For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Windows

Ask Slashdot: Are Post-Install Windows Slowdowns Inevitable? 514 514

blackest_k writes: I recently reinstalled Windows 7 Home on a laptop. A factory restore (minus the shovelware), all the Windows updates, and it was reasonably snappy. Four weeks later it's running like a slug, and now 34 more updates to install. The system is clear of malware (there are very few additional programs other than chrome browser). It appears that Windows slows down Windows! Has anyone benchmarked Windows 7 as installed and then again as updated? Even better has anybody identified any Windows update that put the slug into sluggish? Related: an anonymous reader asks: Our organization's PCs are growing ever slower, with direct hard-drive encryption in place, and with anti-malware scans running ever more frequently. The security team says that SSDs are the only solution, but the org won't approve SSD purchases. It seems most disk scanning could take place after hours and/or under a lower CPU priority, but the security team doesn't care about optimization, summarily blaming sluggishness on lack of SSDs. Are they blowing smoke?
Yahoo!

The Next Java Update Could Make Yahoo Your Default Search Provider 328 328

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.
Chromium

Google Criticized For 'Opaque' Audio-Listening Binary In Debian Chromium 85 85

An anonymous reader writes: Google has fallen under criticism for including a compiled audio-monitoring binary in Chromium for Debian. A report was logged at Debian's bug register on Tuesday noting the presence of a non-auditable 'hotword' module in Chromium 43. The module facilitates Google's "OK, Google" functionality, which listens for that phrase via a Chrome user's microphone and attempts afterwards to interpret the user's instructions as a search query. Matt Giuca from the Chromium development team responded after the furore developed, disclaiming Google from any responsibility from auditing Chromium code, but promising clearer controls over the feature in release 45.
Chrome

Ask Slashdot: Options After Google Chrome Discontinues NPAPI Support? 208 208

An anonymous reader writes: I've been using Google Chrome almost exclusively for more than 3 years. I stopped using Mozilla Firefox because it was becoming bloated and slow, and I migrated all my bookmarks etc. to Chrome. Now Chrome plans to end NPAPI support — which means that I will not be able to access any sites that use Java, and I need this for work. I tried going back to Firefox for a couple of days but it still seems slow — starting it takes time, even the time taken to load a page seems more than Chrome. So what are my options now? Export all my bookmarks and go back to Mozilla Firefox and just learn to live with the performance drop? Or can I tweak Firefox performance in any way? FWIW, I am on a Windows 7 machine at work.
Chrome

Chrome Beta Now Automatically Pauses Less Important Flash Content 98 98

An anonymous reader writes: Google today detailed a very interesting initiative in partnership with Adobe: The two have been working to make Flash content more power-efficient in Chrome. Available now in the browser's beta channel, Chrome will use less power by simply choosing to play less Flash content on the page. Here's how the feature works: Chrome beta will automatically pause Flash content that isn't "central to the webpage" while keeping central content playing without interruption. The company offers an obvious example: Animations on the side will be paused while the video you're trying to watch will be unaffected.
Google

Google Chrome Tops 1 Billion Users 102 102

An anonymous reader writes with this excerpt from Venture Beat: At the I/O 2015 developer conference today, Sundar Pichai, Google's senior vice president of product, announced that Chrome has passed 1 billion active users. Less than a year ago, Google revealed Android has over 1 billion active users. These are indeed Google's biggest ecosystems. Google also shared that Google Search, YouTube, and Google Maps all have over 1 billion users as well. Gmail will reach the milestone next; it has 900 million users.
Android

Android M Arrives In Q3: Native Fingerprint Support, Android Pay, 'Doze' Mode 83 83

MojoKid writes with yet more news from the ongoing Google IO conference: Google I/O kicked off this afternoon and the first topic of discussion was of course Google's next generation mobile operating system. For those that were hoping for a huge UI overhaul or a ton of whiz-bang features, this is not the Android release for you. Instead, Android M is more of a maintenance released focused mainly on squashing bugs and improving stability/performance across the board. Even though Android M is about making Android a more stable platform, there are a few features that have been improved upon or introduced for this release: App Permissions, Chrome Custom Tabs for apps, App Links (instead of asking you which app to choose when clicking a link, Android M's new Intent System can allow apps to verify that they are rightfully in possession of a link), NFC-based Android Pay, standardized fingerprint scanning support, and a new "doze" mode that supposedly offers 2X longer battery life when idle.
Open Source

