An anonymous reader quotes ZDNet: Rust has been voted the "most-loved" programming language by developers on Stack Overflow for four years in a row. But the Rust project now admits it has an adoption problem among developers and organizations. Rust's adoption issue surfaced in January's Stack Overflow's 2019 survey, which revealed that despite developers' positive feelings toward Rust, 97% of them hadn't actually used it.

Rust maintainers have now explored the adoption challenges in their latest annual survey of nearly 4,000 developers across the world...

Asked why developers have stopped using Rust, the most common response is that the respondent's company doesn't use it, suggesting an adoption issue. Other common reasons are the learning curve, a lack of necessary libraries, and a lack of integrated development environment (IDE) support. The top issues that respondents say the Rust project could do to improve adoption of the language are better training and documentation, followed by better libraries, IDE integration, and improved compile times... "Most indicated that Rust maturity — such as more libraries and complete learning resources and more mature production capabilities — would make Rust more appealing," the project noted....

"The results show the overriding problem hindering use of Rust is adoption. The learning curve continues to be a challenge — we appear to most need to improve our follow-through for intermediate users — but so are libraries and tooling."
The article also notes that Rust is popular with some developers at Microsoft, "who are experimenting with Rust to reduce memory-related bugs in Windows components written in C and C++."

Ghacks writes: Observant Firefox users on Windows who have updated the web browser to Firefox 75 may have noticed that the upgrade brought along with it a new scheduled tasks. The scheduled task is also added if Firefox 75 is installed on a Windows device. The task's name is Firefox Default Browser Agent and it is set to run once per day...
Mozilla says:

• "We're collecting information related to the system's current and previous default browser setting, as well as the operating system locale and version. This data cannot be associated with regular profile based telemetry data..."
• "We'll respect user configured telemetry opt-out settings by looking at the most recently used Firefox profile."
• "We'll respect custom Enterprise telemetry related policy settings if they exist. We'll also respect policy to specifically disable this task."

"Collecting telemetry is one way we're able to ensure we can understand default browser trends in a way that helps us improve Firefox. It's our hope that by better understanding more about our users and their choices around browser preferences, we can continue to build a better Firefox."

Long-time Slashdot reader AmiMoJo writes, "Opting out can be done via the Privacy & Security section of the preferences screen. You can view collected telemetry and view your current settings at about:telemetry."

Bleeping Computer also notes that by default, "For some time, Firefox has been collecting telemetry data about how you use the browser, such as the number of web pages you visit, safebrowsing information, the number of open tabs and windows, what add-ons are installed, and more. This telemetry data is kept for 13 months and IP addresses listed in server logs are deleted every 30 days.

"On my computer, Firefox has collected over 400KB of information."

An anonymous reader quotes a report from Motherboard: A global group of scientists and lawyers announced their efforts to make their intellectual property free for use by others working on coronavirus pandemic relief efforts -- and urged others to do the same -- as part of the "Open Covid Pledge." Mozilla, Creative Commons, and Intel are among the founding members of this effort; Intel contributed to the pledge by opening up its portfolio of over 72,000 patents, according to a press release. Participants are asked to publicly take the pledge by announcing it on their own websites and issuing a press release.

"Immediate action is required to halt the COVID-19 Pandemic and treat those it has affected," the pledge states. "It is a practical and moral imperative that every tool we have at our disposal be applied to develop and deploy technologies on a massive scale without impediment. We therefore pledge to make our intellectual property available free of charge for use in ending the COVID-19 pandemic and minimizing the impact of the disease." From there, people and companies are asked to adopt a license detailing the terms and conditions their intellectual property will be available; while pledgers are permitted to write their own license based on their needs, the organizers wrote "Open COVID License 1.0" as a template for immediate use, which grants usage rights to anyone working toward "minimizing the impact of the disease, including without limitation the diagnosis, prevention, containment, and treatment of the COVID-19 Pandemic." The license is effective until one year after the World Health Organization declares the pandemic to be over. Other participants include Berkeley and UCSF's Innovative Genomics Institute, Fabricatorz Foundation, and United Patents.

