Mozilla

Former Mozilla CTO: 'Chrome Won' (andreasgal.com) 212

Responding to Firefox marketing head Eric Petitt's blog post from earlier this week, Andreas Gal, former chief technology officer of Mozilla (who spent seven years at the company) offers his insights. Citing latest market share figures, Gal says "it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated." From his blog post (edited and condensed for length): With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn't manage to catch up with Android's explosive growth. Mozilla's strategic rationale for building Firefox OS was often misunderstood. Mozilla's founding mission was to build the Web by building a browser. [...] Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric -- who heads Mozilla's marketing team -- uses Chrome every day as he mentioned in the first sentence, it's not surprising that almost 65% of desktop users are doing the same. [...] I don't think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It's like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted.
Mozilla

Firefox Marketing Head Expresses Concerns Over Google's Apparent 'Only Be On Chrome' Push (medium.com) 179

Eric Petitt, head up Firefox marketing, writing in a blog: I use Chrome every day. Works fine. Easy to use. There are multiple things that bug me about the Chrome product, for sure, but I'm OK with Chrome. I just don't like only being on Chrome. And that's what Chrome wants. It wants you to only use Chrome. Chrome is not evil, it's just too big for its britches. Its influence on the internet economy and individuals is out of balance. Chrome, with 4 times the market share of its nearest competitor (Firefox), is an eight-lane highway to the largest advertising company in the world. Google built it to maximize revenue from your searches and deliver display ads on millions of websites. To monetize every... single... click. And today, there exists no meaningful safety valve on its market dominance. Beyond Google, the web looks more and more like a feudal system, where the geography of the web has been partitioned off by the Frightful Five. Google, Facebook, Microsoft, Apple and Amazon are our lord and protectors, exacting a royal sum for our online behaviors. We're the serfs and tenants, providing homage inside their walled fortresses. Noble upstarts are erased or subsumed under their existing order. (Footnote: Petitt has made it clear that the aforementioned views are his own, and not those of Mozilla.)
Android

And Now, a Brief Definition of the Web (theverge.com) 62

Dieter Bohn, writing for The Verge: Traditionally, we think of the web as a combination of a set of specific technologies paired with some core philosophical principles. The problem -- the reason this question even matters -- is that there are a lot of potential replacements for the parts of the web that fix what's broken with technology, while undermining the principles that ought to go with it. [...] A lot of tech companies are flailing around looking for ways to fix this problem. There are web apps that work in Chrome but not really all that well elsewhere. There are Instant Articles in Facebook and AMP pages on Google. There are Instant Android apps that stream to your phone over the internet instead of being installed, which go away when you're done with them just like a browser tab. Google claims to be trying to bring some of the open ethos of the web to smart speakers. Hell, go back to 2014 and you'll find Apple pundit John Gruber arguing we should consider apps and "anything transmitted using HTTP and HTTPS" as part of the web. [...] And now, a brief definition of the web: To count as being part of the web, your app or page must: 1. Be linkable, and 2. Allow any client to access it. That's it.
Security

Stealing Windows Credentials Using Google Chrome (helpnetsecurity.com) 53

Orome1 writes: A default setting in Google Chrome, which allows it to download files that it deems safe without prompting the user for a download location, can be exploited by attackers to mount a Windows credential theft attack using specially-crafted SCF shortcut files, DefenseCode researchers have found. What's more, for the attack to work, the victim does not even have to run the automatically downloaded file. Simply opening the download directory in Windows File Explorer will trigger the code icon file location inserted in the file to run, and it will send the victim's username, domain and NTLMv2 password hash to a remote SMB server operated by the attackers.
Firefox

Firefox 55: Flash Will Become 'Ask To Activate' For Everyone (bleepingcomputer.com) 114

An anonymous reader quotes a report from BleepingComputer: Starting with the release of Firefox 55, the Adobe Flash plugin for Firefox will be set to "Ask to Activate" by default for all users. This move was announced in August 2016, as part of Mozilla's plan to move away from plugins built around the NPAPI technology. Flash is currently the only NPAPI plugin still supported in Firefox, and moving its default setting from "Always Activate" to "Ask to Activate" is just another step towards the final step of stop supporting Flash altogether. This new Flash default setting is already live in Firefox's Nightly Edition and will move through the Alpha and Beta versions as Firefox nears its v55 Stable release. By moving Flash to a click-to-play setting, Firefox will indirectly start to favor HTML5 content over Flash for all multimedia content. Other browsers like Google Chrome, Brave, or Opera already run Flash on a click-to-play setting, or disabled by default. Firefox is scheduled to be released on August 8, 2017.
Businesses

