Slashdot reader Bismillah was the first to notice stories about Chromebooks going offline. GeekWire reports: Tens of thousands, perhaps millions, of Google Chromebooks, widely prized by schools due to their low cost and ease of configuration, were reported to be offline for several hours on Tuesday. The apparent cause? A seemingly botched WiFi policy update pushed out by Google that caused many Chromebooks to forget their approved network connection, leaving students disconnected.
Google eventually issued a new network policy without the glitch -- but not everyone was satisfied. The Director of Technology at one school district complains Google waited three and a half hours before publicly acknowledging the problem -- adding that "manually joining a WiFi network on 10,000+ Chromebooks is a nightmare."

An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...]

Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.

An anonymous reader quotes a report from Android Police: The Chrome Web Store originally launched in 2010, and serves a hub for installing apps, extensions, and themes packaged for Chrome. Over a year ago, Google announced that it would phase out Chrome apps on Windows, Mac, and Linux in 2018. Today, the company sent out an email to developers with additional information, as well as news about future Progressive Web App support. The existing schedule is mostly still in place -- Chrome apps on the Web Store will no longer be discoverable for Mac, Windows, and Linux users. In fact, if you visit the store right now on anything but a Chromebook, the Apps page is gone. Google originally planned to remove app support on all platforms (except Chrome OS) entirely by Q1 2018, but Google has decided to transition to Progressive Web Apps:

"The Chrome team is now working to enable Progressive Web Apps (PWAs) to be installed on the desktop. Once this functionality ships (roughly targeting mid-2018), users will be able to install web apps to the desktop and launch them via icons and shortcuts; similar to the way that Chrome Apps can be installed today. In order to enable a more seamless transition from Chrome Apps to the web, Chrome will not fully remove support for Chrome Apps on Windows, Mac or Linux until after Desktop PWA installability becomes available in 2018. Timelines are still rough, but this will be a number of months later than the originally planned deprecation timeline of 'early 2018.' We also recognize that Desktop PWAs will not replace all Chrome App capabilities. We have been investigating ways to simplify the transition for developers that depend on exclusive Chrome App APIs, and will continue to focus on this -- in particular the Sockets, HID and Serial APIs."

Well, now we know what paid for all those programmers cranking out the overhauled Firefox Quantum browser: a major infusion of new money. From a report: Mozilla, the nonprofit behind the open-source web browser, saw its 2016 revenue increase 24 percent to an all-time high of $520 million, it said Friday. Expenses grew too, but not as much, from $361 million to $337 million, so the organization's war chest is significantly bigger now. Mozilla, which now has about 1,200 employees, releases prior-year financial results in conjunction with tax filings. Most of Mozilla's money comes from partnerships with search engines like Google, Yahoo, DuckDuckGo, Baidu and Yandex. When you search through Firefox's address bar, those search engines show search ads alongside results and share a portion of the revenue to Mozilla. Mozilla in 2014 signed a major five-year deal with Yahoo to be the default search engine in the US, but canceled it only three years in and moved back to Google instead in November. Mozilla's mission -- to keep the internet open and a place where you aren't in the thrall of tech giants -- may seem abstract. But Mozilla succeeded in breaking the lock Microsoft's Internet Explorer had on the web a decade ago, and now it's fighting the same battle again against Google's Chrome.

Catalin Cimpanu, writing for BleepingComputer: Google has laid out a plan for blocking third-party applications from injecting code into the Chrome browser. The most impacted by this change are antivirus and other security products that often inject code into the user's local browser process to intercept and scan for malware, phishing pages, and other threats. Google says these changes will take place in three main phases over the next 14 months. Phase 1: In April 2018, Chrome 66 will begin showing affected users a warning after a crash, alerting them that other software is injecting code into Chrome and guiding them to update or remove that software. Phase 2: In July 2018, Chrome 68 will begin blocking third-party software from injecting into Chrome processes. If this blocking prevents Chrome from starting, Chrome will restart and allow the injection, but also show a warning that guides the user to remove the software. Phase 3: In January 2019, Chrome 72 will remove this accommodation and always block code injection.

