Chrome

Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com) 68

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.
Safari

Every Major Advertising Group Is Blasting Apple for Blocking Cookies in the Safari Browser (adweek.com) 442

The biggest advertising organizations say Apple will "sabotage" the current economic model of the internet with plans to integrate cookie-blocking technology into the new version of Safari. Marty Swant, reporting for AdWeek: Six trade groups -- the Interactive Advertising Bureau, American Advertising Federation, the Association of National Advertisers, the 4A's and two others -- say they're "deeply concerned" with Apple's plans to release a version of the internet browser that overrides and replaces user cookie preferences with a set of Apple-controlled standards. The feature, which is called "Intelligent Tracking Prevention," limits how advertisers and websites can track users across the internet by putting in place a 24-hour limit on ad retargeting. In an open letter expected to be published this afternoon, the groups describe the new standards as "opaque and arbitrary," warning that the changes could affect the "infrastructure of the modern internet," which largely relies on consistent standards across websites. The groups say the feature also hurts user experience by making advertising more "generic and less timely and useful."
OS X

Apple Is Releasing macOS High Sierra On September 25 (techcrunch.com) 95

After updating its website for the iPhone launch event, Apple has confirmed that macOS High Sierra will be released on September 25th. TechCrunch provides a brief rundown of the major changes, most of which are under the hood: The Photos app is still receiving some new features to keep it up to date with the iOS version. There are more editing tools, you can reorganize the toolbar and you can filter your photos by type. If you're a Safari user, my favorite change is that there is a new feature in the settings that lets you automatically block autoplaying videos around the web. Many websites have abused autoplaying video, it's time to stop it. And then, there's a new file system that should make your Mac snappier if you're using an SSD. Mail is compressing messages, Metal 2 should take better advantage of your GPU, Spotlight knows about your flight status, etc. The free update to macOS High Sierra will be available in the Mac App Store.
Security

Apple and Google Fix Browser Bug. Microsoft Does Not. (bleepingcomputer.com) 78

Catalin Cimpanu, reporting for BleepingComputer: Microsoft has declined to patch a security bug Cisco Talos researchers discovered in the Edge browser, claiming the reported issue is by design. Apple and Google patched a similar flaw in Safari (CVE-2017-2419) and Chrome (CVE-2017-5033), respectively. According to Cisco Talos researcher Nicolai Grodum, the vulnerability can be classified as a bypass of the Content Security Policy (CSP), a mechanism that allows website developers to configure HTTP headers and instruct the browsers of people visiting their site what resources (JavaScript, CSS) they can load and from where. The Content Security Policy (CSP) is one of the tools that browsers use to enforce Same-Origin Policy (SOP) inside browsers. Grodum says that he found a way to bypass CSP -- technical details available here -- that will allow an attacker to load malicious JavaScript code on a remote site and carry out intrusive operations such as collecting information from users' cookies, or logging keystrokes inside the page's forms, and others.
Safari

Safari Should Display Favicons in Its Tabs (daringfireball.net) 189

Favicon -- or its lack thereof, to be precise -- has remained one of the longest running issues Safari users have complained about. For those of you who don't use Safari, just have a look at this mess I had earlier today when I was using Safari on a MacBook. There's no way I can just have a look at the tabs and make any sense of them. John Gruber, writing for DaringFireball: The gist of it is two-fold: (1) there are some people who strongly prefer to see favicons in tabs even when they don't have a ton of tabs open, simply because they prefer identifying tabs graphically rather than by the text of the page title; and (2) for people who do have a ton of tabs open, favicons are the only way to identify tabs. With many tabs open, there's really nothing subjective about it: Chrome's tabs are more usable because they show favicons. [...] Once Safari gets to a dozen or so tabs in a window, the left-most tabs are literally unidentifiable because they don't even show a single character of the tab title. They're just blank. I, as a decade-plus-long dedicated Safari user, am jealous of the usability and visual clarity of Chrome with a dozen or more tabs open. And I can see why dedicated Chrome users would consider Safari's tab design a non-starter to switching. I don't know what the argument is against showing favicons in Safari's tabs, but I can only presume that it's because some contingent within Apple thinks it would spoil the monochromatic aesthetic of Safari's toolbar area. [...] And it's highly debatable whether Safari's existing no-favicon tabs actually do look better. The feedback I've heard from Chrome users who won't even try Safari because it doesn't show favicons isn't just from developers -- it's from designers too. To me, the argument that Safari's tab bar should remain text-only is like arguing that MacOS should change its Command-Tab switcher and Dock from showing icons to showing only the names of applications. The Mac has been famous ever since 1984 for placing more visual significance on icons than on names. The Mac attracts visual thinkers and its design encourages visual thinking. So I think Safari's text-only tab bar isn't just wrong in general, it's particularly wrong on the Mac.
Security

