Mozilla Officially Unveils A Pre-Alpha Test Version Of Firefox For Android

Late last month, a number of sites noted that a very early build of Fennec, the mobile version of Firefox, was available to download for Android phones. However, that build wasn’t official as it was put together by an individual and optimized for the Droid device. Today, Mozilla has itself put out a pre-Alpha build of Fennec that should work at the very least on Droid and the Nexus One.

Mozilla is quick to note that this is a pre-Alpha build of the browser, and is only for testing purposes. But that isn’t stopping Mozilla’s Vladimir Vukićević from announcing it on his blog. “There also aren’t yet any automated nightly developer builds or automated updates to this build; it’s even more of a pre-nightly build (even earlier than pre-alpha).  But, it’s usable enough that we wanted to get some feedback on it as we continue to develop,” he notes.

To get this build, you can visit this link on your Android device. Or you can point your phone’s browser to: bit.ly/fennec-android. And yes, there’s a QR code on Vukićević’s blog post if you want to scan it, and download it that way. Whichever way you do it, you’ll need to make sure your settings allow you to install non-Market apps (go to Settings, Applications, and check “Unknown Sources”).

Some other warnings and notes to consider about the build from Vukićević:

* We’ve only really tested this on the Motorola Droid and the Nexus One.
* It will likely not eat your phone, but bugs might cause your phone to stop responding, requiring a reboot.
* Memory usage of this build isn’t great — in many ways it’s a debug build, and we haven’t really done a lot of optimization yet.  This could cause some problems with large pages, especially on low memory devices like the Droid.
* You’ll see the app exit and relaunch on first start, as well as on add-on installs; this is a quirk of our install process, and we’re working to get rid of it.
* You can’t open links from other apps using Fennec; we should have this for the next build.

He also notes that there’s an experimental version of Weave, Mozilla’s syncing tool that will work with this pre-Alpha build of Fennec. Visit this page and click on the “Experimental version” to find it.

Source: TechCrunch

Google Chrome logo

Have you ever wondered why people put http:// in front of website addresses? Well, without getting into the details, it actually an important part of how the web works.

In the latest Google Chrome dev build, when you go to a website, it simply removes the http:// from the front of website addresses — presumably because it cleans things up a bit.

I don’t think it makes much of a difference actually — considering I never even noticed what was happening until I read Zack Whittaker about the new “feature”. Simplicity is a good thing — but sometimes it’s easy to over-think things.

Personally, I believe Google should put the http:// back in — after learning what is happening, it gone makes the browser feel a bit inconsistent. For example, when you visit a website that is “secure” (https://), or view a directory on your computer (file:///C:/), the front part isn’t automatically removed — and probably shouldn’t be.

Source: ZDNet

IE logo

Google has clearly had enough with Internet Explorer 6.

As of March 1, Google will no longer support IE6 on its Google Docs and Google Sites services, it announced Friday. IE users will have to upgrade to at least version 7 if they want to use those products, as “many other companies have already stopped supporting older browsers like Internet Explorer 6.0 as well as browsers that are not supported by their own manufacturers,” the company said in a blog post.

A flaw in IE6 was exploited in the recent cyberattacks against Google and other U.S. companies, and Microsoft scrambled to patch the flaw in a rare out-of-cycle patch release earlier this month. Use of the browser–considered much weaker than more recent versions of IE within the security community–has been dropping with the release of Internet Explorer 8 but it is still being used by 13.5 percent of Web surfers, according to statistics from StatCounter.

Google set the baseline for other browsers at Firefox 3.0 or higher, Chrome 4.0 or higher, and Safari 3.0 or higher. “…you may find that from March 1, key functionality within these products–as well as new Docs and Sites features–won’t work properly in older browsers,” Google said.

Microsoft Learned of IE Zero-Day Flaw Last September

Microsoft was aware months ago of a critical security vulnerability well before hackers exploited it to breach Google, Adobe and other large U.S. companies but did not patch the hole until Thursday.

The software giant had intended to release a patch for the flaw in February — more than four months after learning about it — but had to speed up that plan and roll it out this week in the wake of news that Google and others had been hacked through the flaw, the world’s largest software maker acknowledged Thursday.

Meron Sellen, a security researcher at BugSec, an Israeli firm, quietly reported the vulnerability to Microsoft in September, according tosecurity firm Kaspersky.

Microsoft confirmed it learned of the so-called “zero-day” flaw months ago.

According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The flaw, which primarily affected IE6, allowed hackers to download malware to employee computers to gain access to intellectual property at Google, as well as information connected to Gmail users. It’s unknown what the hackers obtained from some 33 other companies — hi-tech, financial and defense — that were also targeted in the attack.

Although Microsoft recognized the severity of the flaw at the time Sellen reported it, the company held off releasing a patch so it could be included in a cumulative update for IE planned next month, the company said.

A zero-day flaw is a vulnerability for which there is currently no patch. It’s also a flaw that is generally unknown to the software vendor, which gives hackers who may be aware of the flaw a jump on developing malware to exploit it.