Kieren McCarthy, writing for The Register: Network admins, code wranglers and other techies have hit an unusual problem this week: their test and development environments have vanished. Rather than connecting to private stuff on an internal .dev domain to pick up where they left off, a number of engineers and sysadmins are facing an error message in their web browser complaining it is "unable to provide a secure connection." How come? It's thanks to a recent commit to Chromium that has been included in the latest version of Google Chrome. As developers update their browsers, they may find themselves booted out their own systems. Under the commit, Chrome forces connections to all domains ending in .dev (as well as .foo) to use HTTPS via a HTTP Strict Transport Security (HSTS) header. This is part of Google's larger and welcome push for HTTPS to be used everywhere for greater security.

Microsoft has reportedly finished testing out its Office apps on Chromebooks as a number of Chromebooks are now seeing the Office apps in the Google Play Store. Samsung's Chromebook Pro, Acer's Chromebook 15, and Acer's C771 have the Office apps available for download. The Verge reports: The apps are Android versions of Office which include the same features you'd find on an Android tablet running Office. Devices like Asus' Chromebook Flip (with a 10.1-inch display) will get free access to Office on Chrome OS, but larger devices will need a subscription. Microsoft has a rule across Windows, iOS, and Android hardware that means devices larger than 10.1 inches need an Office 365 subscription to unlock the ability to create, edit, or print documents.

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope.
He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects.
Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?).

The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.

Wired's senior staff writer David Pierce says Firefox Quantum "feels like a bunch of power users got together and built a browser that fixed all the little things that annoyed them about other browsers." The new Firefox actually manages to evolve the entire browser experience, recognizing the multi-device, ultra-mobile lives we all lead and building a browser that plays along. It's a browser built with privacy in mind, automatically stopping invisible trackers and making your history available to you and no one else. It's better than Chrome, faster than Chrome, smarter than Chrome. It's my new go-to browser.

The speed thing is real, by the way. Mozilla did a lot of engineering work to allow its browser to take advantage of all the multi-core processing power on modern devices, and it shows... I routinely find myself with 30 or 40 tabs open while I'm researching a story, and at that point Chrome effectively drags my computer into quicksand. So far, I haven't been able to slow Firefox Quantum down at all, no matter how many tabs I use... [But] it's the little things, the things you do with and around the web pages themselves, that make Firefox really work. For instance: If you're looking at a page on your phone and want to load that same page on your laptop, you just tap "Send to Device," pick your laptop, and it opens and loads in the background as if it had always been there. You can save pages to a reading list, or to the great read-it-later service Pocket (which Mozilla owns), both with a single tap...

Mozilla has a huge library of add-ons, and if you use the Foxified extension, you can even run Chrome extensions in Firefox. Best I can tell, there's nothing you can do in Chrome that you can't in Firefox. And Firefox does them all faster.
I've noticed that when you open a new tab in Chrome's mobile version, it forces you to also see news headlines that Google picked out for you. But how about Slashdot's readers? Chrome, Firefox -- or undecided?

An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.

Mashable aleady reported Firefox Quantum performs better than Chrome on web applications (based on BrowserBench's JetStream tests), but that Chrome performed better on other benchmarks. Now Laptop Mag has run more tests, agreeing that Firefox performs beter on JetStream tests -- and on WebXPRT's six HTML5- and JavaScript-based workload tests. Firefox Quantum was the winner here, with a score of 491 (from an average of five runs, with the highest and lowest results tossed out) to Chrome's 460 -- but that wasn't quite the whole story. Whereas Firefox performed noticeably better on the Organize Album and Explore DNA Sequencing workloads, Chrome proved more adept at Photo Enhancement and Local Notes, demonstrating that the two browsers have different strengths...