ESET Spreading FUD About Torrent Files, Clients (welivesecurity.com) 60

An anonymous reader writes: ESET has taken fear mongering, something that some security firms continue to do, to a new level by issuing a blanket warning to users to view torrent files and clients as a threat. The warning came from the company's so-called security evangelist Ondrej Kubovic, (who used extremely patchy data to try and scare the bejesus out of computer users (Google cache). Like all such attempts at FUD, his treatise ended with a claim that ESET was the one true source whereby users could obtain "knowledge" to protect themselves. "If you want to stay informed and protect yourself by building up your knowledge, read the latest pieces by ESET researchers on WeLiveSecurity," he wrote. Kubovic used the case of Transmission -- a BitTorrent client that was breached in March and August 2016 with malware implanted and aimed at macOS users -- to push his barrow. But to use this one instance to dissuade people from downloading BitTorrent clients en masse is nothing short of scaremongering. There are dozens, if not more, BitTorrent clients which enjoy much wider usage, with uTorrent being one good example. Kubovic then used the old furphy which is resorted to by those who lobby on behalf of the copyright industry -- torrents are mostly illegal files and downloading them is Not The Right Thing To Do. But then he failed to mention that hundreds of thousands of perfectly legitimate files are also offered as torrents -- for instance, this writer regularly downloads images of various GNU/Linux distributions using a BitTorrent client because it is the more community-friendly thing to do, rather than using a direct HTTP link and hogging all the bandwidth available.
Apple

'Apple's Refusal To Support Progressive Web Apps is a Detriment To Future of the Web' (medium.com) 302

From a blog post: Progressive Web Applications (PWAs) are one of the most exciting and innovative things happening in web development right now. PWAs enable you to use JavaScript to create a "Service Worker", which gives you all sorts of great features that you'd normally associate with native apps, like push notifications, offline support, and app loading screens -- but on the web! Awesome. Except for is one major problem -- While Google has embraced the technology and added support for it in Chrome for Android, Apple has abstained from adding support to mobile Safari. All they've done is say that it is "Under Consideration." Seemingly no discussion about it whatsoever.
IT

Adobe Announces that in 2020, Flash Player Will Reach Its 'End-of-Life' in Light of Newer Technologies (webkit.org) 154

Adobe said on Tuesday it will stop distributing and updating Flash Player at the end of 2020 and is encouraging web developers to migrate any existing Flash content to open standards. Apple is working with Adobe, industry partners, and developers to complete this transition. From a blog post: Apple users have been experiencing the web without Flash for some time. iPhone, iPad, and iPod touch never supported Flash. For the Mac, the transition from Flash began in 2010 when Flash was no longer pre-installed. Today, if users install Flash, it remains off by default. Safari requires explicit approval on each website before running the Flash plugin.
Music

