • (Score: 3, Insightful) by Anonymous Coward on Thursday November 19 2020, @12:05AM

        by Anonymous Coward on Thursday November 19 2020, @12:05AM (#1079022)

        "Let's Encrypt is a gatekeeper even if it's a free one."

        The first one is ALWAYS free.

    • (Score: 5, Informative) by Pino P on Thursday November 19 2020, @03:51AM (2 children)

      by Pino P (4721) on Thursday November 19 2020, @03:51AM (#1079071) Journal

      Self-signed certificates cause the browser to present a scary interstitial notice and are not compatible [stackoverflow.com] with JavaScript APIs restricted to secure contexts [pineight.com].

      To use Let's Encrypt, a server must first have a fully-qualified domain name (FQDN). In particular, mDNS names ending in .local are ineligible. This means good luck using HTTPS with the router, printer, NAS, or other "Internet of things" devices on your home LAN.

      Yes, I'm aware of the Plex workaround [filippo.io]. The publisher of Plex media streaming software operates a dynamic DNS service and acts as a DigiCert reseller for its subscribers. Nowadays, the dynamic DNS service alone would be enough, provided that the provider is on the Public Suffix List so as not to trip the 20 certificate per week limit that Let's Encrypt applies to each registrable domain name. I just see it as something that the manufacturer of a networked appliance can deliberately cease providing the day a product's warranty expires, leading to more e-waste. And I doubt the Raspberry Pi Foundation is willing to offer this sort of dynamic DNS service for web-based configuration of server applications installed on a Raspberry Pi computer.

      How do you assign a FQDN to each networked device on your LAN?

      • (Score: 3, Informative) by darkfeline on Thursday November 19 2020, @04:40AM (1 child)

        by darkfeline (1030) on Thursday November 19 2020, @04:40AM (#1079085) Homepage

        Just make your own certificate authority and issue your own certs. Add your authority as trusted to your devices/applications. Simple. FreeNAS even has an out of the box UI for making certs.

        --
        Join the SDF Public Access UNIX System today!
        • (Score: 0) by Anonymous Coward on Thursday November 19 2020, @07:07PM

          by Anonymous Coward on Thursday November 19 2020, @07:07PM (#1079360)

          This. Openssl works like a charm at the CLI on Linux.

  • (Score: 2) by RamiK on Thursday November 19 2020, @12:16AM

    by RamiK (1813) on Thursday November 19 2020, @12:16AM (#1079024)

    Would you rather have ISPs keep collecting "metadata" on voters and sell it to partisan think-tanks that render it into targeted political advertising?

    --
    compiling...
  • (Score: 0) by Anonymous Coward on Thursday November 19 2020, @07:08AM (1 child)

    by Anonymous Coward on Thursday November 19 2020, @07:08AM (#1079111)

    Since when options should not be a thing?

    • (Score: 3, Insightful) by maxwell demon on Thursday November 19 2020, @02:19PM

      by maxwell demon (1608) on Thursday November 19 2020, @02:19PM (#1079184) Journal

      This is Mozilla we are talking about. If they add an option, chances are that soon that option will be set by default, and not much longer until the possibility to disable it will be removed. Well, unless the option is useful; in that case they'll probably remove the possibility of using that option at some time later, hurting all those who came to rely on its presence.

      --
      The Tao of math: The numbers you can count are not the real numbers.