Thursday, June 23, 2016

Progress to TenFourFox 45: milestone 2 (plus: get your TALOS on or else, and Let's Engulf Comodo)

After a highly prolonged porting phase, TenFourFox 43 finally starts up, does browsery things and doesn't suck. Changesets are available on SourceForge for your amusement. I am not entirely happy with this release, though; our PowerPC JavaScript JIT required substantial revision, uncovering another bug which will be fixed in 38.10 (this one is an edge case but it's still wrong), and there is some glitch in libnestegg that keeps returning the audio sampling rate on many WebM videos as 0.000. I don't think this is an endian problem because some videos do play and I can't figure out if this is a legitimate bug or a compiler freakout, so right now there is a kludge to assume 22.050kHz when that happens. The video is otherwise parseable and that gets it to play, but I find this solution technically disgusting, so I'm going to ponder it some more in the meantime. We'll see if it persists in 45. On the other hand, we're also able to load the JavaScript Internationalization API now instead of using our compat shim, which should fix several bugs and add-on compatibility issues.

Anyway, the next step is to port 45 using the 43 sets, and that's what I'll be working on over the next several weeks. I'm aiming for the first beta in mid-July, so stay tuned.

For those of you who have been following the Talos POWER8 workstation project (the most powerful and open workstation-class Power Architecture system to date; more info here and here), my contacts inform me that the fish-or-cut-bait deadline is approaching where Raptor needs to determine if the project is financially viable with the interest level so far received. Do not deny me my chance to give them my money for the two machines I am budgeting (a kidneystone) for. Do not foresake me, O my audience. I will find thee and smite thee. Sign up, thou cowards, and make this project a reality. Let's get that Intel crap you don't actually control off thy desks. You can also check out using the Talos to run x86 applications through QEMU, making it the best of both worlds, as demonstrated by a video on their Talos pre-release page.

Last but not least, increasingly sketchy certificate authority and issuer Comodo, already somewhat of a pariah for previously dropping their shorts, has decided to go full scumbag and is trying to trademark "Let's Encrypt." Does that phrase seem familiar to you? It should, because "Let's Encrypt" is (and has been for some time) a Mozilla-sponsored free and automated certificate authority trying to get certificates in the hands of more people so that more websites can be protected by strong encryption. As their FAQ says, "Anyone who owns a domain name can use Let's Encrypt to obtain a trusted certificate at zero cost."

Methinks Comodo is hoping to lawyer Let's Encrypt out of existence because they believe a free certificate issuer will be a huge impact to their business model. Well, yes, that's probably true, which makes me wonder what would happen if Mozilla threatened to pull the Comodo CA root out of Firefox in response. Besides, based on this petulant and almost certainly specious legal action and their previous poor security history, the certificate authority pool could definitely use a little chlorine anyhow.

Saturday, June 4, 2016

38.9 available

TenFourFox 38.9 is available for testing (downloads, hashes, release notes). This includes the IonPower JavaScript JIT fix in issue 319 and relevant backported security patches from Firefox ESR 45.2 enumerated in issue 320. If you're a downstream builder hoping to use our backports to keep your own 38ESR fork alive, keep in mind I've only imported the security patches that are actually significant to us (for example, we run almost none of the OpenGL code, so OpenGL and WebGL patches are invariably irrelevant to TenFourFox and I hardly ever import them), so you should investigate all the other 45ESR security advisories as well to make sure they do not also apply to you.

Since I know Ric Ford from MacInTouch reads this blog for updates (hi Ric!), let me also be clear that 38.9 is an interim stopgap release only -- the plan is still to get TenFourFox to version 45, hopefully by 45.4. There will also likely be a 38.10 (security parity with official Firefox ESR 45.3) to allow 45 enough time to bake in beta and the localizers to catch up, but I'm determined to get us there ultimately with more information on my plans to come. 38.9 and 38.10 are TenFourFox-specific updates to Firefox 38ESR and do not correspond to any official version of Firefox.

38.9 will become live on Monday evening Pacific as usual, assuming no showstoppers.