Outfoxed? Not if you read The Reg
In a hard-to-beat demo of the perils of software telemetry, Mozilla accidentally kicked legions of users offline last week by an update to its telemetry servers that triggered an existing bug in Firefox. Internally, Mozilla is calling the bug “foxstuck“.
Firefox periodically reports back some fairly innocuous info, including how long your session lasted, how many tabs and windows you had open, what extensions you have and so on. You can see a list by entering
about:telemetry in the address bar.
It’s all pretty harmless data. What isn’t harmless is if your browser goes TITSUPand stops you from accessing any website just because it can’t phone home – especially if other browsers still work fine.
Two different bug reports in Mozilla’s bug-tracking system – 1749910 and 1749957 – reveal the process of identifying and fixing the issue, and somewhat unusually, Mozilla publicly acknowledged the problem on Twitter.
Troubleshooting wasn’t helped because two different tweaks both bypassed the issue: disabling either telemetry or Firefox’s HTTP3 support both worked.
The telemetry server wasn’t directly to blame: the problem was isolated to an HTTP3 load-balancer in front of Mozilla’s servers. Cloudflare is a major backer of HTTP3, so if it wasn’t the Mozilla telemetry servers, something else behind one of their boxes would probably have triggered this bug instead.
- Linux Mint 20.3 appears – now with more Mozilla flavor: Why this distro switched Firefox defaults back to Google
- Google Chrome 97 relaxes privacy protection just a little to help out Microsoft
- Mozilla founder blasts browser maker for accepting ‘planet incinerating’ cryptocurrency donations
- It’s your Loki day: The Reg takes Elementary OS Jólnir for a quick test drive
- Google Chrome’s upcoming crackdown on ad-blockers and other extensions still really sucks, EFF laments
Although many people blamed Firefox auto-update for the problem, it wasn’t to blame. The issue has existed at least since the last ESR version, Firefox 91, and the problem also affected people running versions 94 and onwards.
Commenters on various forums have called for a fork of Firefox to remove telemetry support, which just demonstrates that they’re not Register readers. We pointed to precisely such a tool months ago. Waterfox users were totally unaffected. ®
Telemetry Inability Totally Silences URL Processing
Other stories you might like
Crypto.com acknowledges ‘unauthorized activity’ on servers, maintains no funds have been lost
Security biz PeckShield claims $15m in Ethereum taken
Crypto.com, a Singapore-based cryptocurrency exchange, has denied reports that the firm lost nearly $15m in Ethereum in a possible network intrusion over the weekend.
According to blockchain biz PeckShield, Crypto.com lost about $14.3m or 4,600 ETH, based on its analysis of public blockchain addresses. And the China-based security firm claims that about half of that is being washed through a service called TornadoCash, which offers anonymous transactions.
Crypto.com, which recently paid $700m to rename the Los Angeles Staples Center and saw a high-profile ad campaign disallowed in the UK for being misleading, acknowledged on Sunday that something curious happened and briefly suspended withdrawals.
Tonga takes to radio, satellite, motorboat comms to restore communications after massive volcano blast and tsunami
Next steps for island nation
Limited communication is being restored in Tonga through satellite, high-frequency radio and motorboat after a violent underwater volcano severed a fiber-optic cable connecting the remote island to the world.
The Hunga Tonga-Hunga Ha’apai underwater eruption on Saturday damaged two cables that were the backbones of international and domestic communications in Tonga.
The internet still remains cut off but communications is being restored through other means, the government of Tonga said in its first official statement, posted on Twitter by the Tonga Embassy in Tokyo.
Apple grabs smartphone crown as iPhone 13 wakes up the fanbois, leaves Chinese rivals eating dust
But smartphone shipments globally edge up just 1% for total market as demand outweighs supply
More than one in five phones shipped in Q4 carried a certain fruit brand as Apple leapt to the top of a barely growing global smartphone market.
Preliminary estimates from tech analyst Canalys are obviously subject to change and only provide part of the picture, but as headlines go, Apple CEO Tim Cook will be pleased the iPhone was top dog over the company’s vital winter sales season.