Ask Slashdot: Can SaaS Be Both Open Source and Economically Viable? 49 49

An anonymous reader writes: The CTO behind Lucidchart, an online diagramming app, recently cited the open source rbush project as an invaluable tool for helping implement an "in-memory spatial index" that "increased spatial search performance by a factor of over 1,000 for large documents." My question is this: what risks does a SaaS company like Lucidchart face in making most of their own code public, like Google's recent move with Chrome for Android, and what benefits might be gained by doing so? Wouldn't sharing the code just generate more users and interest? Even if competitors did copy it, they'd always be a step behind the latest developments.
Chrome

Chrome For Android Is Now Almost Entirely Open Source 51 51

jones_supa writes: After lots of work by Chrome for Android team and a huge change, Chrome for Android is now almost entirely open source, a Google engineer announced in Reddit. Over 100,000 lines of code, including Chrome's entire user interface layer, has been made public, allowing anyone with the inclination to do so to look at, modify, and build the browser from source. Licensing restrictions prevent certain media codecs, plugins and Google service features form being included, hence the "almost." This is on par with the open source Chromium browser that is available on the desktop.
Chrome

New Chrome Extension Uses Sound To Share URLs Between Devices 77 77

itwbennett writes: Google Tone is an experimental feature that could be used to easily and instantly share browser pages, search results, videos and other pages among devices, according to Google Research. "The initial prototype used an efficient audio transmission scheme that sounded terrible, so we played it beyond the range of human hearing," researcher Alex Kauffmann and software engineer Boris Smus wrote in a post on the Google Research blog.
Encryption

'Logjam' Vulnerability Threatens Encrypted Connections 71 71

An anonymous reader writes: A team of security researchers has revealed a new encryption vulnerability called 'Logjam,' which is the result of a flaw in the TLS protocol used to create encrypted connections. It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties."

Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).
Security

Microsoft Is Confident In Security of Edge Browser 133 133

jones_supa writes: It's no secret that Internet Explorer has always been criticized for its poor security, so with the Edge web browser (previously known as Spartan), Microsoft is trying to tackle this problem more effectively and make sure that users consider it at least as good as Chrome and Firefox. In a blog post, Microsoft details the security enhancements available in Edge, pointing out that most of the changes it made to the new browser make it much more secure than Internet Explorer. There is more protection against trickery, app containers are used as the sandbox mechanism, and protection against memory corruption is better. Old, insecure plugin interfaces are not supported at all: VML, VBScript, Toolbars, BHOs, and ActiveX are all nuked from the orbit.
Google

Superfish Injects Ads In 1 In 25 Google Page Views 91 91

An anonymous reader writes: A new report from Google has found that more than 5% of unique daily IP addresses accessing Google — tens of millions — are interrupted by ad-injection techniques, and that Superfish, responsible for a major controversy with Lenovo in February is the leading adware behind what is clearly now an industry. Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.
Portables

Ask Slashdot: Most Chromebook-Like Unofficial ChromeOS Experience? 99 99

An anonymous reader writes: I am interested in Chromebooks, for the reasons that Google successfully pushes them: my carry-around laptops serve mostly as terminals, rather than CPU-heavy workhorses, and for the most part the whole reason I'm on my computer is to do something that requires a network connection anyhow. My email is Gmail, and without particularly endorsing any one element, I've moved a lot of things to online services like DropBox. (Some offline capabilities are nice, but since actual Chromebooks have been slowly gaining offline stuff, and theoretically will gain a lot more of that, soon, I no longer worry much about a machine being "useless" if the upstream connection happens to be broken or absent. It would just be useless in the same way my conventional desktop machine would be.) I have some decent but not high-end laptops (Core i3, 2GB-4GB of RAM) that I'd enjoy repurposing as Chromebooks without pedigree: they'd fall somewhat short of the high-end Pixel, but at no out-of-pocket expense for me unless I spring for some cheap SSDs, which I might.

So: how would you go about making a Chromebook-like laptop? Yes, I could just install any Linux distro, and then restrain myself from installing most apps other than a browser and a few utilities, but that's not quite the same; ChromeOS is nicely polished, and very pared down; it also seems to do well with low-memory systems (lots of the current models have just 2GB, which brings many Linux distros to a disk-swapping crawl), and starts up nicely quick.

