• 1 Post
  • 17 Comments
Joined 1 year ago
cake
Cake day: June 13th, 2023

help-circle


  • Tap for Golem Article

    Mozilla baut Stellen ab und fokussiert sich neu

    Kommt die Wende bei Mozilla? Unter der neuen Chefin Laura Chambers startet Mozilla eine umfassende Reorganisation.

    Artikelveröffentlicht am 14. Februar 2024, 7:39 Uhr, Andreas Fischer

    Für Firefox könnten wieder neue Zeiten anbrechen.

    Für Firefox könnten wieder neue Zeiten anbrechen.(Bild: KI-generiert durch Bing Image Creator/Dall-E)

    Keine Woche nachdem die langjährige Mozilla-Chefin Mitchell Baker ihren Wechsel vom CEO-Posten auf den der Executive Chairwoman der Mozilla Foundation bekannt gegeben hat, baut das Unternehmen 60 weitere Stellen beziehungsweise etwa fünf Prozent der Belegschaft ab. 2020 verloren bereits 250 Mitarbeiter ihren Job bei dem Firefox-Anbieter.

    Der erneute Stellenabbau betrifft laut Bloomberg vor allem Mitarbeiter in der Produktentwicklung. Man wolle sich in Zukunft mehr auf Bereiche wie Firefox Mobile konzentrieren, in denen man die größten Erfolgschancen sehe, kündigte Mozilla an.

    Auf der anderen Seite werde man Investitionen in Produkte wie VPN, Relay sowie einen Dienst reduzieren, mit dem Anwender bei Datenbrokern über sie gespeicherte Daten löschen lassen können. Darüber hinaus will Mozilla seine 3D-Umgebung Hubs abschalten und weniger Aufwand bei seiner Mastodon-Instanz mozilla.social betreiben.

    KI und Firefox im Fokus

    Techcrunch veröffentlichte zudem ein internes Memorandum, in dem Mozilla ankündigte, sich künftig unter anderem mehr auf “vertrauenswürdige KI für Firefox” zu konzentrieren. Dazu werde man die Teams zusammenfassen, die sich bislang mit Pocket, Inhalten und KI beschäftigt hätten.

    Die Umstrukturierung erfolgt kurz nachdem das Unternehmen Laura Chambers zur Interims-CEO ernannt hatte. Die Australierin nannte als eine ihrer wichtigsten Aufgaben eigentlich die Suche nach einem neuen Chef für den Firefox-Anbieter und nicht eine Reorganisation.

    Die Änderungen deuten nach Ansicht von Techcrunch aber darauf hin, dass sich Mozilla wieder stärker auf sein Kernprodukt – den Browser Firefox – konzentrieren könnte. In der Vergangenheit brachte die Organisation zahlreiche neue Produkte heraus und vernachlässigte Firefox. Wohl auch deswegen verlor der früher sehr beliebte Browser immer mehr Marktanteile.

    Tap for Bloomberg Article

    Firefox Maker Mozilla Is Cutting 60 Jobs After Naming New CEO

    By Mark Gurman

    February 13, 2024 at 7:16 PM UTC

    Mozilla Corp., the maker of web browser Firefox, is cutting about 60 jobs as part of a shake-up under a new chief executive officer.

    Mozilla said that the move affects about 5% of its workforce and that the cuts were primarily in the product development organization. The company informed employees of the decision on Tuesday.

    “We’re scaling back investment in some product areas in order to focus on areas that we feel have the greatest chance of success,” Mozilla said in a statement. “We intend to re-prioritize resources against products like Firefox Mobile, where there’s a significant opportunity to grow and establish a better model for the industry.”

    The move comes a week after the company named Laura Chambers as its CEO. She’s a former Airbnb Inc. and eBay Inc. executive who joined Mozilla’s board three years ago. Mitchell Baker, Mozilla’s longtime chief, stepped down to become the company’s executive chairman.

    Mozilla last cut a significant number of jobs four years ago at the height of the Covid-19 pandemic. The not-for-profit company, which competes with Alphabet Inc.’s Google Chrome, Apple Inc.’s Safari and Microsoft Corp.’s Edge, has been grappling with sliding market share of its Firefox web browser in recent years.

    In addition to Firefox, Mozilla’s products include email software Thunderbird and article-saving app Pocket.

    The move comes after a string of tech layoffs, with more than 32,000 jobs lost in the industry so far this year. Several major tech companies have made cuts in recent weeks, including Amazon.com Inc. and Snap Inc.

    — With assistance from Jackie Davalos





  • What’s happened?

    The Linux kernel project has become its own CVE Numbering Authority (CNA) with two very notable features:

    • CVE identifiers will only be assigned after a fix is already available and in a release; and
    • the project will err on the side of caution, and assign CVEs to all fixes.

    This means each new kernel release will contain a lot of CVE fixes.

    So what?

    This could contribute to a significant change in behaviour for commercial software vendors.

    The kernel project has long advocated updating to the latest stable release in order to benefit from fixes, including security patches. They’re not the only ones: Google has analysed this topic and Codethink talks extensively about creating software with Long Term Maintainability baked in.

    But alas, a general shift to this mentality appears to allude us: the prevalent attitude amongst the majority of commercial software products is still very much “ship and forget”.

    Consider the typical pattern: SoC vendors base their BSP on an old and stable Linux distribution. Bespoke development occurs on top of this, and some time later, a product is released to market. By this point, the Linux version is out of date, quite likely unsupported and almost certainly vulnerable from a security perspective.

    Now, fair enough, upgrading your kernel is non-trivial: it needs to be carefully thought through, requires extensive testing, and often careful planning to ensure collaboration between different parties, especially if you have dependencies on vendor blobs or other proprietary components. Clearly, this kind of thing needs to be thought about from day one of a new project. Sadly, in practice, in a lot of cases, upgrading simply isn’t even planned for.

    And now?

    With the Linux kernel project becoming a CNA, we’ll now have a situation where every new kernel release highlights the scale of how far behind mainline these products are, and by implication how exposed to security vulnerabilities the software is.

    The result should be increased pressure on vendors to upgrade.

    With this, plus the recent surge in regulations around keeping software up to date (see the CRA, UNECE R155 and R156), we may start to see a genuine movement towards software being designed to be properly maintained and updated, ie, “ship and remember” or Long Term Maintainability. Let’s hope so.

    What else?

    Well, the Linux kernel is just one project. There are countless other FOSS projects which are depended on by almost all commercial projects, and they may also be interested in becoming their own CNA.

    This would further increase the visibility of the problem, and apply a renewed focus on the criticality of releasing software products with plans to upgrade built in from the start.

    If you would like to learn more about CNAs or Codethink’s Long Term Maintainability approach, reach out via sales@codethink.co.uk.