Total smartphones sales edged up by just 1 per cent globally, the market watcher said, as vendors came up against supply chain woes and a resurgence of COVID-19 cases. The single-digit shipment rise equates to 363.3 million phones being sold in the quarter based on available data from Q4 2020.
International police shut down 15 server infrastructures as part of VPNLab.net’s takedown
VPN service used by crims to support ransomware attacks and other illicit activity
Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net.
The VPN provider’s service gave users “shielded communications and internet access” that was used in “support of serious criminals acts such as ransomware deployment and other cybercrime activities,” Europol said today.
The raids were led by Central Criminal Office of the Hanover Police Department in Germany under the the EMPACT security framework objective of Cybercrime – Attacks Against Information Systems.
Microsoft seems intent on buying the gaming industry with $68.7bn purchase of troubled Activision Blizzard
‘Creative success and autonomy go hand-in-hand with treating every person with dignity and respect’
The company also announced its Game Pass service had passed the 25 million subscribers mark.
European Space Agency whittles wannabe astronauts down from 23,000 to 1,391
Could there be a South Korean TV show somewhere in this?
The European Space Agency (ESA) has completed stage one of its latest astronaut selection process, with 1,362 astronaut and 29 parastronaut applicants making the cut.
The group, which started as 23,000 wannabes, will now be invited to participate in a battery of psychological, performance, and personality tests followed by psychological interviews and medical testing for the ones that make it that far.
In December, ESA admitted it was still in the process of contacting applicants. But a delay is something that any would-be spacefarer will have to get used to.
More contractor pain: Parasol’s sister firms, SJD Accountancy and Nixon Williams, confirm cyberattack
Ransomware suspected but not confirmed
SJD Accountancy and Nixon Williams – both contractor-focused beancounting firms owned by the same corporate parent as cyber-attack-struck UK umbrella company Parasol – have been hit by online attackers.
The three firms are all nested under UK corporate parent Optionis Group, which describes itself as a “family” of “award-winning tax, umbrella and accountancy solutions” aimed at contractors. We have asked Optionis Group if its other brands, which include contractor accounting org ClearSky and tax rebate specialist Brian Alfred, are also affected.
Billionaires see wealth double during pandemic as tech bros lead the charge
Now what – in the middle of a pandemic – is a useful thing we could do with that $800bn extra dosh, Oxfam wonders
Self-proclaimed visionaries of our times like to explode myths about what can and cannot be done. Inhabiting mars? Let’s get on it, electric car maker Elon Musk says.
Singapore monetary authority threatens action on bank over widespread phishing scam
Scam has claimed 469 victims in December alone, of which OCBC has issued goodwill payments to 30
The Monetary Authority of Singapore says it is considering supervisory action against Southeast Asia’s second largest bank, Oversea-Chinese Banking Corporation (OCBC), which was criticised for its incident response to a widespread phishing scheme across the island nation.
Indian IT services biz HCL sees boom in business – and staff attrition
Company pauses bonus clawbacks amid controversies and drop in share price
HCL’s latest quarter was packed with revenue growth and new deals – but also saw a near-doubling of attrition when compared to last year, affecting net profit and forcing the firm to get creative in preventing staff from jumping ship.
The Indian IT service provider reported [PDF] year-on-year revenue growth of 13.8 per cent to $2.977bn for Q3 of its fiscal 2022 ended 31 December, saying this was the highest growth in the last 47 quarters.
The IT and Business Services division brought in $2.103bn, up 15.3 per cent; Engineering and R&D Services generated $473m worth of sales and Products & Platforms turned over $402m, up 8.2 per cent.
Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops
Testing? Isn’t that what users are for?
Microsoft has patched the patch that broke chunks of Windows and emitted fixes for a Patch Tuesday cock-up that left servers rebooting and VPNs disconnected.
There was a time when out-of-band updates from Microsoft were considered a rarity. Not so much these days. On the receiving end of the company’s attention were Windows desktop and Windows Server installs left a little broken following Microsoft’s latest demonstration of its legendary quality control.
KB5010793, KB5010792, KB5010790 and KB5010789 were slung out for Windows 10 and Windows Server. Even Windows 7 and Windows Server 2008 R2 got some love with KB5010798 and KB5010799, such was the blast radius of last week’s whoopsie.