It’s unknown if other companies were breached through the flaw prior to the high-profile hacks disclosed last week. Most companies are unwilling to acknowledge a breach, let alone provide public details about how they were hacked.

Google disclosed last week it discovered in mid-December that it had been hacked in an attack originating from China, about three months after Microsoft learned of the vulnerability. Adobe followed Google, announcing it, too, was hacked. Security firm iDefense said it had information that at least 34 companies were breached in the coordinated attack.

On Thursday, meanwhile, Microsoft released a cumulative security update for Internet Explorer that fixes the flaw, as well as seven other security vulnerabilities that would allow an attacker to remotely execute code on a victim’s computer.

“Our investigation into this responsibly reported vulnerability began early September,” Jerry Bryant, senior security program manager for Microsoft, said in a statement. “As part of this investigation we began working on an update to help protect customers. We became aware of the recent attacks in mid-January and as part of our investigation determined the vulnerability being used in these attacks was similar to the one investigated in September.

Source: wired

uTorrent Logo

uTorrent – the preferred Bittorrent client for many BitTorrent users – has been doing really well in 2009. Contrary to reports claiming that BitTorrent and P2P usage has been declining, in the last year uTorrent nearly doubled its userbase to 52 million unique users a month.

Earlier this year several publications claimed that P2P and BitTorrent were dying because of the increased popularity of streaming sites. In reality, BitTorrent is about to close a record year in terms of traffic and usage.

The misleading reports all based their conclusions on data supplied by a network-management firm, which showed that of all Internet traffic, the percentage consumed by P2P has slowly declined. However, those who take a closer look at the data will find that in absolute traffic, P2P continued to grow, with bandwidth used by streaming just growing a little bit faster.

BitTorrent is by no means dying, nor is there a decline. Quite the opposite. All the major BitTorrent sites saw a significant increase in visitor numbers over the past months. TorrentFreak asked Simon Morris, BitTorrent’s VP of Product Management, if this growth is also reflected in the usage stats of uTorrent.

“Probably the emergence of things like Hulu and continued growth of Youtube make it seem like Bittorrent is not the only thing driving demand for consumer bandwidth. But we see no evidence whatever that BitTorrent clients are any less popular,” Morris told TorrentFreak.

Around this time last year uTorrent had 28 million unique users a month, and by November 2009 this figure had almost doubled to 52 million monthly users. And things have been going equally well for uTorrent’s little brother, BitTorrent Mainline.

“In addition to this, at the start of this year we saw almost 5 million monthly users of BitTorrent Mainline,” Morris said. “In November 2009 we saw over 10 million.”

These statistics show that despite the legal setbacks The Pirate Bay, Mininova and isoHunt have faced in court, the number of people who are using BitTorrent has continued to grow significantly. There is no indication that this growth will slow, let alone stop, in 2010.

The uTorrent development team also has some major improvements in the pipeline. Last week streaming support was added to the client, and in the coming year it will add file security features and the option for torrent site owners to promote their content within the client.

Source: TorrentFreak

Google Chrome is now available for computers running Linux and Mac OS X

The Chrome web browser – which has been available on PCs since September 2008 – is now available for computers running Apple‘s operating system, Mac OS X, and for the open-source platform, Linux.

Google said it originally launched Chrome to meet the changing needs of internet users, who were using the web for more powerful tasks, such as social networking, online banking and video-streaming. The search giant said it felt that browsers had not kept pace with this rapid development.

Chrome promises faster start-up and more stable web browsing than competitors by isolating browsers or applications that crash rather than allowing glitches to shut down the whole browser session.

The Windows version of the browser has more than 40 million users worldwide, and Chrome commands almost a four per cent share of the global browser market, behind Internet Explorer, Firefox and Apple’s own web browser, Safari.

“Chrome has come a long way since launch,” said Anders Sandholm, product manager for Google Chrome. “We’ve made even more speed and stability improvements, and it’s getting better all the time.

“Today’s launch is a big step: we wanted to bring Chrome to even more people to improve the way they experience the web.”

Technology fans reacted with delight at the news. “The wait is over!” wrote Erick Schonfeld, a blogger at technology website TechCrunch. “I’ve been holding off really using Chrome until now. But I’m ready for something faster and less crashy than Firefox”.

Source: telegraph.co.uk

Is Firefox Approaching 50% Market Share?

At least in one large region of the world, the answer is “yes”.

The folks at Gemius have been kind enough to aggregate their individual country data (e.g., www.en.ranking.pl/) into a single view across their entire sample – a sample totaling more than 60 Billion page views each month. For an overview of the various market share providers and their samples, please read here.

We’ll eventually look to expand the conversation around this data, but for now, we’ll highlight just one breathtaking view.  The chart below shows weekly browser market share data since the beginning of 2007 and it includes aggregated data from across nine countries – Czech Republic, Bulgaria, Estonia, Hungary, Lithuania, Latvia, Poland, Russia, and Ukraine.

Source: Blog of Metrics

Component Directory Lockdown – New in Firefox 3.6

We hate crashes. When Firefox crashes, we try to get you back on your feet as quickly as possible, but we’d much rather you not crash in the first place. In Firefox 3.6, we are changing the way that some third party software hooks into Firefox which should eliminate a good chunk of those crashes without sacrificing our extensibility in any way. In the process, we’ll also be giving you greater control over the code that runs in your browser.

