Communications

Comcast's Protected Browsing Is Blocking PayPal, Steam and TorrentFreak, Customers Say (vice.com) 82

Comcast's Xfinity internet customers have been reporting multiple websites, including PayPal, Steam, and TorrentFreak have been getting blocked by the ISP's "protected browsing" setting. From a report: The "protected browsing" setting is designed to "reduce the risk of accessing known sources of malware, spyware, and phishing for all devices connected to your home network." This, in general, isn't a bad thing. It's similar to Google Chrome's security settings that warn you when you have an insecure connection. But it's odd that Xfinity's security setting would be blocking perfectly harmless sites like PayPal. Multiple consumers have been reporting on Comcast's forums and elsewhere that they've been blocked while trying to access sites that many people use every day. After posting about it on the forums, one user who said they couldn't access PayPal said the problem with that particular site had been fixed. Further reading: Comcast's Protected Browsing Blocks TorrentFreak as "Suspicious" Site (TorrentFreak).
Chrome

Chrome 65 Arrives With Material Design Extensions Page, New Developer Features (venturebeat.com) 34

An anonymous reader quotes a report from VentureBeat: Google today launched Chrome 65 for Windows, Mac, Linux, and Android. Additions in this release include Material Design changes and new developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Chrome 65 comes with a few visual changes. The most obvious is related to Google's Material Design mantra. The extensions page has been completely revamped to follow it. Next up, Chrome 65 replaces the Email Page Location link in Chrome for Mac's File menu with a Share submenu. As you might expect, Mac users can use this submenu to share the URL of a current tab via installed macOS Share Extensions. Speaking of Macs, Chrome 65 is also the last release for OS X 10.9 users. Chrome 66 will require OS X 10.10 or later. Moving on to developer features, Chrome 65 includes the CSS Paint API, which allows developers to programmatically generate an image, and the Server Timing API, which allows web servers to provide performance timing information via HTTP headers.
Chrome

Chrome On Windows Ditches Microsoft's Compiler, Now Uses Clang (arstechnica.com) 94

An anonymous reader quotes a report from Ars Technica: Google's Chrome browser is now built using the Clang compiler on Windows. Previously built using the Microsoft C++ compiler, Google is now using the same compiler for Windows, macOS, Linux, and Android, and the switch makes Chrome arguably the first major software project to use Clang on Windows. Chrome on macOS and Linux has long been built using the Clang compiler and the LLVM toolchain. The open-source compiler is the compiler of choice on macOS, making it the natural option there, and it's also a first-class choice for Linux; though the venerable GCC is still the primary compiler choice on Linux, by using Clang instead, Google ensured that it has only one set of compiler quirks and oddities to work with rather than two. But Chrome on Windows has instead used Microsoft's Visual C++ compiler. The Visual C++ compiler is the best-supported, most widely used compiler on Windows and, critically, is the compiler with the best support for Windows' wide range of debugging and diagnostic tools. The Visual Studio debugger is widely loved by the C++ community, and other tools, such as the WinDbg debugger (often used for analyzing crash dumps), are core parts of the Windows developer experience.
Chrome

End of Flash? Its Usage Among Chrome Users Has Declined From 80% in 2014 to Under 8% as of Early 2018 (bleepingcomputer.com) 114

An anonymous reader writes: The percentage of daily Chrome users who've loaded at least one page containing Flash content per day has gone down from around 80% in 2014 to under 8% in early 2018. These statistics on Flash's declining numbers were shared with the public by Parisa Tabriz, Director of Engineering at Google, one of the Google bigwigs in charge of Chrome's security. Google plans to ship Flash disabled-by-default with Chrome 76 (July 2019) and remove it completely in Chrome 87 (December 2020).
Linux