Steve Jobs' Life Is Now An Opera (cnn.com) 74

An anonymous reader quotes CNN's report on a new project from Pulitzer Prize-winning librettist Mark Campbell: "The (R)evolution of Steve Jobs" is set to open on Saturday night at the Santa Fe Opera, home to the largest summer-opera festival in U.S. The high-tech production, which runs until August 26, jumps in and out of key moments in the Apple founder's life, from early product-development days alongside Steve Wozniak and the launch of the original iPhone, to his wedding day with Laurene Powell Jobs... The opera features an electronic score, developed by Mason Bates, that incorporates sounds from the products Jobs created, including the audio synonymous with turning on an early Macintosh computer. The libretto, or operatic script, doesn't call out words like Apple or iPhone due to copyright issues; instead, it uses descriptors like "one device" to reference the smartphone. "Only one device, does it all," the libretto reads. "In one hand, all your need. One device. Communication, entertainment, illumination, connection, interaction, navigation, inspiration..."
One scene in the high-tech production shows Jobs standing in his family's garage on his 10th birthday. When his father gives him a workbench, the walls around them light up into video screens...
Chrome

While Chrome Dominates, Microsoft Edge Struggles To Attract New Users (neowin.net) 172

An anonymous reader quotes Neowin's report on the newest browser-usage figures from NetMarketShare: Microsoft Edge only commands a market share of 5.65% -- which is an increase of only 0.02 percentage points compared to last month... it only grew by 0.56% year-over-year. On the other hand, Google Chrome has continued its dominance with a market share of 59.49%. As a point of reference, this is a sizeable growth of 10.84 percentage points year-over-year... Data from another firm, StatCounter, depicts an even more depressing situation for Microsoft. According to the report, Edge sits at 3.89%... Chrome is the king of all browsers according to these statistics as well, with a market share of 63.21% -- a decrease of 0.14 percentage points compared to last month. Firefox, Internet Explorer, and Safari command 14%, 9.28%, and 5.16% respectively.
The firm also calculates that when it comes to desktop operating systems, Windows has 91.51% of all users, followed by MacOS at 6.12 and Linux at 2.36%.
Books

O'Reilly No Longer Selling Individual Books, Videos Online 82

dovf writes: Just got an email from O'Reilly Media that as of today, they are no longer selling individual books or videos online -- rather, they are encouraging people to sign up for Safari. They are continuing to publish books and videos, "and you'll still be able to buy them at Amazon and other retailers." They also make it clear that we will not lose access to already-purchased content, updates to such content, etc. More details can be found in the FAQ. No mention, though, of whether the content sold at these other retailers will remain DRM-free... From the FAQ: "You can buy all of the books (ebooks and print) at shop.oreilly.com from Amazon and other digital and bricks-and-mortar retailers. We're no longer selling individual books and videos via shop.oreilly.com -- but we are definitely continuing to publish books and videos on the topics you need to know. And of course, every O'Reilly book and video (including O'Reilly conference sessions) is available instantly on Safari." The only mention of "DRM" in the FAQ is in regard to what happens to the digital content you have in your account at members.oreilly.com. According to O'Reilly, "Your DRM-free ebooks and videos are safe and sound, and you'll continue to have free lifetime access to download them anytime, anywhere."
Books

O'Reilly Media Has Stopped Retailing Books Directly On Its Ecommerce Store (oreilly.com) 24

An anonymous reader shares a press release: This week, O'Reilly Media stopped retailing books directly on our ecommerce store. You might say "what!?" Or you might say "what's the big deal?" Before I explain our business strategy here, there are two important things to note: We are absolutely continuing to publish the top-quality books that are important to the communities we serve.
1. We still sell them through Amazon or your favorite retailer.
2. So why the change? It's clear that we're in the midst of a fundamental shift in how people get and use their content.
Subscription services like Spotify and Netflix are the new norm, as people opt for paying for digital access rather than purchasing physical units one by one. We've already seen this in our own business -- the growth of membership on Safari far exceeds the individual units previously purchased on oreilly.com. That's one reason for the change.