Background

Firefox is built around the idea of extensibility – it’s part of our soul. Users can install extensions that modify the way their browser looks, the way it works, or the things it’s capable of doing. Our add-ons community is an amazing part of the Mozilla ecosystem, one we work hard to grow and improve.

In addition to the standard mechanism for extending the browser via add-ons and plugins, though, there has historically been another way to do it. Third-party applications installed on your machine would sometimes try extend Firefox by just adding their own code directly to the “components” directory, where much of Firefox’s own code is stored.

There are no special abilities that come from doing things this way, but there are some significant disadvantages.  For one thing, components installed in this way aren’t user-visible, meaning that users can’t manage them through the add-ons manager, or disable them if they’re encountering difficulties. What’s worse, components dropped blindly into Firefox in this way don’t carry version information with them, which means that when users upgrade Firefox and these components become incompatible, there’s no way to tell Firefox to disable them. This can lead to all kinds of unfortunate behaviour: lost functionality, performance woes, and outright crashing – often immediately on startup.

In Firefox 3.6 (including upcoming beta refreshes), we’re closing this door. Third party applications can still extend Firefox via add-ons and plugins the way they always could, but the components directory will be for Firefox only.

What Does This Mean For Me?

If you’re a Firefox user, this should be 100% positive. You don’t have to change anything, your regular add-ons should continue to work properly – you just might notice fewer crashes or odd bugs. If you do notice that something has stopped working, particularly a third party addition to Firefox, you might want to contact the producer of that addition to ensure they know about the change.

If you’re a Firefox component developer, this shouldn’t be a big change, either. If you’re already packaging your additions as an XPI, installed as an add-on it’s business as usual. If you have been dropping components directly, though, you’ll need to change to an XPI-based approach. Our migration document on the Mozilla Developer Connection outlines the changes you’ll need to make, and should be pretty straightforward. The good news is that once you’ve done this, your add-on will actually be visible to users and will support proper version information so that our shared users are guaranteed a more positive experience.

If you haven’t downloaded the new Firefox beta yet, and want to give it a spin, you can find a copy here.

Source: mozilla developer center

FireFox

Mozilla developers have blocked a Firefox plugin that was quietly pushed out by Microsoft, saying that it presents a security risk.

Microsoft shipped the Firefox add-on as part of a .Net software update last February, causing outrage among some Firefox users, who complained that the software was sneaked onto their systems without their knowledge or approval and was extremely difficult to remove.

On Tuesday, Microsoft warned that Firefox users who have not applied a recent Internet Explorer patch were vulnerable to a “browse-and-get-owned attack” because of a bug in the Microsoft .Net Framework Assistant add-on.

“All that is needed is for a user to be lured to a malicious website,” Microsoft said. Triggering this vulnerability involves the use of a malicious XBAP (XAML Browser Application).

The flaw is a nasty one, but users who have installed the MS09-054 IE update, released Tuesday are protected from this attack, “regardless of the attack vector,” Microsoft said.

To protect users who may not have installed Microsoft’s patch, Mozilla is automatically blocking two add-ons: the Microsoft .Net Framework Assistant and a related plugin called the Windows Presentation Foundation. The open-source browser started blocking the software late Friday night.

“Because of the difficulties some users have had entirely removing the add-on, and because of the severity of the risk it represents if not disabled, we contacted Microsoft today to indicate that we were looking to disable the extension and plugin for all users via our blocklisting mechanism,” wrote Mozilla Vice President of Engineering Mike Shaver in a blog posting. “Microsoft agreed with the plan, and we put the blocklist entry live immediately.”

Buggy plugins are a growing problem, as cyber criminals have increasingly leveraged flaws in products such as Adobe Flash Player and QuickTime to launch browser-based attacks. Earlier this week, Mozilla launched a Plugin Check site where Firefox users can see if their plugins are up-to-date.

Source: PCWorld

IE6 - time enough?

Microsoft is sticking to its guns over its continued support of the much maligned IE6, insisting that it ‘keeps its commitments’.

The debate over whether the internet should shun Internet Explorer 6, which still holds a significant proportion of internet traffic, has been raging for some time.

Microsoft has long held that it will not abandon users who are still on IE6, despite the pressure to force an upgrade to a more modern browser.

Dean Hachamovitch, on the official IE blog, insists that this stance simply will not change, despite the company’s desire that people move onto IE8.

“Dropping support for IE6 is not an option because we committed to supporting the IE included with Windows for the lifespan of the product.”

Commitments

“We keep our commitments. Many people expect what they originally got with their operating system to keep working whatever release cadence particular subsystems have.

“As engineers, we want people to upgrade to the latest version. We make it as easy as possible for them to upgrade.

“Ultimately, the choice to upgrade belongs to the person responsible for the PC.”

According to Microsoft’s own lifespan policy, support for all programs lasts for 10 years, meaning that it will continue to back IE6 until 2011.

Source: TechRadar