'WannaCry Makes an Easy Case For Linux' (techrepublic.com) 408

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.
Chrome

Should You Leave Google Chrome For the Opera Browser? (vice.com) 303

mspohr shares a report written by Jason Koebler via Motherboard who makes the case for why you should break up with Chrome and switch to the Opera browser: Over the last few years, I have grown endlessly frustrated with Chrome's resource management, especially on MacOS. Admittedly, I open too many tabs, but I'd wager that a lot of you do, too. With Chrome, my computer crawls to complete unusability multiple times a day. After one too many times of having to go into Activity Monitor to find that one single Chrome tab is using several gigs of RAM, I decided enough was enough. I switched to Opera, a browser I had previously thought was only for contrarians. This, after previous dalliances with Safari and Firefox left me frustrated. Because Opera is also based on Blink, I almost never run into a website, plugin, script, or video that doesn't work flawlessly on it. In fact, Opera works almost exactly like Chrome, except without the resource hogging that makes me want to throw my computer against a brick wall. This is exactly the point, according to Opera spokesperson Jan Standal: "What we're doing is an optimized version of Chrome," he said. "Web developers optimize most for the browser with the biggest market share, which happens to be Chrome. We benefit from the work of that optimization."

Slashdot reader mspohr adds: "I should note that this has also been my experience. I have a 2010 MacBook, which I was ready to trash since it had become essentially useless, coming to a grinding halt daily. I tried Opera and it's like I have a new computer. I never get the spinning wheel of death. (Also, the built-in ad blocker and VPN are nice.)" What has been your experience with Google Chrome and/or Opera? Do you prefer one over the other?

United States

Google Owns the Classroom (axios.com) 114

An anonymous reader writes: The NYT's Natasha Singer has a fascinating, provocative look at "How Google Conquered The American Classroom." "[M]ore than half the nation's primary- and secondary-school students -- more than 30 million children -- use Google education apps like Gmail and Docs... Chromebooks, Google-powered laptops that initially struggled to find a purpose... account for more than half the mobile devices shipped to schools."
Microsoft

Microsoft Finally Bans SHA-1 Certificates In Its Browsers (zdnet.com) 38

An anonymous reader quotes ZDNet: With this week's monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft's browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January's stable release of Chrome 56, and Firefox's February cut-off... Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3... Once Tuesday's updates are installed, Microsoft's browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site's certificate.
Operating Systems

Opinion: Even if You Hate the Idea, Windows Users Should Want Windows 10 S To Succeed (arstechnica.com) 259

Last week, Microsoft unveiled Windows 10 S, a new variant of its desktop operating system aimed largely at the education space. While time will tell how this new edition of Windows fares, if early reactions from enthusiasts are anything to go by, Windows 10 S is in for a tough ride ahead. For one, Windows 10 S only permits installation of applications from the Windows Store. If that wasn't a deal-breaker, several popular applications including Google's Chrome are missing from the Store. Amid all of this, reporter and columnist Peter Bright has an op-ed up on ArsTechnica in which he argues that despite the walled-garden offering, people should want Windows 10 S to succeed as it could make Windows better for everyone else. From his article: This [forbidding execution of any program that wasn't downloaded from the Windows Store] positions Microsoft as a gatekeeper -- although its criteria for entry within the store is for the most part not stringent, it does reserve the right to remove software that it deems undesirable -- and means that the vast majority of extant Windows software can't be used. This means that PC mainstays, from Adobe Photoshop to Valve's Steam, can't be used on Windows 10 S. [...] Some of the arguments against this are bizarre. Notably, the complaint that Microsoft has now erected a paywall -- "you have to pay $50 to run Steam!" -- is very peculiar when one considers that, in general, Windows licenses have never been free. [...] The Windows Store makes bad parts of Windows better: I'd argue, however, that Windows users should want Windows 10 S to succeed. Windows 10 S isn't for everybody, and Windows 10 S may not be for you, but if Windows 10 S succeeds, it will make Windows 10 better for everyone. The Store in Windows RT required developers to write their apps from scratch. With negligible numbers of users, developers were uninterested in doing this work. The Store in Windows 10 has Centennial. In principle, Centennial should make it easy to package existing Win32 apps and sell them through the Store, and if developers of Windows apps adopt Centennial en masse then the Store restriction shouldn't be particularly restrictive. Widespread adoption will be good for Windows users of all stripes.
Chrome

