Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×
Bug

Google Discloses An Unpatched Windows Bug (Again) (bleepingcomputer.com) 121

An anonymous reader writes: "For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement," reports BleepingComputer. "The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll)..." According to Google, the issue allows an attacker to read the content of the user's memory using malicious EMF files. The bad news is that the EMF file can be hidden in other documents, such as DOCX, and can be exploited via Office, IE, or Office Online, among many.

"According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable." He later resubmitted the bugs in November 2016. The 90-days deadline for fixing the bugs expired last week, and the Google researcher disclosed the bug to the public after Microsoft delayed February's security updates to next month's Patch Tuesday, for March 15.

Microsoft has described Google's announcements of unpatched Windows bugs as "disappointing".
Android

Google's Not-so-secret New OS (techspecs.blog) 128

According to reports late last year, Google is working on a new operating system called Andromeda. Much about it is still unknown, but according to the documentations Google has provided on its website, it's clear that the Fuchsia is the actual name of the operating system, and the kernel is called Magenta. A tech enthusiast dug around the documentations to share the followings: To my naive eyes, rather than saying Chrome OS is being merged into Android, it looks more like Android and Chrome OS are both being merged into Fuchsia. It's worth noting that these operating systems had previously already begun to merge together to an extent, such as when the Android team worked with the Chrome OS team in order to bring Update Engine to Nougat, which introduced A/B updates to the platform. Google is unsurprisingly bringing up Andromeda on a number of platforms, including the humble Intel NUC. ARM, x86, and MIPS bring-up is exactly what you would expect for an Android successor, and it also seems clear that this platform will run on Intel laptops. My best guess is that Android as an API and runtime will live on as a legacy environment within Andromeda. That's not to say that all development of Android would immediately stop, which seems extremely unlikely. But Google can't push two UI APIs as equal app frameworks over the long term: Mojo is clearly the future. Ah, but what is Mojo? Well it's the new API for writing Andromeda apps, and it comes from Chromium. Mojo was originally created to "extract a common platform out of Chrome's renderer and plugin processes that can support multiple types of sandboxed content."
Android

Google Is Integrating Progressive Web Apps Deeper Into Android (chromium.org) 46

Yaron Friedman, a software engineer at Google, writes on Chromium blog: In 2015, we added a new feature to Chrome for Android that allows developers to prompt users to add their site to the Home screen for fast and convenient access. That feature uses an Android shortcut, which means that web apps don't show up throughout Android in the same way as installed native apps. In the next few weeks we'll be rolling out a new version of this experience in Chrome beta. With this new version, once a user adds a Progressive Web App to their Home screen, Chrome will integrate it into Android in a much deeper way than before. For example, Progressive Web Apps will now appear in the app drawer section of the launcher and in Android Settings, and will be able to receive incoming intents from other apps. Long presses on their notifications will also reveal the normal Android notification management controls rather than the notification management controls for Chrome.
Chrome

Google Open-Sources Chrome For iOS (venturebeat.com) 39

Google has uploaded its Chrome for iOS code into the open-source Chromium repository. In other words, Chrome for iOS has now been open-sourced like Chrome for other platforms, letting anyone examine, modify, and compile the project. From a report: Chromium is the open-source Web browser project that shares much of the same code as Google Chrome, and new features are often added there first. Google intended for Chromium to be the name of the open-source project, while the final product name would be Chrome, but developers have taken the code and released versions under the Chromium name. Eventually, many browser makers started using it as a starting point; Opera, for example, switched its browser base to Chromium in 2013. Since its inception, Chromium was a desktop-only affair. That changed in May 2015 with the open-sourcing of Chrome for Android.
Chrome

Google Quietly Makes 'Optional' Web DRM Mandatory In Chrome (boingboing.net) 95

JustAnotherOldGuy quotes a report from Boing Boing: The World Wide Web Consortium's Encrypted Media Extensions (EME) is a DRM system for web video, being pushed by Netflix, movie studios, and a few broadcasters. It's been hugely controversial within the W3C and outside of it, but one argument that DRM defenders have made throughout the debate is that the DRM is optional, and if you don't like it, you don't have to use it. That's not true any more. Some time in the past few days, Google quietly updated Chrome (and derivative browsers like Chromium) so that Widevine (Google's version of EME) can no longer be disabled; it comes switched on and installed in every Chrome instance. Because of laws like section 1201 of the U.S. Digital Millennium Copyright Act (and Canada's Bill C11, and EU implementations of Article 6 of the EUCD), browsers that have DRM in them are risky for security researchers to audit. These laws provide both criminal and civil penalties for those who tamper with DRM, even for legal, legitimate purposes, and courts and companies have interpreted this to mean that companies can punish security researchers who reveal defects in their products. Further reading: Boing Boing and Hacker News.
Chrome

