"On May 1, 2018, we will be shutting down Xmarks... After this date, your bookmarks should remain available in any previously accessed browser, but they will no longer sync and your Xmarks account will be deactivated... After careful consideration and evaluation, we have decided to discontinue the Xmarks solution so that we can continue to focus on offering the best possible password vaulting to our community."
It was apparently especially popular with long-time Slashdot reader vm, who writes "I have held on to my Xmarks account over the years because I can always get to them despite changes in operating systems, browsers, employers, etc.
"What do other folks use that may also have a mobile option?"
As if all that wasn't enough, there's also the matter of tabs. Tabs are a couple of decades old now, and, like much of the rest of the desktop and web environment, they were initially thought up in an age where the predominant computer displays were close to square with a 4:3 aspect ratio. That's to say, most computer screens were the shape of an iPad when many of today's most common interface and design elements were being developed. As much of a chrome minimalist as I try to be, I still can't extricate myself from needing a menu bar in my OS and tab and address bars inside my browser. I'm still learning to live without a bookmarks bar. With all of these horizontal bars invading our vertical space, a 16:9 screen quickly starts to feel cramped, especially at the typical laptop size. You wind up spending more time scrolling through content than engaging with it. What is your preferred aspect ratio for a laptop? Do you prefer Microsoft and Google's machines that have a squarer 3:2 aspect ratio, or Apple's MacBook Pro that has a 16:10 display?
Meshkov discovered that the AdRemover extension for Chrome -- which had over 10 million users -- had code hidden inside an image that was loaded from the remote command server, giving the extension creator the ability to change its functions without updating. This alone is against Google's policy, and after Meshkov wrote about a few examples on AdGuard's blog, many of which had millions of downloads, Chrome removed the extensions from the store. I reached out to Google, and a spokesperson confirmed that these extensions had been removed.
Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better. An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.
Sending cookies via plaintext HTTP is considered both a user privacy and security risk, as these cookies could be intercepted and even modified by an attacker. Banning the sending of cookies via HTTP is not yet an option, so Chrome engineers hope that by limiting a cookie's lifespan, they would prevent huge troves of user data from gathering inside cookies, or advertisers using the same cookie to track users across different sites.
"What they use today to 'unlock' will soon allow them to 'login' to all their favorite websites and a growing number of native apps that already includes Bank of America, PayPal, eBay and Aetna," he added. Passwords continue to be one of the weaker points in online security. A hacker may phish a target's password and log into their account, or take passwords from one data breach and use them to break into accounts on another site. The login standard, called Web Authentication (WebAuthn), will let potentially any website or online service use apps, security keys, or biometrics as a login method instead of a password, or use those alternative approaches as a second method of verification. The key here is making it easy and open for developers to use, and for it to work across all different brands of browsers. The functionality is already available in Mozilla's Firefox, and will be rolled out to Microsoft's Edge and Google Chrome in the new few months. Opera has committed to supporting WebAuthn as well.
Windows Mail is also notorious for not sending emails. Multiple times a week, I open an email, hit reply, type out a quick message, hit send, and alt-tab back to Chrome or Word. Any normal email client will send the message despite the app not being the active window. With Windows Mail, countless times I have wondered why I never got heard back to a specific reply, only to discover hours later, and completely by accident, that the message is still a draft. It's not even sitting in my outbox -- it's just a fucking draft. I end up debating whether to send the email hours late, or if it doesn't make sense to send it anymore. That's not a decision I should have to make. There are of course small features I would like to see added to Windows Mail, like being able to set formatted signatures (as opposed to just plain text), but that's hardly a priority. Windows Mail is unusable, which means Windows 10 doesn't come with an email client. That's incredibly sad.
[...] Last week, Kelly Shortridge, who works at cybersecurity startup SecurityScorecard, noticed that Chrome was scanning files in the Documents folder of her Windows computer. "In the current climate, it really shocked me that Google would so quietly roll out this feature without publicizing more detailed supporting documentation -- even just to preemptively ease speculation," Shortridge told me in an online chat. "Their intentions are clearly security-minded, but the lack of explicit consent and transparency seems to violate their own criteria of 'user-friendly software' that informs the policy for Chrome Cleanup [Tool]." Her tweet got a lot of attention and caused other people in the infosec community -- as well as average users such as me -- to scratch their heads.
Even if Google has not said it outright, the company has taken this step to protect Chrome's image. Cryptojacking scripts have a huge impact on a computer's responsiveness, and when most users investigate, they see Chrome's processes hogging CPU resources. Very few of these users will be able to track the spike in CPU usage back to an extension. Google has worked incredibly hard to create the image that Chrome is today's fastest browser, and the company isn't going to stand by and watch some extension developers ruin Chrome's brand so that some devs can make a few Monero on the side.
That's not to say Chrome OS is impervious to malware. Cybercriminals have figured out loopholes through Chrome's extensions, like when 37,000 devices were hit by the fake version of AdBlock Plus. Malicious Android apps have also been able to sneak through the Play Store. But Chrome OS users mostly avoided massive cyberattack campaigns like getting locked up with ransomware or hijacked to become part of a botnet. Major security flaws for Chrome OS, like ones that would give an attacker complete control, are so rare that Google offers rewards up to $200,000 to anyone who can hack the system.
The article argues that "Fewer software choices mean limited options for hackers. Those are some of the benefits that have led security researchers to warm up to the laptops...
"Chrome OS takes an approach to security that's similar to the one Apple takes with iOS and its closed ecosystem."
The protocol has several advantages over its previous version -- TLS 1.2. The biggest feature is that TLS 1.3 ditches older encryption and hashing algorithms (such as MD5 and SHA-224) for newer and harder to crack alternatives (such as ChaCha20, Poly1305, Ed25519, x25519, and x448). Second, TLS 1.3 is also much faster at negotiating the initial handshake between the client and the server, reducing the connection latency that many companies cited when justifying not supporting HTTPS over HTTP.
Browsers like Chrome, Edge, Firefox, and Pale Moon have already rolled out support for earlier versions of the TLS 1.3 draft, and are now expected to update this support to the official standard.
After Firefox 62 the browser will gain an optional Chrome-like ad filter and several privacy-enhancing features similar to those that Apple's WebKit developers have been working on for Safari's Intelligent Tracking Prevention. By the third quarter of 2018, Firefox should also be blocking ad-retargeting through cross-domain tracking. It's also going to move all key privacy controls into a single location in the browser, and offer more "fine-grained" tracking protection. Dotzler says Mozilla is in the "early stages" of determining what types of ads Firefox should block by default. Also on the roadmap is a feature that arrived in Firefox 59, released earlier this month. A new Global Permissions feature will help users avoid having to deny every site that requests permission for location, camera, microphone and notifications. Beyond security and privacy, Mozilla plans to build on speed-focused Quantum improvements that came in Firefox 57 with smoother page rendering.
For best laptop their readers picked Lenovo (32%), followed by Dell (25%) and System76 (11%). The ThinkPad began life at IBM, but in 2005, it was purchased by Lenovo along with the rest of IBM's PC business. Lenovo evolved the line, and today the company is well known as a geek favorite. Lenovo's ThinkPads are quiet, fast and arguably have one of the best keyboards (fighting words!). Linux Journal readers say Lenovo's Linux support is excellent, leaving many to ponder why the company doesn't ship laptops with Linux installed.
In February readers also voted on the best web browser, choosing Firefox (57%) over Chrome (17%) and Chromium (7%). And they also voted on the best Linux distribution, ultimately selecting Debian (33%), open SUSE (12%), and Fedora (11%).