Chrome For Android Now Lets You Save Web Pages For Reading Later (techcrunch.com) 46

Today, Google has introduced a series of improvements to Chrome for Android to make it easier to save content for offline access. The improvements will be made to the "Downloads" feature rolled out in December that allows you to save webpages, music and videos for offline access. TechCrunch reports: To download a web page previously, you would open Chrome's menu in the top-right of the browser, then tap the "save" icon that's located next to the star for bookmarking the site. You could then see all the content you had saved for offline access by tapping on "Downloads" from this same menu. Now, Google is adding more ways to save content, including a way to long press on a link the way you do when you want to open up a page in a new tab. The option to "Download Link" will appear on the pop-up screen you see after your press, below the options to open the page in a new tab or incognito tab. Google says this long press action will also work on its article suggestions on its New Tab page. This New Tab page will also include the articles you've already downloaded, which will be flagged with an offline badge.
Google

Google's Upcoming 'Fuchsia' Smartphone OS Dumps Linux, Has a Wild New UI (arstechnica.com) 219

More details have emerged about Fuchsia, the new mobile OS Google has been working on. ArsTechnica reports that Fuchsia is not based on Linux (unlike Android and Chrome OS). Instead, the OS uses a new, Google-developed microkernel called "Magenta." From the article: With Fuchsia, Google would not only be dumping the Linux kernel, but also the GPL: the OS is licensed under a mix of BSD 3 clause, MIT, and Apache 2.0. Dumping Linux might come as a bit of a shock, but the Android ecosystem seems to have no desire to keep up with upstream Linux releases. Even the Google Pixel is still stuck on Linux Kernel 3.18, which was first released at the end of 2014. [...] The interface and apps are written using Google's Flutter SDK, a project that actually produces cross-platform code that runs on Android and iOS. Flutter apps are written in Dart, Google's reboot of JavaScript which, on mobile, has a focus on high-performance, 120fps apps. It also has a Vulkan-based graphics renderer called "Escher" that lists "Volumetric soft shadows" as one of its features, which seems custom-built to run Google's shadow-heavy "Material Design" interface guidelines. The publication put the Flutter SDK to test on an Android device to get a sneak peek into the user interface of Fuchsia. "The home screen is a giant vertically scrolling list. In the center you'll see a (placeholder) profile picture, the date, a city name, and a battery icon," the author wrote. "Above the are 'Story' cards -- basically Recent Apps -- and below it is a scrolling list of suggestions, sort of like a Google Now placeholder. Leave the main screen and you'll see a Fuchsia 'home' button pop up on the bottom of the screen, which is just a single white circle."
Chrome

Google To Auto-Migrate Some Users To 64-bit Chrome 96

Google says it will automatically upgrade the version of Chrome that some Windows users are running, in what it describes as a bet to improve stability, performance, and security. From a report on ZDNet: In a blog post on Tuesday, the search engine giant explained that Chrome users running 64-bit Windows with 4GB or more of memory will be automatically migrated to the 64-bit version of Chrome if they are running the 32-bit version.
Chrome

Chrome Will Start Marking HTTP Sites In Incognito Mode As Non-Secure In October (venturebeat.com) 67

Reader Krystalo writes: Google today announced the second step in its plan to mark all HTTP sites as non-secure in Chrome. Starting in October 2017, Chrome will mark HTTP sites with entered data and HTTP sites in Incognito mode as non-secure. With the release of Chrome 56 in January 2017, Google's browser started marking HTTP pages that collect passwords or credit cards as "Not Secure" in the address bar. Since then, Google has seen a 23 percent reduction in the fraction of navigations to HTTP pages with password or credit card forms on Chrome for desktop. Chrome 62 (we're currently on Chrome 58) will take this to the next level.
Education