On Wednesday, Mozilla chair and longtime leader Mitchell Baker was named permanent CEO of the company that makes the Firefox web browser. From a report: Mitchell became interim CEO of Mozilla in December 2019, after former CEO Chris Beard resigned. The company conducted an external candidate search over the last eight months, and concluded the Mitchell is the right leader for Mozilla at this time, according to a company blog post published Wednesday. "Increasingly, numbers of people recognize that the internet needs attention," Baker said in another Mozilla blog post Wednesday. "Mozilla has a special, if not unique role to play here. It's time to tune our existing assets to meet the challenge. It's time to make use of Mozilla's ingenuity and unbelievable technical depth and understanding of the "web" platform to make new products and experiences. It's time to gather with others who want these things and work together to make them real."

An anonymous reader writes: Mozilla today launched Firefox 75 for Windows, Mac, and Linux. Firefox 75 includes a revamped address bar with significant search improvements, a few performance tweaks, and a handful of developer features. You can download Firefox 75 for desktop now from Firefox.com, and all existing users should be able to upgrade to it automatically. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider.

When the coronavirus crisis took hold, millions found themselves spending more time in their browsers as they learn and work from home. But the crisis is also impacting software developers. Google was forced to pause its Chrome releases, which typically arrive every six weeks. Ultimately, Chrome 81 was delayed, Chrome 82 is being skipped altogether, and Chrome 83 has been moved up a few weeks. Microsoft has followed suit with Edge's release schedule, consistent with Google's open source Chromium project, which both Chrome and Edge are based on. Mozilla wants to make clear it is not in the same boat. The company took an indirect jab at Google and Microsoft today, saying: "We've built empathy into our systems for handling difficult or unexpected circumstances. These strengths are what allow us to continue to make progress where some of our competitors have had to slow down or stop work."

Long-time Slashdot reader AmiMoJo quotes Softpedia: It was probably just a matter of time, but the thing so many people, including everyone at Microsoft, expected finally happened: Microsoft Edge surpassed Mozilla Firefox to become the world's second most-used desktop browser. Data provided by market analysis firm NetMarketShare reveals that the whole thing happened in March, when the adoption of the Chromium-powered Microsoft Edge improved to a level that allowed it to overtake Mozilla's own browser.

So right now, Microsoft Edge is the second most-used desktop browser on the planet with a share of 7.59%, while Mozilla Firefox is now third with 7.19%.

As for who's leading the pack, Google Chrome continues to be number one with a share of 68.50%.

EU justice chief Vera Jourova on Thursday criticised U.S. tech giants such as Google and Facebook for making money off coronavirus-related fake news instead of putting in more efforts to stop the deluge. From a report: With millions of people confined to their homes due to lockdowns to counter the spread of the virus, social media and online platforms have seen the volume of news on their sites and user traffic soared. That has in turn sparked alarm and criticism because of the flood of disinformation. Jourova, who last week held a conference call with Facebook, Twitter, Google, Microsoft and Mozilla, said their efforts to date were inadequate. The companies last week told Jourova that they had removed large quantities of false and harmful content, the bulk of which related to health, and taken measures to remove ads related to protective equipment, such as masks, although there were still gaps. They also pledged to step up measures to increase users' access to authoritative sources of information.

Mozilla and Scroll have made an earlier-announced partnership slightly more official today with the wider release of a browser extension called "Firefox Better Web." It's part of Firefox's ongoing effort to combat tracking on the web, but with the small twist that it includes the option to sign up for Scroll. The Verge reports: Scroll, if you don't recall, is the $5-a-month service that stops ads from loading on certain websites. It's not technically an ad blocker, but rather lets publishers know they shouldn't serve them in the first place when you visit. For a limited time, the subscription will cost $2.50 per month for the first six months. The Mozilla partnership essentially builds Scroll into a package of tools that Mozilla offers as a test pilot. The idea is to see how far Firefox can go blocking trackers and other malfeasance (short of full ad blocking) without fully breaking the web or de-funding publishers.

The extension includes Scroll and also a "customized Enhanced Tracking Protection setting that will block third-party trackers, fingerprinters, and cryptominers," according to Mozilla. It will work across different desktop browsers, but of course it is designed primarily to be used with Firefox. The deal with Mozilla should get Scroll a much larger userbase, but neither company would disclose any financial terms. Scroll takes a 30 percent cut of your subscription fee and pays the rest out to its partner publishers based on your web browsing habits. It tracks those habits automatically, and the company tells me that it will soon offer users tools to delete their data -- on top of a pledge to never sell that data. Scroll also pledges to make it easier for small publishers to sign up through an automated system soon.