Twitter

Tableau Software Drops Its 'Twitter Crowd Favorite' Data Viz Contests (tableau.com) 21

theodp writes: As part of its 'Iron Viz' data visualization contests that lead up to its annual conferences, Tableau Software ($4.8B market cap) has awarded $500 gift cards to 'Twitter Crowd Favorites', contestants whose data viz draw the most 'votes' (tagged Tweets) on Twitter. But no more. As it expanded Iron Viz eligibility to China, Tableau said it 'just didn't seem fair' to allow popular voting in its worldwide contests since the Chinese government blocks citizens' Twitter use. "As Chinese authors join the contest," the Tableau Public blog explained, "we have to say goodbye to the Twitter Crowd Favorite. Twitter is blocked in mainland China and it wouldn't be fair for our Chinese contestants." And the latest Iron Viz Contest FAQs confirm the change: "Q. I heard there won't be a Crowd Favorite prize, is that true? A. Absolutely true. China is among the new countries who can take part in the Iron Viz, and Twitter doesn't work in mainland China. The usual Twitter Popular Vote just didn't seem fair."
This XKCD comic still has my all-time favorite data visualizations.
Safari

Apple Announces Support For WebRTC in Safari 11 (webkit.org) 46

Youenn Fablet, software engineer at Apple, writes: Today we are thrilled to announce WebKit support for WebRTC, available on Safari on macOS High Sierra, iOS 11, and Safari Technology Preview 32. [...] Currently, Safari supports legacy WebRTC APIs. Web developers can check whether their websites conform to the latest specifications by toggling the STP Experimental Features menu item "Remove Legacy WebRTC API". Legacy WebRTC APIs will be disabled by default on future releases. Websites that need to accommodate older implementations of the WebRTC and Media Capture specifications can take advantage of polyfill libraries like adapter.js. Peer5, a startup that offers serverless CDN for massively-scaled video streaming, writes in a blogpost: This is HUGE news for the computing industry. Since its introduction in 2011, WebRTC has become an incredibly important part of everyone's favorite platforms and applications. It is at the core of a few services that you might have heard of, including Google Hangouts, Facebook Messenger, Snapchat and Slack. WebRTC is also supported natively by most major web browsers, including Chrome, Firefox and Opera. But there were 2 big holdouts -- Microsoft's Edge browser and Apple's Safari. This meant that people using those browsers couldn't access WebRTC-based services without installing some type of plug-in. Well, those days are over given the WWDC news and Microsoft's announcement back in January regarding WebRTC support in Edge. Developers can now create compelling browser-based applications that incorporate real-time audio and video (and maybe even a peer-to-peer component) and know that 99% of the world's Web surfers will be able to use their services without having to install any plug-ins or additional software. This newfound ubiquity for WebRTC might even make a developer question whether he has to build a native iOS or Android app to deliver his service to end-users.
Operating Systems

Apple Unveils What's Next For macOS Desktop OS: High Sierra (venturebeat.com) 79

Apple's next big macOS update is coming this fall, the company announced at its developer conference Monday. Apple is improving macOS Sierra, fixing bugs and making existing features and components faster and more reliable. The new version is called High Sierra. From a report: The update includes new features for Safari, with an update that stops autoplaying videos; Mail, with a new split-view mode; and Photos, with improved face detection, editing, and photo printing features. Apple is also bringing the Apple File System to Macs, after adding the technology to iOS in March. Apple is also bringing new virtual reality support to Macs with the Metal 2 framework.
Mozilla

Former Mozilla CTO: 'Chrome Won' (andreasgal.com) 272

Responding to Firefox marketing head Eric Petitt's blog post from earlier this week, Andreas Gal, former chief technology officer of Mozilla (who spent seven years at the company) offers his insights. Citing latest market share figures, Gal says "it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated." From his blog post (edited and condensed for length): With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn't manage to catch up with Android's explosive growth. Mozilla's strategic rationale for building Firefox OS was often misunderstood. Mozilla's founding mission was to build the Web by building a browser. [...] Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric -- who heads Mozilla's marketing team -- uses Chrome every day as he mentioned in the first sentence, it's not surprising that almost 65% of desktop users are doing the same. [...] I don't think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It's like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted.
Businesses