You might think that Octane 2.0, which started out as a Google Developers project, would favor Chrome -- and you'd be (slightly) right. This JavaScript benchmark runs 21 individual tests (over such functions as core language features, bit and math operations, strings and arrays, and more) and combines the results into a single score. Chrome's was 35,622 to Firefox's 35,148 -- a win, if only a minuscule one.
In a series RAM-usage tests, Chrome's average score showed it used "marginally" less memory, though the average can be misleading. "In two of our three tests, Firefox did finish leaner, but in no case did it live up to Mozilla's claim that Quantum consumes 'roughly 30 percent less RAM than Chrome,'" reports Laptop Mag.

Both browsers launched within 0.302 seconds, and the article concludes that "no matter which browser you choose, you're getting one that's decently fast and capable when both handle all of the content you're likely to encounter during your regular surfing sessions."

An anonymous reader quotes TechNewsWorld: Firefox is not only fast on startup -- it remains zippy even when taxed by multitudes of tabs. "We have a better balance of memory to performance than all the other browsers," said Firefox Vice President for Product Nick Nguyen. "We use 30 percent less memory, and the reason for that is we can allocate the number of processes Firefox uses on your computer based on the hardware that you have," he told TechNewsWorld. The performance improvements in Quantum could be a drink from the fountain of youth for many Firefox users' systems. "A significant number of our users are on machines that are two cores or less, and less than 4 gigabytes of RAM," Nguyen explained.
Mashable ran JetStream 1.1 tests on the ability to run advanced web applications, and concluded that "Firefox comes out on top, but not by much. This means it's, according to JetStream, slightly better suited for 'advanced workloads and programming techniques.'" Firefox also performed better on "real-world speed tests" on Amazon.com and the New York Times' site, while Chrome performed better on National Geographic, CNN, and Mashable. Unfortunately for Mozilla, Chrome looks like it's keeping the top spot, at least for now. The only test that favors Quantum is JetStream, and that's by a hair. And in Ares-6 [which measures how quickly a browser can run new Javascript functions, including mathematical functions], Quantum gets eviscerated... Speedometer simulates user actions on web applications (specifically, adding items to a to-do list) and measures the time they take... When it comes to user interactions in web applications, Chrome takes the day...

In reality, however, Quantum is no slug. It's a capable, fast, and gorgeous browser with innovative bookmark functionality and a library full of creative add-ons. As Mozilla's developers fine-tune Quantum in the coming months, it's possible it could catch up to Chrome. In the meantime, the differences in page-load time are slight at best; you probably won't notice the difference.

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

Catalin Cimpanu, writing for BleepingComputer: Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users. The Firefox sandboxing feature isolates the browser from the operating system in a way to prevent web attacks from using a vulnerability in the browser engine and its legitimate functions to attack the underlying operating system, place malware on the filesystem, or steal local files. Chrome has always run inside a sandbox. Initially, Firefox ran only a few plugins inside a sandbox -- such as Flash, DRM, and other multimedia encoding plugins.

Google is releasing updates to Chrome 64 and Chrome 65 to put a halt to page redirects and trick-to-click popups. The update is coming to both the desktop and Android apps. Android Central reports: With Chrome 64, every redirect from a third-party iframe will show an info bar instead of sending you off to some other page. This way we can decide if we want to navigate away or stay on the page we're looking at. If we're interacting with an iframe, like clicking an embedded YouTube video to open it on YouTube in a new tab, the request goes through as normal -- this only applies to things you didn't click and didn't expect to send you off. We can get more than we asked for when we are interacting with a web page, too. Google has two things planned that should help. With Chrome 65, websites that try to circumvent Chrome's pop-up blocker by opening a new tab for a thing you clicked while navigating the original tab to some other page will be blocked with the same style of info bar. This gives us the choice of taking a look versus being forced. Some abusive experiences are harder to autodetect, but Google plans to use the same type of data as its Safe Browsing feature to kill off deceptive page elements.