Firefox, the global web browser from Mozilla, is launching a new subscription product Tuesday called the "Firefox Better Web initiative," and it will feature former Chartbeat CEO Tony Haile's new product Scroll as a launch partner. From a report: It's uncommon for a web browser to launch a product that's explicitly tied to paying out publishers. Scroll's business is all about paying publishers for their content while giving users a better ad experience. The test pilot for the product, which is a subscription to a privacy-first Firefox extension, will only be available in the U.S. The money from a membership ($4.99 monthly, $2,99 for first six months) goes directly to fund publishers and writers.

Mozilla has announced plans to remove support for the FTP protocol from Firefox. Going forward, users won't be able to download files via the FTP protocol and view the content of FTP links/folders inside the Firefox browser. From a report: "We're doing this for security reasons," said Michal Novotny, a software engineer at the Mozilla Corporation, the company behind the Firefox browser. "FTP is an insecure protocol and there are no reasons to prefer it over HTTPS for downloading resources," he said. "Also, a part of the FTP code is very old, unsafe and hard to maintain and we found a lot of security bugs in it in the past." Novotny says Mozilla plans to disable support for the FTP protocol with the release of Firefox 77, scheduled for release in June this year.

Tim Anderson reporting via The Register: The first thing users will see after updating to Mozilla's latest browser, Firefox 74, is a prompt to install the Facebook Container add-on. The Facebook Container add-on is not new, but has been enhanced in its latest version, 2.1.0, with the ability to add custom sites to the container so that you can "login with Facebook wherever you need to." The purpose of the Facebook Container is to let you continue to use Facebook but without having the social network site track your browsing elsewhere. "Installing this extension closes your Facebook tabs, deletes your Facebook cookies, and logs you out of Facebook," say the docs.

When you visit Facebook and log in, the cookies it plants are isolated to the container. This prevents Facebook Like buttons and embedded comments from working on other sites. There is also an issue with sites that require or offer a Facebook login, which you can now overcome by adding those sites to the container. Sites are added by clicking a fence icon and selecting "Allow site in Facebook container." The effect is like having two web browsers, one in which you are logged into Facebook and subject to potential tracking on any site which has Facebook content, and another where Facebook has no knowledge of you.

Mozilla today launched Firefox 74 for Windows, Mac, and Linux. Firefox 74 includes stricter rules for add-ons, TLS 1.0 and TLS 1.1 disabled by default, and a handful of developer features.

"New academic research published last month looked at the phone-home [telemetry] features of six of today's most popular browsers and found that the Brave browser sent the smallest amount of data about its users back to the browser maker's servers," reports ZDNet: The research, conducted by Douglas J. Leith, a professor at Trinity College at the University of Dublin, looked at Google Chrome, Mozilla Firefox, Apple Safari, Brave, Microsoft Edge (the new Chromium-based version), and the Yandex Browser.

"In the first (most private) group lies Brave, in the second Chrome, Firefox, and Safari, and in the third (least private) group lie Edge and Yandex...." [T]he professor found evidence that Chrome, Firefox, and Safari all tagged telemetry data with identifiers that were linked to each browser instance. These identifiers allowed Google, Mozilla, and Apple to track users across browser restarts, but also across browser reinstalls...

[T]he most intrusive phoning-home features were found in the new version of Microsoft Edge and the official Yandex Browser. According to Prof. Leith, both used unique identifiers that were linked to the device's hardware, rather than the browser installation. Tracking users by hardware allows Microsoft and Yandex to follow users across installations and potentially link browser installs with other apps and online identities. The professor said that Edge collected the hardware UUID of the user's computer, an identifier that cannot be easily changed or deleted without altering a computer's hardware. Similarly, Prof. Leith also found that Yandex transmitted a hash of the hardware serial number and MAC address to its backend servers.

"As far as we can tell this behaviour [in Edge and Yandex] cannot be disabled by users," the professor said.
The article also points out that Brave was the only browser that didn't use search autocomplete functionality to collect and send back information on a user's visited web pages. (Even though this can be disabled in Firefox, Chrome, and Safari, it's on by default.)