Google Removes Plugin Controls From Chrome, Reports Claim (ghacks.net) 106

An anonymous reader shares a Ghacks report: Google made a change in Chrome 57 that removes options from the browser to manage plugins such as Google Widevine, Adobe Flash, or the Chrome PDF Viewer. If you load chrome://plugins in Chrome 56 or earlier, a list of installed plugins is displayed to you. You can use it, among other things, to disable plugins that you don't require. While you can do the same for some plugins, Flash and PDF Viewer, using Chrome's Settings, the same is not possible for the DRM plugin Widevine, and any other plugin Google may add to Chrome in the future. Starting with Chrome 57, that option is no longer available. This means essentially that Chrome users won't be able to disable -- some -- plugins anymore, or even list the plugins that are installed in the web browser. Please note that this affects Google Chrome and Chromium.Further report on BetaNews.
Desktops (Apple)

Raspberry Pi's Linux-Based PIXEL Desktop Now Available For PC and Mac (betanews.com) 50

From a report on BetaNews: If you own a Raspberry Pi, you're probably familiar with PIXEL. The desktop environment is included in the Raspbian OS. The Raspberry Pi Foundation describes PIXEL as the "GNU/Linux we would want to use" and understandably so. It offers a smart, clean interface, a decent selection of software, the Chromium web browser with plug-ins, and more -- and from today it's available for PC and Mac. The version of Debian+PIXEL for x86 platforms is described as "experimental" but having taken it for a spin, it seems pretty stable to me. To run PIXEL on your PC or Mac, download the image, burn it onto a DVD or flash it onto a USB memory stick, and boot from it. The desktop environment will load ready for use.
Chrome

Google Starts Using HTML5 By Default Instead of Flash For Some Chrome Users (venturebeat.com) 40

Google announced in a blog post today that it will be rolling out a feature over the next few months that starts disabling Flash and displaying HTML5 content instead on certain websites. Google notes, "This change disables Adobe Flash Player unless there's a user indication that they want Flash content on specific sites, and eventually all websites will require the user's permission to run Flash." VentureBeat reports: Google has deployed the change for half of the people who are using Chrome 56 beta, which rolled out yesterday, Google technical program manager Eric Deily wrote in a blog post. Then, "in the next few days," Deily wrote, the feature will be active for 1 percent of users of Chrome 55 stable. And by February 2016 it will be live for all users in Chrome 56 stable, Deily wrote. The idea is to lessen the dependence on a web component that can cause a drag on CPU and memory usage and shorten battery life as a result. Flash also has a track record of security issues.
Chrome

Chrome 55 Now Blocks Flash, Uses HTML5 By Default (bleepingcomputer.com) 98

An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default, according to a plan set in motion by Google engineers earlier this year... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites. Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.

Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.
Open Source

A Windows 10 Alternative: Ubuntu-Based Zorin OS Linux Distro (betanews.com) 191

"With a click of a button, you can change the desktop layout to match that of Windows versions and Gnome 3. The Ultimate edition...also features Ubuntu, Gnome 2 and macOS-like layouts." BrianFagioli shares an article about a Linux-based operating system "designed for Windows-switchers." While the company does charge for an "Ultimate" version, the "Core" edition of Zorin OS 12 is entirely free... "As Zorin OS 12 is based on Ubuntu 16.04 LTS, it will be supported with security updates until April 2021. This makes Zorin OS 12 the ideal choice for large deployments in businesses, governments, schools and organisations", says The Zorin OS Team"... Zorin OS features some really great features, such as Google Drive integration with the file browser.
Although unlike Windows 10, its default browser is Chromium.
Firefox