Starting next year, Google's Chrome browser will stamp out some shenanigans that send you to a website you didn't expect. From a report: You probably don't like it when you navigate to a particular web page and then your browser unexpectedly jumps to another page -- an action called a redirect and something the website publisher didn't even want to happen. With Chrome 64, in testing now and due to ship early next year, Chrome will block that kind of bait and switch, Google said. "We've found that this redirect often comes from third-party content embedded in the page, and the page author didn't intend the redirect to happen at all," Google product manager Ryan Schoen said in a blog post. Chrome 64 will block the redirect action and instead show an information bar telling you what happened. That's not all. Chrome 65, due a few weeks later, will squelch another unwelcome action that can happen when you click a link and the website opens in a new tab while switching the existing tab to a page you didn't request.

Reader Tablizer writes (edited and condensed): The Chrome team "broke the web" to make Chrome perform better, according to Nikita Prokopov, a software engineer. So the story goes like this: there's a widely-used piece of DOM API called "addEventListener." Almost every web site or web app that does anything dynamic with JS probably depends on this method in some way. In 2016, Google came along and decided that this API was not extensible enough. But that's not the end of the story. Chrome team proposed the API change to add passive option because it allowed them to speed up scrolling on mobile websites. The gist of it: if you mark onscroll/ontouch event listener as passive, Mobile Google can scroll your page faster (let's not go into details, but that's how things are). Old websites continue to work (slow, as before), and new websites have an option to be made faster at the cost of an additional feature check and one more option. It's a win-win, right? Turned out, Google wasn't concerned about your websites at all. It was more concerned about its own product performance, Google Chrome Mobile. That's why on February 1, 2017, they made all top-level event listeners passive by default. They call it "an intervention." Now, this is a terrible thing to do. It's very, very, very bad. Basically, Chrome broke half of user websites, the ones that were relying on touch/scroll events being cancellable, at the benefit of winning some performance for websites that were not yet aware of this optional optimization. This was not backward compatible change by any means. All websites and web apps that did any sort of draggable UI (sliders, maps, reorderable lists, even slide-in panels) were affected and essentially broken by this change.

An anonymous reader quotes ZDNet: Stories have been circulating that the Linux desktop had jumped in popularity and was used more than macOS. Alas, it's not so... These reports have been based on NetMarketShare's desktop operating system analysis, which showed Linux leaping from 2.5 percent in July, to almost 5 percent in September. But unfortunately for Linux fans, it's not true... It seems to be merely a mistake. Vince Vizzaccaro, NetMarketShare's executive marketing share of marketing told me, "The Linux share being reported is not correct. We are aware of the issue and are currently looking into it"...

For the most accurate, albeit US-centric operating system and browser numbers, I prefer to use data from the federal government's Digital Analytics Program (DAP). Unlike the others, DAP's numbers come from billions of visits over the past 90 days to over 400 US executive branch government domains... DAP gets its raw data from a Google Analytics account. DAP has open-sourced the code, which displays the data on the web and its data-collection code... In the US Analytics site, which summarizes DAP's data, you will find desktop Linux, as usual, hanging out in "other" at 1.5 percent. Windows, as always, is on top with 45.9 percent, followed by Apple iOS, at 25.5 percent, Android at 18.6 percent, and macOS at 8.5 percent.
The article does, however, acknowledge that Linux's real market share is probably a little higher simply because "no one, not even DAP, seems to do a good job of pulling out the Linux-based Chrome OS data."

A reader shares a report: We've seen lots of blunders on stage, and still happen occasionally, but this must be the best of all. A Microsoft engineer downloaded, installed, and started using Google Chrome during a live presentation after Microsoft Edge, the default Windows 10 browser, stopped responding in the middle of a demo. In just a few words, Microsoft Edge froze while the engineer was working with virtual machines in the browser, and judging from how fast he proceeded to downloading Google Chrome, this wasn't the first time it happened. Because, you know, sometimes reloading the page or restarting the browser does help, but you can't risk hitting the same error twice, right? "I love it when demos break," he said. "So while we're talking here, I'm gonna go install Chrome," he continued before he started laughing, with many people in the audience cheering. "And we're going to not make Google better," he added when unchecking the box to send usage statistics and crash reports to Google, as if this made things less worse. "We're going to do this again, I'm sorry about this. The age of these machines are [sic] wacked down a little bit, there are some things that just don't work."