But Edge and Yandex "also sent back information about visited web pages that did not appear to be related to the search autocomplete feature, suggesting the browsers had other ways to track users' browsing habits."

rufey writes: The free SSL certificate provider Let's Encrypt is going to revoke 2.6% of the SSL certs issued by them that are currently active, due to a bug in boulder, the Certificate Authority Authorization (CAA) software Let's Encrypt uses. Ars Technica reports: "Let's Encrypt uses Certificate Authority software called Boulder. Typically, a Web server that services many separate domain names and uses Let's Encrypt to secure them receives a single LE certificate that covers all domain names used by the server rather than a separate cert for each individual domain. The bug LE discovered is that, rather than checking each domain name separately for valid CAA records authorizing that domain to be renewed by that server, Boulder would check a single one of the domains on that server n times (where n is the number of LE-serviced domains on that server). Let's Encrypt typically considers domain validation results good for 30 days from the time of validation -- but CAA records specifically must be checked no more than eight hours prior to certificate issuance. The upshot is that a 30-day window is presented in which certificates might be issued to a particular Web server by Let's Encrypt despite the presence of CAA records in DNS that would prohibit that issuance.

Since Let's Encrypt finds itself in the unenviable position of possibly having issued certificates that it should not have, it is revoking all current certificates that might not have had proper CAA record checking on Wednesday, March 4. Users whose certificates are scheduled to be revoked will need to manually force-renewal before then. If an admin does not perform this manual renewal step, browsers reaching their websites will show TLS security warnings due to the revoked certificates. Let's Encrypt certificates are issued for 90-day intervals, and Certbot automatically renews them only when 30 days or less are left on the cert -- so this could mean roughly two months of browser errors if the manual forced renewal isn't performed."

The CAB Forum, which oversees the public CAA space, has a ticket for this specific issue. According to a community post on Let's Encrypt's website, 3,048,289 of the ~116 million overall active Let's Encrypt certificates are affected.

J. Fergus, writing for Input: Someone finally did it. We can now follow who we want on our own terms and get that information chronologically. Fraidycat is an app and browser extension that allows just that. Though it launched in November 2019, Fraidycat recently got a massive update, widening its compatibility and adding a dark mode. The open-source tool, brought to you by Kicks Condor, is available for Linux, Mac, and Windows in addition to Mozilla Firefox and Chrome as an extension. Fraidycat definitely pulls from RSS feeds more easily, but it also works on Twitter, Instagram, and SoundCloud. You drop the link to the account you'd like to follow -- from Medium bloggers to Twitch streamers to vision board Pinterest-ers -- and set how frequently you'd like to see their posts. Label it, hit save, and posts will appear as often as you'd like. The recent update notably folds Kickstarter into the mix and collapses Twitter threads for readability.

Mozilla will add a new security sandbox system to Firefox on Linux and Firefox on Mac. The new technology, named RLBox, works by separating third-party libraries from an app's native code. From a report: This process is called "sandboxing," and is a widely used technique that can prevent malicious code from escaping from within an app and executing at the OS level. RLBox is an innovative project because it takes sandboxing to the next level. Instead of isolating the app from the underlying operating system, RLBox separates an app's internal components -- namely its third-party libraries -- from the app's core engine. This technique prevents bugs and exploits found inside a third-party library from impacting another project that uses the same library.

Mozilla will bring its new DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks, the browser maker has confirmed. From a report: It follows a year-long effort to test the new security feature, which aims to make browsing the web more secure and private. Whenever you visit a website -- even if it's HTTPS enabled -- the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS, or DoH, encrypts the request so that it can't be intercepted or hijacked in order to send a user to a malicious site. These unencrypted DNS queries can also be used to snoop on which websites a user visits. DoH works at the app-level, and is baked into Firefox. The feature relies on sending DNS queries to third-party providers -- such as Cloudflare and NextDNS -- both of which will have their DoH offering baked into Firefox and will process DoH queries.

"Earlier this week, the FCC successfully defeated Mozilla's attempt to undo the commission's repeal of net neutrality," reports Engadget.

