Story 2015-08-24

Firefox aims to simplify cross-browser Extension development

by
in code on (#J940)
Mozilla has been rethinking its add-on architecture for browser extensions, and has just made an announcement that may have profound implications for developers and browser users everywhere:

"Mozilla today announced major changes to how Firefox will implement add-ons going forward. The most important of these is the adoption of a new extension API that will be largely compatible with the one currently in use by Blink-based browsers like Chrome and Opera. This so-called WebExtensions API will ensure that developers will only have to make a few small changes to their code for their add-on to run on Firefox.

http://techcrunch.com/2015/08/21/chrome-extensions-are-coming-to-firefox/
http://www.thetimesgazette.com/mozilla-on-track-to-modernize-firefox-add-on-systems-and-extension-leaves-developers-unhappy/6502/
https://wiki.mozilla.org/WebExtensions

"We would like add-on development to be more like Web development: the same code should run in multiple browsers according to behavior set by standards, with comprehensive documentation available from multiple vendors,"Mozilla's Kev Needham writes in today's announcement. "

Not everyone is happy about it. The developer of the popular DownThemAll browser extension has proclaimed this move to be the end of his extension, and potentially many others. He says,
Gone with DownThemAll! will be add-ons that e.g. let you change major bits about the Firefox user interface (e.g. tabs tree add-ons), add-ons that allow you to do more "advanced" stuff than just showing or slightly altering websites, such as e.g. restarting the browser upon click (unless mozilla kindly provides an API for that, which won't be compatible with Chrome, of course). Add-ons like NoScript will be severely limited in their feature set as well. Say byebye to Greasemonkey and hello to Tampermonkey, with it's limitations. Want that add-on that lets you change the new tab page for something else or enhances that page? Maybe it will be available, maybe not, depending on if and when mozilla kindly provides WebExtensions APIs for such things. And of course, depending on if there will be an author creating this entirely new add-on from scratch.

What this also means: Almost all your existing add-ons will be broken, entirely, save for some Add-on SDK add-ons, namely those that don't do anything fancy. Sure, even today, lots of add-ons break, and some add-ons will not get updated when they do and there are no suitable replacements. However, with this change, almost every add-on will be completely broken and in need of major updating by the extension authors. Good luck with that.

'Voodoo' Hackers: Stealing Secrets From Snowden's Favorite OS Is Easier Than You'd Think

by
Anonymous Coward
in security on (#J92P)
Tor has its advocates, and it's certainly our best chance at ensuring a modicum of privacy online. But it's got vulnerabilities of its own.

One attack vector is through secure BIOS systems that can be rooted and then have access to everything a computer does, regardless of operating system.
Kallenberg and Kovah have created a tool that automates the identification and exploitation of BIOS bugs, a number of which they will detail at CanSecWest. Using their own bespoke malware, they have repeatedly been able to gain access to System Management Mode (SMM), a part of the computer used by firmware that's entirely separate from other processes, but can read everything going through a machine's memory.

"Once the payload is delivered, we have an agent running in SMM," said Kallenberg during a demo session with FORBES. "The thing about SMM is that it runs independent of the operating system, the operating system has no visibility into system management mode, it's a protected region that can't be read or written by the OS - Tails can't read or write to it - but it has access to all of memory."
Check out the rest at 'Voodoo' Hackers: Stealing Secrets From Snowden's Favorite OS Is Easier Than You'd Think.

Monday Poll: why I love Pipedot

by
in ask on (#J92J)
Our Monday poll is essentially a blatant pitch by zafiro17 for site feedback. I personally bounce among several sites for my tech news but always find myself back at Pipedot, and that got me thinking about what I like about the site that keeps me coming back for more. In this Borda poll you'll find choices related to the subject matter and the community, but also a small subset of some of the technical innovations that make Pipedot unique. Rank your choices from 1 (the strongest reason I like the site) and continue downward, assigning 2 to your second strongest preference, and so on.

For a list of some of Pipedot's features, check out the Pipedot category of this site: there are possibly some you haven't discovered yet. If I've forgotten anything, tell us about it in the comments.