Firefox 49 Postponed One Week Due To Unexpected Bugs (softpedia.com) 208

An anonymous Slashdot reader quotes Softpedia: Mozilla has announced this week that it is delaying the release of Firefox 49 for one week to address two unexpected bugs. Firefox 49, which was set for release on Tuesday, September 13, will now launch the following Tuesday, on September 20... Firefox 49 is an important release in Mozilla's grand scheme of things when it comes to Firefox. This is the version when Mozilla will finish multi-process support rollout (a.k.a. e10s, or Electrolysis), and the version when Firefox launches the new WebExtensions API that replaces the old Add-ons API, making Firefox compatible with Chromium extensions.
Firefox's release manager explained the delays as "two blocking issues and the need for a bit more time to evaluate the results of their fixes/backouts" -- one of which apparently involves opening Giphy GIFS on Twitter.
Chrome

Google Will Kill Chrome Apps For Windows, Mac, and Linux In Early 2018 (venturebeat.com) 102

An anonymous reader quotes a report from VentureBeat: Google today announced plans to kill off Chrome apps for Windows, Mac, and Linux in early 2018. Chrome extensions and themes will not be affected, while Chrome apps will continue to live on in Chrome OS. Here's the deprecation timeline:

Late 2016: Newly published Chrome apps will not be available to Windows, Mac, and Linux users (when developers submit apps to the Chrome Web Store, they will only show up for Chrome OS). Existing Chrome apps will remain available as they are today and developers can continue to update them.
Second half of 2017: The Chrome Web Store will no longer show Chrome apps on Windows, Mac, and Linux.
Early 2018: Chrome apps will not load on Windows, Mac, and Linux.
There appears to be two main reasons why Google is killing Chrome apps off now. First, as Google explains in a blog post: "For a while there were certain experiences the web couldn't provide, such as working offline, sending notifications, and connecting to hardware. We launched Chrome apps three years ago to bridge this gap. Since then, we've worked with the web standards community to enable an increasing number of these use cases on the web. Developers can use powerful new APIs such as service worker and web push to build robust Progressive Web Apps that work across multiple browsers." Secondly, Chrome apps aren't very popular: "Today, approximately 1 percent of users on Windows, Mac and Linux actively use Chrome packaged apps, and most hosted apps are already implemented as regular web apps. Chrome on Windows, Mac, and Linux will therefore be removing support for packaged and hosted apps over the next two years."
Chrome

Google: Chrome 53 Will 'De-Emphasize Flash In Favor of HTML5' Next Month (venturebeat.com) 68

Google announced in a blog post today that Chrome will officially start to "de-emphasize Flash in favor of HTML5." VentureBeat reports: "In September 2016, Chrome will block Flash content that loads behind the scenes, which the company estimates accounts for more than 90 percent of the Flash on the web. In December, Chrome will make HTML5 the default experience for central content, such as games and videos, except on sites that only support Flash." Google detailed next month's plan (design doc), when Chrome 53 will be released: "In September 2015, we made 'Detect and run important plugin content' the default plugin setting in Chrome, automatically pausing any cross-origin plugin content smaller than 400px in width or 300px in height. This behavior has an exception for any plugin content that is 5x5 or smaller or is an undefined size, because there was no canonical way of detecting viewability until Intersection Observer was standardized and implemented. We would now like to remove this exception and instead not load tiny, cross-origin content. If the user has their plugin setting set to the default of 'Detect and run important plugin content,' the browser will not instantiate cross-origin plugin content that is roughly 5x5 or smaller or has an undefined size. An icon will be displayed in the URL bar indicating that plugin content is not running, allowing the user to reload the page with plugin content running or open settings to add a site-wide exception. Other choices of the plugin content setting are unaffected by this launch."
Chrome

Ask Slashdot: Best Browser Extensions -- 2016 Edition 195

Reader LichtSpektren writes: Almost eleven years ago, Slashdot featured an Ask titled "Favorite Firefox Extensions?". I thought it might be worthwhile to ask the question again (Editor's note: we couldn't agree more!), but expand the query to all web browsers now that there's more choices available.

Right now my main browser is Firefox, which I use with uBlock Origin, Disconnect, HTTPS Everywhere, Privacy Badger, NoScript, Self-Destructing Cookies, Decentraleyes, Privacy Settings, and Clean Links. (N.B. the first four of these are also available in Chromium-based browsers.) I use Chrome as a secondary browser, with the first four of the aforementioned extensions, plus also Clear Cache and occasionally Flashcontrol.

This one has nothing to do with security or privacy, but Reedy on Chromium is a really nice tool for speed reading.