It looks like the most "authentic" thing would be to dive into building Chromium OS (which looks like a fun hobby), but I'd like to find something more like Cr OS — only Cr OS hasn't been updated in quite a while. Perhaps some other browser-centric pared-down Linux would work as well. How would you build a system? And should I go ahead and order some low-end 16GB SSDs, which I now see from online vendors for less than $25?
Chrome

Chrome Passes 25% Market Share, IE and Firefox Slip 240 240

An anonymous reader writes: In April 2015, we saw the naming of Microsoft Edge, the release of Chrome 42, and the first full month of Firefox 37 availability. Now we're learning that Google's browser has finally passed the 25 percent market share mark. Hit the link for some probably unnecessarily fine-grained statistics on recent browser trends. Have your browser habits shifted recently? Which browsers do you use most often?
Security

Researcher Bypasses Google Password Alert For Second Time 35 35

Trailrunner7 writes with this excerpt: A security researcher has developed a method–actually two methods–for defeating the new Chrome Password Alert extension that Google released earlier this week.

The Password Alert extension is designed to warn users when they're about to enter their Google passwords into a fraudulent site. The extension is meant as a defense against phishing attacks, which remain a serious threat to consumers despite more than a decade of research and warnings about the way the attacks work.

Just a day after Google released the extension, Paul Moore, a security consultant in the U.K., developed a method for bypassing the extension. The technique involved using Javascript to look on a given page for the warning screen that Password Alert shows users. The method Moore developed then simply blocks the screen, according to a report on Ars Technica. In an email, Moore said it took him about two minutes to develop that bypass, which Google fixed in short order.

However, Moore then began looking more closely at the code for the extension, and Chrome itself, and discovered another way to get around the extension. He said this one likely will be more difficult to repair.

"The second exploit will prove quite difficult (if not near impossible) to resolve, as it leverages a race condition in Chrome which I doubt any single extension can remedy. The extension works by detecting each key press and comparing it against a stored, hashed version. When you've entered the correct password, Password Alert throws a warning advising the user to change their password," Moore said.
Google

Google Announces "Password Alert" To Protect Against Phishing Attacks 76 76

HughPickens.com writes: Google has announced Password Alert, a free, open-source Chrome extension that protects your Google Accounts from phishing attacks. Once you've installed it, Password Alert will show a warning if you type your Google password into a site that isn't a Google sign-in page. This protects you from phishing attacks and also encourages you to use different passwords for different sites, a security best practice. Once you've installed and initialized Password Alert, Chrome will remember a "scrambled" version of your Google Account password. It only remembers this information for security purposes and doesn't share it with anyone. If you type your password into a site that isn't a Google sign-in page, an alert will tell you that you're at risk of being phished so you can update your password and protect yourself.
Patents

Microsoft Increases Android Patent Licensing Reach 103 103

BrianFagioli writes: Microsoft may not be winning in the mobile arena, but they're still making tons of money from those who are. Patent licensing agreements net the company billions each year from device makers like Samsung, Foxconn, and ZTE. Now, Microsoft has added another company to that list: Qisda Corp. They make a number of Android and Chrome-based devices under the Qisda brand and the BenQ brand, and now Microsoft will be making money off those, too.
Security

Chrome 43 Should Help Batten Down HTTPS Sites 70 70

River Tam writes The next version of Chrome, Chrome 43, promises to take out some of the work website owners — such as news publishers — would have to do if they were to enable HTTPS. The feature might be helpful for publishers migrating legacy HTTP web content to HTTPS when that old content can't or is difficult to be modified. The issue crops up when a new HTTPS page includes a resource, like an image, from an HTTP URL. That insecure resource will cause Chrome to flag an 'mixed-content warning' in the form of a yellow triangle over the padlock.
Google

Google To Propose QUIC As IETF Standard 84 84

As reported by TechCrunch, "Google says it plans to propose HTTP2-over-QUIC to the IETF as a new Internet standard in the future," having disclosed a few days ago that about half of the traffic from Chrome browsers is using QUIC already. From the article: The name "QUIC" stands for Quick UDP Internet Connection. UDP's (and QUIC's) counterpart in the protocol world is basically TCP (which in combination with the Internet Protocol (IP) makes up the core communication language of the Internet). UDP is significantly more lightweight than TCP, but in return, it features far fewer error correction services than TCP. ... That's why UDP is great for gaming services. For these services, you want low overhead to reduce latency and if the server didn't receive your latest mouse movement, there's no need to spend a second or two to fix that because the action has already moved on. You wouldn't want to use it to request a website, though, because you couldn't guarantee that all the data would make it. With QUIC, Google aims to combine some of the best features of UDP and TCP with modern security tools.