≡ Menu

firefox

MySQL, Red Hat and many other open source projects made good amount of money by supporting and creating world class software. But, how do you get venture capital - financing to grow businesses based upon open source ideas? If you are opening an open source software / hardware based business, read this getting started article about VC funding.

VC Funding

According wikipedia:

A venture capitalist (also known as a VC) is a person or investment firm that makes venture investments, and these venture capitalists are expected to bring managerial and technical expertise as well as capital to their investments. A venture capital fund refers to a pooled investment vehicle (often an LP or LLC) that primarily invests the financial capital of third-party investors in enterprises that are too risky for the standard capital markets or bank loans.

Venture capital is most attractive for new companies with limited operating history that are too small to raise capital in the public markets and are too immature to secure a bank loan or complete a debt offering. In exchange for the high risk that venture capitalists assume by investing in smaller and less mature companies, venture capitalists usually get significant control over company decisions, in addition to a significant portion of the company's ownership (and consequently value).

Here in India VC funding reached to US $6.5 billion at the end of 2007. Most VC firms in India are either divisions or subsidiaries of Silicon Valley funds. They are primarily centered in Bangalore, Delhi and Mumbai.

Keith Ward has published an interesting article about getting funds for your small project:

So, you've got the greatest open source idea since Firefox. It's guaranteed to be bigger than TCP/IP. All you need now is some scratch to get your project off the ground. Given the genius of your idea, you're sure you'll have to beat off potential investors with a stick. If you think that's reality, I've got some subprime mortgages to sell you. Getting venture capital (VC) to fund your business is hard work, even if you have a commercial product to sell. The degree of difficulty ratchets up many times if you're an open source developer. It can be done, but it takes such single-minded focus that getting turned down multiple -- maybe even dozens -- of times won't faze you.

=> How to get VC investment for your open source

Really scary exploit attack in wild, which affects all browsers under any desktop operating systems including MS IE, Linux, Apple safari, Opera, Firefox and Adobe flash. Any website that uses CSS, flash and IFRAME (used to serve ads) can be used to attack on end users. Attacker is able to take control of the links that your browser visits. From the article:

In a nutshell, it’s when you visit a malicious website and the attacker is able to take control of the links that your browser visits. The problem affects all of the different browsers except something like lynx. The issue has nothing to do with JavaScript so turning JavaScript off in your browser will not help you. It’s a fundamental flaw with the way your browser works and cannot be fixed with a simple patch. With this exploit, once you’re on the malicious web page, the bad guy can make you click on any link, any button, or anything on the page without you even seeing it happening.

According to victims on several Web forums, the attack is coming from Adobe Flash-based advertising on legitimate sites — including Newsweek, Digg and MSNBC.com.

How do I stop Clickjacking under Firefox?

There are two solutions.

Option #1: Disable everything

Disable scripting and plugins such as flash and others for the time being under Firefox (except adblock plus or no-script plugin). I've no idea how to do this under IE or other browsers. Under Firefox clock on Tools > Add-ons > Select each plugin and disable it.

Fig.01: Disable scripting and plugins

Fig.01: Disable scripting and plugins


Shutdown browser. Next, remove Adobe flash from system using apt-get or from your directory. If firefox 3 installed at /opt/firefox/, change directory to /opt/firefox/plugins:
# cd /opt/firefox/plugins
Delete flash and other plugins files:
# rm *
This should work for other browsers too.

Option #2: Use Noscript To Stop Attack

Download latest version of NoScript firefox plugin. NoScript for Firefox pre-emptively blocks malicious scripts and allows JavaScript, Java and other potentially dangerous content only from sites you trust. Once installed restar firefox. Click on NoScript icon located on bottom right status bar > Select options > Click on Forbid [IFRAME] > Ok

Fig.01: Mitigation for Clickjacking under Firefox with NoScript Plugin

Fig.02: Mitigation for Clickjacking under Firefox with NoScript Plugin

Bonus option # 3: Use lynx

Lynx and other text based browsers are not affected by this exploit. Lynx is a free open-source, text-only Web browser. Recent version works under Mac OS X, All versions of Windows and UNIX like operating systems. You install lynx using apt-get or yum command:
# apt-get install lynx
OR
# yum install lynx

Further readings:

  1. More info about clickjacking
  2. NoScript plugins
  3. Clickjacking demo / proof of concept demo (warning it will hijack your clipboard, to stop just close browser.)
  4. Clickjacking: Researchers raise alert for scary new cross-browser exploit

Download of the day: Firefox 3.1 Alpha 1

Mozilla has released Firefox 3.1 Alpha 1 - code named Shiretoko Alpha 1 and is now available for download.

New features

=> Web standards improvements in the Gecko layout engine
=> Text API for the <canvas> element
=> Support for using border images
=> Support for JavaScript query selectors
=> Several improvements to the Smart Location Bar
=> A new tab switching behavior

=> Download Linux version here.

You may also find my step by step easy instructions on how to install the Firefox browser under Linux useful.

Update: Vmware sever 2.0 final has been released. Version 2.0 has updated version for Firefox 3.0.x series.

VMWare remote console plugin allows to control VMWare server 2.0RC1. However, when you upgrade Firefox to 3.0.1 it will not work or get disabled by Firefox 3.0.1 due to plug-in compatibility issue. To fix this issue shutdown your Firefox, locate a directory called VMwareVMRC@vmware.com. This hack tested on:
=> Linux running Firefox 3.0.1

=> VMware Remote Console Plug-in version 2.5.0.100265

Open a shell prompt and type the following commands:
$ cd ~/.mozilla/
$ find . -type d -iname "VMwareVMRC@vmware.com"

Sample output:

./firefox/szvrcz3m.default/extensions/VMwareVMRC@vmware.com

Change the directory, enter:
$ cd ./firefox/szvrcz3m.default/extensions/VMwareVMRC@vmware.com
Open install.rdf
$ cp install.rdf ~/install.rdf.bak
$ vi install.rdf

Find line that read as follows:

<em:maxVersion>3.0.0.*</em:maxVersion>

Replace it with:

<em:maxVersion>3.0.1.*</em:maxVersion>

Save and close the file. Open Firefox and plug-in should work without a problem.
(Fig.01: Running VMWare Server Remote Console Plugin under Updated Firefox v3.0.1)

Firefox Leads Web Browser Security War

Firefox users like you and me considered as the most secure. According to new study Firefox offers the most secure browsing experience to its user. According to study paper called - Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg" :
=> Firefox users most likely to use the latest version and well secured from the Internet attacks.

=> Failed to update browsers will result in increases the chance for remote attacks executed by attacker.

=> Internet explorer security is bad because most users stuck with older version. Most people can't uninstall IE, therefore they end up using it outdated default browser version.

See study paper for all the details.

Thanks to everyone. Mozilla today received confirmation from Guinness World Records that they have officially achieved the record for the "largest number of software downloads in 24 hours."

New Guinness World Record - 8 million Firefox 3 downloads in a day!

From the mozilla site:

Thanks to the support of the always amazing Mozilla community, we now hold a Guinness World Record for the most software downloaded in 24 hours. From 18:16 UTC on June 17, 2008 to 18:16 UTC on June 18, 2008, 8,002,530 people downloaded Firefox 3 and are now enjoying a safer, smarter and better Web.


(Fig.01: Keep your friends close, and your enemies closer [click to enlarge image]).

The Microsoft Internet Explorer Team sent a cake for the release of Firefox 2 in 2006 and now they did it again. Thanks Ryan Paul for posting image and information (via Digg).

PS: Mozilla will be eating cake as well as Internet Explorer's marketshare ;)