Firefox Aurora debuts, Mozilla's 'dev' channel

Somewhere between a nightly and a beta lies Firefox Aurora, Mozilla's first public browser under its new publishing schedule. Announced yesterday, Firefox Aurora for Windows (download), Mac (download), and Linux (download), is most analogous to the intent behind the Google Chrome developer's channel : to provide a place where users who don't mind browser instability can test out new features, and contribute feedback to the developers.

Mozilla is now running all four of the browser builds that it mentioned in this blog post: Minefield, or the nightly test builds; the new Aurora; the beta build, which users who downloaded the Firefox 4 betas are still using despite there not being an official beta release at this time; and the Firefox final release, which is the stable version most Firefox users have.
Currently, Mozilla Firefox Aurora 5.0a2 doesn't appear to offer anything different from Minefield or the stable release, but that will change as Mozilla pursues a release schedule similar to Google Chrome's six-week release cycle.

If you do notice anything different between the current Aurora and stable builds, let me know in the comments below.

Source: http://download.cnet.com/

Intel: USB 3.0 in 2012 with 'Thunderbolt'

Intel went on the record today saying that its silicon will support USB 3.0 in 2012 and urged developers to target both USB and its new "Thunderbolt" technology.

"Intel is going to support USB 3.0 in the 2012 client platform. We're going to support Thunderbolt capability. We believe they're complementary," said Kirk Skaugen, a vice president at the Intel Architecture Group, speaking at Intel's developer conference in Beijing today. The event was streamed over the Web.

The "2012 client platform" that Skaugen referred to is known more commonly by the code name "Ivy Bridge," which is the family of chips that will follow the "Sandy Bridge" processors shipping in PCs today.
USB is one of the most widely used connection technologies in the world, found on everything from PCs to tablets to smartphones. Intel laid the groundwork for widespread adoption in spring 2002 when it put the technology in its silicon. When Intel includes USB 3.0--which is about 10 times faster than current USB technology--in Ivy Bridge silicon in 2012 that will mark 10 years since the chipmaker upgraded its chips to the newest USB tech.

Today, Intel has support for USB 3.0 only in select desktop motherboards. And those boards don't use an Intel chip but a separate part from NEC to implement USB 3.0.

On other hand, Intel's 2012 Ivy Bridge technology will put USB 3.0 directly into the Intel chips--referred to as chipsets--that accompany the main Ivy Bridge processor, making USB 3.0 available universally across all types of computing devices, including laptops. Not unlike what Intel did back in 2002.

And with Advanced Micro Devices also on board, USB 3.0 appears on track for industry-wide adoption--finally. AMD said yesterday that the chipsets that come with its Fusion processors will support USB 3.0.
But USB 3.0 is only half of the connection story for Intel. Skaugen was careful to point out that developers of peripheral devices like printers, scanners, and cameras should target both USB 3.0 and Thunderbolt--the latter a new connection technology that combines high-speed data transfer and high-definition video on a single cable and runs at a peak speed of 10 gigabits per second. Apple uses Thunderbolt connectors on its MacBook Pro laptops.

"We encourage all of you working on peripherals around the PC to engage on both USB 3.0 and Thunderbolt," Skaugen said.


Source: http://news.cnet.com/

Android Is Destroying Everyone, Especially RIM -- iPhone Dead In Water

Google's Android OS has gained an astonishing 7 points of market share in the US smartphone market in the past three months, Comscore says.


RIM's market share over the same period collapsed, dropping almost 5 points.
Apple's iPhone share increased slightly, but is dead in the water and has now fallen way behind Android (in smartphones).(If you include iPod touches in the calculation, Apple's share has actually fallen).


Android now has a third of the US market (33%). RIM's share has plummeted to 29%. Apple is holding at 25%.
In the "also ran" category, Microsoft's Windows Phone 7 did nothing to stop its decline, which fell from 9% to 7.7%. And Palm, which is barely worth mentioning anymore, fell another point to 2.8%.


Why do the Android gains matter? Are Apple bulls right that Apple has an insurmountable hold on the "premium" segment of the market and that it doesn't matter who has the other 75%?
The Android gains matter because technology platform markets tend to standardize around a single dominant platform (see Windows in PCs, Facebook in social, Google in search). And the more dominant the platform becomes, the more valuable it becomes and the harder it becomes to dislodge. The network effect kicks in, and developers building products designed to work with the platform devote more and more of their energy to the platform. The reward for building and working with other platforms, meanwhile, drops, and gradually developers stop developing for them.


Importantly, it's not a question of which platform is "better." (This is irrelevant.) It's a question of which platform everyone else uses.  And increasingly, in the smartphone market, barring a radical change in trend, that's Android.
So that's why Android's gains matter. And, yes, Apple fans should be scared to death about them.


Apple is fighting a very similar war to the one it fought--and lost--in the 1990s. It is trying to build the best integrated products, hardware and software, and maintain complete control over the ecosystem around them. This end-to-end control makes it easier for Apple to build products that are "better," but it makes it much harder for the company to compete against a software platform that is standard across many hardware manufacturers (Windows in the 1990s, Android now).
As we explain here, two important things are different about the current Android - iPhone battle than the Mac - Windows war in the 1990s. First, Apple is maintaining price parity (or better) with the leading Android phones. (Macs always cost more than PCs). Second, Android is still a fragmented platform, which significantly reduces the benefits of "interoperability" across multiple manufacturers.