Chrome OS Could Be Getting Containers for Running Linux VMs (zdnet.com) 57

Chromebook users may soon have a simpler way to run their favorite Linux distribution and applications on Google's Chrome OS hardware. From a report: As spotted by Chrome Unboxed, there's a newly merged commit in Chromium Gerrit describing a "new device policy to allow Linux VMs on Chrome OS." A related entry suggests support could come with Chrome OS version 66, which is due out in stable release around April 24, meaning Google might announce it at its annual IO developer conference, which starts on May 8. Developers can already use a tool called Crouton to install and run Linux on Chrome OS, but there is a security trade-off because Chrome OS needs to be switched to developer mode to use it. There's also a Crouton extension called Xiwi to enable using an OS in a browser window on Chrome OS. However, it too requires developer mode to be enabled. A recent commit suggests Chrome developers are working on a project called Crostini that may solve the developer mode problem by allowing Linux VMs to run inside a container.
Chrome

Chrome 64 Now Trims Messy Links When You Share Them (theverge.com) 87

Google's latest consumer version of Chrome, version number 64, just started cleaning up messy referral links for you. From a report: Now, when you go to share an item, you'll no longer see a long tracking string after a link, just the primary link itself. This feature now happens automatically when sharing links in Chrome, either by the Share menu or by copying the link and pasting it elsewhere. Even though it slices off the extra bit of the URL, this doesn't affect referral information. If you choose, you can copy and paste directly from the URL bar to grab the link in entirety.
Chrome

Chrome Extension Brings 'View Image' Button Back (9to5google.com) 80

Google recently removed the convenient "view image" button from its search results as a result of a lawsuit with stock-photo agency Getty. Thankfully, one day later, a developer created an extension that brings it back. 9to5Google reports: It's unfortunate to see that button gone, but an easy to use Chrome extension brings it back. Simply install the extension from the Chrome Web Store, and then any time you view an image on Google Image Search, you'll be able to open that source image. You can see the functionality in action in the video below. The only difference we can see with this extension versus the original functionality is that instead of opening the image on the same page, it opens it in a new tab. The extension is free, and it will work with Chrome for Windows, Mac, Chrome OS, or anywhere else the full version of Chrome can be used. 9to5Google has a separate post with step-by-step instructions to get the Google Images "view image" button back.
Piracy

Tickbox Must Remove Pirate Streaming Add-ons From Sold Devices (torrentfreak.com) 70

TickBox TV, the company behind a Kodi-powered streaming device, must release a new software updater that will remove copyright-infringing addons from previously shipped devices. A California federal court issued an updated injunction in the lawsuit that was filed by several major Hollywood studios, Amazon, and Netflix, which will stay in place while both parties fight out their legal battle. TorrentFreak reports: Last year, the Alliance for Creativity and Entertainment (ACE), an anti-piracy partnership between Hollywood studios, Netflix, Amazon, and more than two dozen other companies, filed a lawsuit against the Georgia-based company Tickbox TV, which sells Kodi-powered set-top boxes that stream a variety of popular media. ACE sees these devices as nothing more than pirate tools so the coalition asked the court for an injunction to prevent Tickbox from facilitating copyright infringement, demanding that it removes all pirate add-ons from previously sold devices. Last month, a California federal court issued an initial injunction, ordering Tickbox to keep pirate addons out of its box and halt all piracy-inducing advertisements going forward. In addition, the court directed both parties to come up with a proper solution for devices that were already sold.

The new injunction prevents Tickbox from linking to any "build," "theme," "app," or "addon" that can be indirectly used to transmit copyright-infringing material. Web browsers such as Internet Explorer, Google Chrome, Safari, and Firefox are specifically excluded. In addition, Tickbox must also release a new software updater that will remove any infringing software from previously sold devices. All tiles that link to copyright-infringing software from the box's home screen also have to be stripped. Going forward, only tiles to the Google Play Store or to Kodi within the Google Play Store are allowed. In addition, the agreement also allows ACE to report newly discovered infringing apps or addons to Tickbox, which the company will then have to remove within 24-hours, weekends excluded.

