ArsTechnica-OpenSource

Subscribe to ArsTechnica-OpenSource feed ArsTechnica-OpenSource
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 41 min 57 sec ago

Firefox takes a Quantum leap forward with new developer edition

Tue, 09/26/2017 - 11:50am

Enlarge (credit: Aurich / Getty)

Earlier this year we wrote about Project Quantum, Mozilla's work to modernize Firefox and rebuild it to handle the needs of the modern Web.

Today, that work takes a big step toward the mainstream with the release of the new Firefox 57 developer edition. The old Firefox developer edition was based on the alpha-quality Aurora channel, which was two versions ahead of the stable version. In April, Mozilla scrapped the Aurora channel, and the developer edition moved to being based on the beta channel. The developer edition is used by a few hundred thousand users each month and is for the most part identical to the beta, except it has a different theme by default—a dark theme instead of the normal light one—and changes a few default settings in ways that developers tend to prefer.

That theme is a good place to start. The new user interface, named Photon, brings with it square tabs and a much more conventional main menu. The current curvy tabs were met with outrage on their introduction in 2014, so the reversion to square tabs will, frankly, probably be met with outrage, but the look is clean and precise. There's also a new tab page that adds recommended stories to the usual list of your most-visited sites.

Read 12 remaining paragraphs | Comments

Biggest amateur-built sub sinks—owner is suspected of killing passenger

Fri, 08/11/2017 - 6:00pm

Enlarge / The UV3 Nautilus in early sea trials in 2008. (credit: Frumperino)

Believe it or not, there's a crowdsourced, open source non-profit attempting to build a sea-launched suborbital rocket. Called Copenhagen Suborbitals, it even had access to a sub. A club associated with the venture completed a submarine in 2008, designed by Peter Madsen, a Danish inventor who is co-founder of the group. That submarine is now at the bottom of the sea, and Madsen is being held by Danish authorities on suspicion of "unlawful killing"—a precursor charge to manslaughter or murder.

The UV3 Nautilus was the third and largest submarine effort by the club, costing $200,000 to construct. It served as a workhorse for Copenhagen Suborbitals, helping push the group's Sputnik rocket launch platform into position on a number of occasions. Nautilus is—or was—powered by two diesel engines above the surface and by batteries underwater. While it could hold a crew of four underwater, all of its controls could be managed by a single person from its control room.

By 2011, the sub needed an overhaul. But the repairs required more than Copenhagen Suborbitals could afford to sink into the Nautilus. So in 2013, the group launched an Indiegogo campaign to get it back in the water. In a video, Madsen described the sub and the inspiration behind it.

Read 7 remaining paragraphs | Comments

Salesforce “red team” members present tool at Defcon, get fired

Thu, 08/10/2017 - 2:31pm

Enlarge / Meatpistol was supposed to be released at DEFCON. But Salesforce pulled the plug—and fired two security employees for presenting about it. (credit: DEFCON/Schwartz and Cramb)

At Defcon in Las Vegas last month, word rapidly spread that two speakers—members of Salesforce's internal "red team"—had been fired by a senior executive from Salesforce "as they left the stage." Those two speakers, who presented under their Twitter handles, were Josh "FuzzyNop" Schwartz, Salesforce's director of offensive security, and John Cramb, a senior offensive security engineer.

Schwartz and Cramb were presenting the details of their tool, called Meatpistol. It's a "modular malware implant framework" similar in intent to the Metasploit toolkit used by many penetration testers, except that Meatpistol is not a library of common exploits, and it is not intended for penetration testing. The tool was anticipated to be released as open source at the time of the presentation, but Salesforce has held back the code.

"Meatpistol is a framework for red teams to create better implants," and an "offensive infrastructure automation tool," Schwartz and Cramb explained in their presentation. It is intended to automate the grunt work of deploying new malware attacks for multiple types of targets. Rather than testing for common vulnerabilities as penetration testers often do, the internal red team Schwartz led until last month had the job of constantly probing and attacking Salesforce's systems. It even stole data like real adversaries, operating with nearly unrestricted rules of engagement internally.

Read 7 remaining paragraphs | Comments

Adobe ending Flash support at the end of 2020

Tue, 07/25/2017 - 1:00pm

Enlarge (credit: Aurich / Thinkstock)

Back in 2012, Adobe recognized that Flash's end was near, with a five- to 10-year timeframe for its eventual phasing out. Today, the company got specific: Flash will be supported through to the end of 2020, after which the Flash player will cease to be developed and distributed.

In the early days of the Web, Flash served an essential role, offering graphical and interactive capabilities that simply had no equivalent in plain HTML and JavaScript. Since then, a raft of technologies—canvas for 2D graphics, WebGL for 3D graphics, HTML5's video and audio tags, JavaScript interfaces for microphones and webcams, among others—have piece by piece eliminated the need for Flash. With, most recently, support for DRM-protected video being incorporated into HTML5, the need for Flash is largely eliminated.

As such, Adobe, together with Apple, Facebook, Google, Microsoft, and Mozilla, has planned to end-of-life the browser plugin. The plugin will be fully supported and maintained until the end of 2020, with browsers such as Chrome and Edge continuing to embed and patch the plugin. Adobe also says that in "certain [unspecified] geographies" it will move to end the support and use of the plugin more aggressively, due to widespread use of outdated versions of the software.

Read 2 remaining paragraphs | Comments

Over many objections, W3C approves DRM for HTML5

Mon, 07/10/2017 - 1:45pm

(credit: Bart Maguire)

A system for providing DRM protection to Web-based content is now an official recommendation from W3C.

In 2013, the World Wide Web Consortium (W3C), the industry body that oversees the development of Web standards, took the controversial decision to develop a system for integrating DRM into browsers. The Encrypted Media Extensions (EME) would offer a way for content producers to encrypt and protect audio and video content from within their plugin-free HTML-and-JavaScript applications.

EME is not itself a DRM system. Rather, it is a specification that allows JavaScript applications to interact with DRM modules to handle things like encryption keys and decrypting the protected data. Microsoft, Google, and Adobe all have DRM modules that comply with the spec.

Read 7 remaining paragraphs | Comments