Google is working to fix the second problem, though--enacting much tighter rules about how Android can be used. And if the platform is to become dominant and ubiquitous, it will likely continue to tighten these rules.


And Apple's price parity certainly does not appear to have stopped the Android juggernaut.
The unit and platform numbers below, which show the change in market share from November to February, are not unit sales in the month. They are total usage stats, showing how the platform usage shifted over the period.


So these Android gains should scare the bejeezus out of Apple bulls -- and Apple itself. And Apple's decision to not release the iPhone 5 in June will likely exacerbate rather than slow this trend.




Source: http://www.businessinsider.com

Comodo hack may reshape browser security

 Major browser makers are beginning to revisit how they handle Web authentication after last month's breach that allowed a hacker to impersonate sites including Google.com, Yahoo.com, and Skype.com.
The efforts are designed to remedy flaws in the odd way Web security is currently handled. Currently, everyone from the Tunisian government to a wireless carrier in the United Arab Emirates that implanted spyware on customers' BlackBerry devices and scores of German colleges are trusted to issue digital certificates for the largest and most popular sites on the Internet.

Microsoft's manager for trustworthy computing, Bruce Cowper, told CNET that the company is "investigating mechanisms to help better secure" certificate authorities, which issue trusted digital certificates used to encrypt Web browsing, against this type of attack.
On Friday, Ben Laurie, a member of Google's security team, said the Mountain View, Calif., company is "thinking" about ways to upgrade Chrome to highlight possibly fraudulent certificates that "should be treated with suspicion."
If the technology were widely adopted and glued into major browsers, that would have made last month's Comodo breach a non-event. The Jersey City, N.J.-based company announced on March 23 that an intruder it traced to Iran compromised a reseller's network and obtained fraudulent certificates for major Web sites including ones operated by Google and Microsoft. The FBI is investigating.
Comodo alerted Web browser makers, which immediately scrambled to devise ways to revoke the fraudulent certificates. There's no evidence the certificates were misused.
Peter Eckersley, a senior staff technologist at the Electronic Frontier Foundation who has compiled a database of public Web certificates, says one way to improve security is to allow each Web site to announce what certificate provider it's using.
Each browser trusts as many as 321 certificate authorities equally, a security nightmare that allows any of them to publish fake certificates for, say, Google.com. It's as if hundreds of superintendents in New York City had the master keys to every unit in every apartment building--as opposed to the normal practice of one master key per each superintendent.
Eckersley says browsers should be developing "a way for each domain name holder to persistently specify its own private certificate authority if it wishes to." Once that is established, "mistakes at any one of thousands of other organizations would no longer give hackers a magic key to your systems," he says.
Securing domain names with a technology called DNSSEC will also play a "large" role, he says. Other long-term technical fixes that have been proposed have names like DANE, HASTLS, CAA (Comodo's Philip Hallam-Baker is a co-author), and Monkeysphere.
Comodo's revelations have highlighted the flaws of the current system. There is no automated process to revoke fraudulent certificates. There is no public list of certificates that companies like Comodo have issued, or even which of its resellers or partners have been given a duplicate set of the master keys. There are no mechanisms to prevent fraudulent certificates for Yahoo Mail or Gmail from being issued by compromised companies, or repressive regimes bent on surveillance, some of which have their own certificate authorities.
The Internet death penalty
Another option would invoke the Internet death penalty: revoking Comodo's status as a trusted source of digital certificates. Each major browser has a different list of which certificate authorities are trusted, and Comodo appears on all of them. (See related CNET article and spreadsheet.)
Mozilla says in a Web page that it is "interested in more detailed impact assessments" of how the death penalty applied to Comodo--an unprecedented punishment--would work in practice.
Cowper declined to provide details about whether a similar step is being considered for Internet Explorer: "Microsoft will not discuss any decision about Comodo's membership in the Windows Root Certificate Program." He added: "Microsoft is in ongoing discussions with Comodo regarding this incident. After completing this review and evaluating the appropriate mitigation steps, Microsoft will ensure that Comodo and other (certificate authorities) comply with any updated program requirements."
Microsoft already requires that certificate authorities submit "complete a qualified audit and submit the audit report" every 12 months. So does Mozilla.
Google's Chrome browser relies on the list of trusted certificates compiled by Microsoft and, under OS X, Apple. "We haven't deviated from the default lists, nor do we have current plans to," a Google spokesman says. Apple did not respond to a request for comment.
Melih Abdulhayoglu, Comodo's founder and chief executive, says that security has been tightened as a result of the breach in an Italian partner's network.
"There is no 100 percent security," Abdulhayoglu added. He said that "any large" issuer of digital certificates is susceptible to concerted attacks. "VeriSign and Comodo, we've both had issues."
Norway-based Opera Software, maker of the eponymous Web browser, is considering a "move towards stricter requirements regarding having revocation information available before allowing a secure connection to complete."
Opera's Yngve Pettersen wrote in a blog post last Thursday that such a requirement would make it easier to revoke certificates that were issued fraudulently.


Source: http://news.cnet.com/