What do you use?
Let's get this going.
Ubuntu

Ubuntu-Based Peppermint 7 Released (peppermintos.com) 74

Softpedia reports on the newest version of Peppermint OS, "a lightweight, stable, elegant, and fast computer operating system based on GNU/Linux and Open Source technologies." An anonymous Slashdot reader quotes their report: It's a bit earlier than expected, but the Peppermint OS 7 GNU/Linux distribution has been officially unveiled...based on the Ubuntu 16.04 LTS (Xenial Xerus) operating system [with] a lot of packages from the Ubuntu 16.04 LTS distro, which means that it will also be a long-term support release.... "Along with the shift to the 16.04 (Xenial) code base, Peppermint 7 continues our policy of choosing the best components from other desktop environments, wherever that may be, and integrating them into a cohesive whole with our own software," reads today's announcement.
"Team Peppermint" says they're switching to Firefox as their default browser for site-specific browser functionality (similar to Chrome's -app mode) after Google dropped their 32-bit version of Chrome and moved to PPAPI plugins "which effectively ends Flash support in 32-bit Chromium"... But you can also still choose Chrome or Chromium for site-specific browsing (and the OS comes in 32-bit and 64-bit editions).
Chrome

Google Chrome To Disallow Backspace As a 'Back' Button (independent.co.uk) 348

An anonymous reader writes: Google Chrome is going to stop people from accidentally deleting everything they've been doing. A future version of the app will stop the backspace button from also functioning as a "back" button. The change has already been rolled out in some experimental versions of the app, and has upset some users. Developers have said that the feature is only being partly enabled for now, in case there is "sufficient outcry" and it needs to be rolled back. People regularly press the button thinking that they're deleting a word from a form, developers said, but then find that they weren't actually typing into that form and so accidentally go back, losing everything they've done.
Chrome

Google Devs Planning Flash's Demise With New 'HTML5 By Default' Chrome Setting (softpedia.com) 131

An anonymous reader quotes a report from Softpedia: In a Google Groups thread named "Intent to implement: HTML5 by Default," the Google developers announced initial plans to implement a new feature in the Chromium core that will disable the playback of Flash content by default, and use HTML5 instead, if available. The feature is scheduled to ship with Chromium builds in Q4 2016, according to the current timeline. To avoid "overprompting," a whitelist will allow ten major websites to continue to show Flash content by default without pestering users with "Allow domain.com to run Flash Player" prompts. The whitelist will be in effect one year only. The list includes the domains of YouTube, Facebook, Yahoo, VK, Live, Yandex, OK.ru, Twitch, Amazon, and Mail.ru, the biggest sites running Flash content today. Previews of the settings and prompts UI are also available.
Chrome

Google Updates Chrome Web Store Policy, Requires Devs To Be More Transparent About User Data 13

An anonymous reader writes: On Friday, Google announced it is making changes to Chrome Web Store's User Data Policy to ensure developers are more transparent about how their extensions handle customer data. The company has notified developers and is giving them three months to comply with the changes. Come July 15, 2016, company says, extensions that violate the policy will be removed from the Chrome Web Store.The announcement comes amid a report that pointed out a rogue extension in the Chrome Web Store. The incident was one of many we have seen in the past few months. Following are the requirements that a developer must meet: 1. Be transparent about the handling of user data and disclose privacy practices. 2. Post a privacy policy and use encryption, when handling personal or sensitive information. 3. Ask users to consent to the collection of personal or sensitive data via a prominent disclosure, when the use of the data isn't related to a prominent feature.
Chrome

The Future of Firefox is Chrome (theregister.co.uk) 243

An anonymous reader writes: Mozilla seems to think a new future for Firefox [lies in Chrome]. While they claim that it is only about new ways of browser design, it is also an open secret that they are running into more and more problems lately with web compatibility. [Senior VP Mark Mayo caused a storm by revealing that the Firefox team is working on a next-generation browser that will run on the same technology as Google's Chrome browser. The project, named Tofino, will not use Firefox's core technology, Gecko, but will instead plumb for Electron, which is built on the technology behind Google's rival Chrome browser, called Chromium.] The benefit of Chromium/Electron would be that it is a solution they could pull much faster forward than their own Servo plans [Servo being Mozilla's Rust-based web engine]. What the real outcome of all this will be, only Mozilla knows so far. But inside Mozilla there is much resistance against such plans... Interesting times are ahead.

Slashdot Top Deals