"But, while siding with the body, judges have asked the FCC to determine if repealing the law to prevent a multi-speed internet has had any negative consequences." That includes checking if net neutrality repeal has harmed public safety, reduced spending in infrastructure or hampered the Lifeline program. Consequently, the FCC will launch a period where the public and interested parties can share their views on the process. This is not an opportunity to re-litigate net neutrality repeal, but it is an opportunity to examine if the FCC acted properly and with regard to its broader obligations. The court, for instance, has directed the body to see if repeal has harmed public safety and reduced investment in critical infrastructure...

The Register claims that the FCC is behaving churlishly, burying its request for comment in a wordy title that does not reflect its true intentions. But FCC Commissioner Jessica Rosenworcel published a statement asking people to "make some noise" and write in. Rosenworcel says that the FCC's decision to repeal net neutrality was on the "wrong side of history" and that the public should demand an "open internet."

Those wishing to make a comment can do so on the FCC's Electronic Filing System, entering 17-108 (Restoring Internet Freedom) in the proceedings box. The deadline for comments is March 30th.

America's Justice Department "has filed a brief in support of Oracle in its Supreme Court battle against Google over whether Java should have copyright protection," reports ZDNet: The Justice Department filed its amicus brief to the Supreme Court this week, joining a mighty list of briefs from major tech companies and industry luminaries — including Scott McNealy, co-founder of Sun, which Oracle bought in 2010, acquiring Sun-built Java in the process. While Microsoft, IBM and others have backed Google's arguments in the decade-long battle, McNealy, like the Justice Department, is opposing Google. McNealy called Google's description of how it uses Java packages a "woeful mischaracterization of the artful design of the Java packages" and "an insult to the hard-working developers at Sun who made Java such a success...."

Joe Tucci, former CEO of now Dell-owned enterprise storage giant EMC, threw in his two cents against Google. "Accepting Google's invitation to upend that system by eliminating copyright protection for creative and original computer software code would not make the system better — it would instead have sweeping and harmful effects throughout the software industry," Tucci's brief reads.
Oracle is also questioning the motives of Google's allies, reports The Verge: After filing a Supreme Court statement last week, Oracle VP Ken Glueck posted a statement over the weekend assailing the motives of Microsoft, IBM, and the CCIA industry group, all of which have publicly supported Google. Glueck's post comes shortly after two groups — an interdisciplinary panel of academics and the American Conservative Union Foundation — submitted legal briefs supporting Oracle. Both groups argued that Google should be liable for copying code from the Java language for the Android operating system. The ACUF argued that protecting Oracle's code "is fundamental to a well-ordered system of private property rights and indeed the rule of law itself...."

Earlier this year, Google garnered around two dozen briefs supporting its position. But Oracle claims that in reality, "Google appears to be virtually alone — at least among the technology community." Glueck says Google's most prominent backers had ulterior motives or "parochial agendas"; either they were working closely with Google, or they had their own designs on Java...

Even if you accept Oracle's arguments wholeheartedly, there's a long list of other Google backers from the tech community. Advocacy groups like the Electronic Frontier Foundation and the Center for Democracy and Technology signed on to amicus briefs last month, as did several prominent tech pioneers, including Linux creator Linus Torvalds and Apple cofounder Steve Wozniak. The CCIA brief was signed by the Internet Association, a trade group representing many of the biggest companies in Silicon Valley. Patreon, Reddit, Etsy, the Mozilla Corporation, and other midsized tech companies also backed a brief raising "fundamental concerns" about Oracle's assertions.

Mozilla has a new virtual private network service and if you have a Chromebook, a Windows 10 computer or an Android device in the US, you can start using a beta version now. From a report: Called Firefox Private Network, the new service is designed to function as a full-device VPN and give better protection when surfing the web or when using public Wi-Fi networks. The company offers two options: a free browser-extension version, which it launched in beta last year, that provides 12 one-hour VPN passes when using the Firefox browser and a Firefox account; and a second, $4.99-a-month option that provides a more complete VPN service across your whole device. The new paid option, which runs off of servers provided by Swedish open-source VPN company Mullvad, can protect up to five devices with one account. It allows for faster browsing and streaming, and gives you the ability to tap into servers located in "30-plus countries" for masking your location data.