'WannaCry Makes an Easy Case For Linux' (techrepublic.com) 411

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.
Chrome

Should You Leave Google Chrome For the Opera Browser? (vice.com) 303

mspohr shares a report written by Jason Koebler via Motherboard who makes the case for why you should break up with Chrome and switch to the Opera browser: Over the last few years, I have grown endlessly frustrated with Chrome's resource management, especially on MacOS. Admittedly, I open too many tabs, but I'd wager that a lot of you do, too. With Chrome, my computer crawls to complete unusability multiple times a day. After one too many times of having to go into Activity Monitor to find that one single Chrome tab is using several gigs of RAM, I decided enough was enough. I switched to Opera, a browser I had previously thought was only for contrarians. This, after previous dalliances with Safari and Firefox left me frustrated. Because Opera is also based on Blink, I almost never run into a website, plugin, script, or video that doesn't work flawlessly on it. In fact, Opera works almost exactly like Chrome, except without the resource hogging that makes me want to throw my computer against a brick wall. This is exactly the point, according to Opera spokesperson Jan Standal: "What we're doing is an optimized version of Chrome," he said. "Web developers optimize most for the browser with the biggest market share, which happens to be Chrome. We benefit from the work of that optimization."

Slashdot reader mspohr adds: "I should note that this has also been my experience. I have a 2010 MacBook, which I was ready to trash since it had become essentially useless, coming to a grinding halt daily. I tried Opera and it's like I have a new computer. I never get the spinning wheel of death. (Also, the built-in ad blocker and VPN are nice.)" What has been your experience with Google Chrome and/or Opera? Do you prefer one over the other?

Iphone

Global App Usage Still Rising, and Users in the US Spend 135 Minutes a Day in Them (geekwire.com) 47

An anonymous reader shares a report: There's a reason that everyone you look at it is looking at a smartphone. According to the folks whose job it is to track such things, people can't get enough of apps, and global usage of them continues to increase. In its latest usage report, App Annie takes a look at the average user's app usage for the first quarter of 2017 and reaches the conclusion that mobile apps have become vital to our day-to-day lives. Last year's report found that time spent in apps reached 1 trillion hours. The average smartphone user, in the United States and other countries analyzed, used over 30 apps per month. That's about a third of the number that are actually installed on phones in the U.S. People use about 10 apps every day, the data shows, with iPhone users using slightly more than Android users. Utilities and tools are the most commonly used apps on a monthly basis, thanks to pre-installed apps such as Safari on iOS and Google on Android.
IT

CC'ing the Boss on Email Makes Employees Feel Less Trusted, Study Finds (hbr.org) 148

Do you ever loop your boss when having a conversation with a colleague when his or her presence in the thread wasn't really necessary? Turns out, many people do this, and your colleague doesn't find it helpful at all. From an article: My collaborators and I conducted a series of six studies (a combination of experiments and surveys) to see how cc'ing influences organizational trust. While our findings are preliminary and our academic paper is still under review, a first important finding was that the more often you include a supervisor on emails to coworkers, the less trusted those coworkers feel (alternative link). In our experimental studies, in which 594 working adults participated, people read a scenario where they had to imagine that their coworker always, sometimes, or almost never copied the supervisor when emailing them. Participants were then required to respond to items assessing how trusted they would feel by their colleague. ("In this work situation, I would feel that my colleague would trust my 'competence,' 'integrity,' and 'benevolence.'") It was consistently shown that the condition in which the supervisor was "always" included by cc made the recipient of the email feel trusted significantly less than recipients who were randomly allocated to the "sometimes" or "almost never" condition. Organizational surveys of 345 employees replicated this effect by demonstrating that the more often employees perceived that a coworker copied their supervisor, the less they felt trusted by that coworker. To make matters worse, my findings indicated that when the supervisor was copied in often, employees felt less trusted, and this feeling automatically led them to infer that the organizational culture must be low in trust overall, fostering a culture of fear and low psychological safety.

Slashdot Top Deals