EFF Says Google Chromebooks Are Still Spying On Students (softpedia.com) 84

schwit1 quotes a report from Softpedia: In the past two years since a formal complaint was made against Google, not much has changed in the way they handle this. Google still hasn't shed its "bad guy" clothes when it comes to the data it collects on underage students. In fact, the Electronic Frontier Foundation says the company continues to massively collect and store information on children without their consent or their parents'. Not even school administrators fully understand the extent of this operation, the EFF says. According to the latest status report from the EFF, Google is still up to no good, trying to eliminate students privacy without their parents notice or consent and "without a real choice to opt out." This, they say, is done via the Chromebooks Google is selling to schools across the United States.
Cloud

Leaked Document Sheds Light On Microsoft's Chromebook Rival (windowscentral.com) 91

Microsoft has announced plans to host an event next month where it is expected to unveil Windows 10 Cloud operating system. Microsoft will be positioning the new OS as a competitor to Chrome OS, according to several reports. Windows Central has obtained an internal document which sheds light on the kind of devices that will be running Windows 10 Cloud. The hardware requirement that Microsoft has set for third-party OEMs is as follows: 1. Quad-core (Celeron or better) processor.
2. 4GB of RAM.
3. 32GB of storage (64GB for 64-bit). 4. A battery larger than 40 WHr.
5. Fast eMMC or solid state drive (SSD) for storage technology.
6. Pen and touch (optional).
The report adds that Microsoft wants these laptops to offer over 10-hour of battery life, and the "cold boot" should not take longer than 20 seconds.
Security

Ambient Light Sensors Can Be Used To Steal Browser Data (bleepingcomputer.com) 37

An anonymous reader writes: "Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff," reports Bleeping Computer. "The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products." According to two privacy and security experts, Lukasz Olejnik and Artur Janc, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.
Google

Google Earth Gets a New Home On the Web (arstechnica.com) 46

To celebrate the Earth Day, Google says it is rolling out what was a two-year in the making major update to Google Earth. From a report: V9 is designed to run in a Web browser (just Chrome for now), but there's now a standalone home for Google Earth. The Android app has been updated, too (iOS is coming soon). Version 9 puts a big focus on guided tours via the "Voyager" section, which serves as a jumping off point for YouTube videos, 360-degree content, Street View, and Google Earth landmarks. The tours are led by scientists and documentarians, with some content produced by well-known groups like the BBC's Planet Earth team. For kids, there's a Sesame Street muppet section.
Android

Google Agrees To Open Android To Other Search Engines In Russia (bgr.com) 64

Google has reached a $7.8 million antitrust settlement with Russian watchdog group FAS. According to BGR, the company will loosen restrictions on Android's built-in search engines to allow for Russian competitors to take a share of the pie. From the report: Android's heavy reliance on Google services is to be expected, but in 2015 the Russian antitrust group -- officially the Federal Antimonopoly Service -- ruled that Google was breaking the law by forcing users to lean on Google for search. The ruling was the result of a complaint filed by Yandex, a Russian competitor to Google that runs the largest search engine in the country as well as web mail, news, maps, and other services. Google's settlement of the issue comes with the condition that Android will no longer lock down the search engine to Google, and must allow users the ability to change it if they want from within the Chrome web browser. Google will also loosen its exclusivity of the default apps on Android devices sold in Russia, potentially allowing for Yandex and other regional competitors to muscle in and replace the built-in apps with their own versions, depending on user preference.
Google

Chrome 59 To Address Punycode Phishing Attack 69

Google says it will be rolling out a patch to Chrome in v59 to address a decade-old unicode vulnerability called Punycode that allowed attackers to fool people into clicking on compromised links. Engadget adds: Thanks to something called Punycode, phishers are able to register bogus domains that look identical to a real website. Take this proof-of-concept from software engineer Xudong Zheng, where apple.com won't take you to a store selling Macs, iPhones and iPads. The real website is actually https://www.xn--80ak6aa92e [dot] com. The xn-- prefix tells browsers like Chrome that the domain uses ASCII compatible encoding. It allows companies and individuals from countries with non-traditional alphabets to register a domain that contains A-Z characters but renders in their local language. The issue was first reported to Google and Mozilla on January 20th and Google has issued a fix in Chrome 59. It's currently live in the Canary (advance beta release) but the search giant will likely make it available to all Chrome users soon.

Slashdot Top Deals