Chrome

Google's Chrome Ad Blocking Arrives Tomorrow (theverge.com) 211

Google is enabling its built-in ad blocker for Chrome tomorrow (February 15th). From a report: Chrome's ad filtering is designed to weed out some of the web's most annoying ads, and push website owners to stop using them. Google is not planning to wipe out all ads from Chrome, just ones that are considered bad using standards from the Coalition for Better Ads. Full page ads, ads with autoplaying sound and video, and flashing ads will be targeted by Chrome's ad filtering, which will hopefully result in less of these annoying ads on the web. Google is revealing today exactly what ads will be blocked, and how the company notifies site owners before a block is put in place. On desktop, Google is planning to block pop-up ads, large sticky ads, auto-play video ads with sound, and ads that appear on a site with a countdown blocking you before the content loads. Google is being more aggressive about its mobile ad blocking, filtering out pop-up ads, ads that are displayed before content loads (with or without a countdown), auto-play video ads with sound, large sticky ads, flashing animated ads, fullscreen scroll over ads, and ads that are particularly dense.
Software

The Most Popular Linux Desktop Programs (zdnet.com) 228

The most recent Linux Questions poll results are in. Steven J. Vaughan-Nichols, writing for ZDNet: LinuxQuestions, one of the largest internet Linux groups with 550,000 members, has just posted the results from its latest survey of desktop Linux users. In the always hotly-contested Linux desktop environment survey, the winner was the KDE Plasma Desktop. It was followed by the popular lightweight Xfce, Cinnamon, and GNOME. If you want to buy a computer with pre-installed Linux, the Linux Questions crew's favorite vendor by far was System76. Numerous other computer companies offer Linux on their PCs. These include both big names like Dell and dedicated small Linux shops such as ZaReason, Penguin Computing, and Emperor Linux. Many first choices weren't too surprising. For example, Linux users have long stayed loyal to the Firefox web browser, and they're still big fans. Firefox beat out Google Chrome by a five-to-one margin. And, as always, the VLC media player is far more popular than any other Linux media player. For email clients, Mozilla Thunderbird remains on top. That's a bit surprising given how Thunderbird's development has been stuck in neutral for some time now. When it comes to text editors, I was pleased to see vim -- my personal favorite -- win out over its perpetual rival, Emacs. In fact, nano and Kate both came ahead of Emacs.
Google

Google Chrome Pushes For User Protection With 'Not secure' Label (axios.com) 85

In an effort to force websites to better protect their users, the Chrome web browser will label all sites not encrypted traffic as "Not secure" in the web address bar, Google announced Thursday. From a report: Encrypted traffic allows users to access data on a website without allowing potential eavesdroppers to see anything the users visit. HTTPS also prevents meddlers from changing information in transit. During normal web browsing, Google currently displays a "Not secure" warning in the next to a site's URL if it forgoes HTTPS encryption and a user enters data. Now the browser will label all sites without HTTPS encryption this way.
Google

Google Executives Are Floating a Plan To Fight Fake News on Facebook and Twitter (qz.com) 305

Fake news, bots, and propaganda were hot topics at the World Economic Forum meeting in Davos last month, and Google executives there floated an intriguing idea to some fellow attendees -- what if the company could tell users whether information is trustworthy before they shared it on social networks like Facebook and Twitter? From a report: Representatives from Google and its parent company Alphabet eagerly discussed how the company can play a greater role in reducing misleading information online, several Davos attendees involved in and briefed on these conversations told Quartz. A notification system, perhaps via an optional extension for Google's Chrome browser, was an idea that these people said was broached more than once. Such a browser-based system controlled by Google could alert users on Facebook's or Twitter's websites when they're seeing or sharing a link deemed to be false or untrustworthy. Right now, this appears to be merely an idea company executives are discussing, not a product in development.
Security

Meet the Tiny Startup That Sells IPhone and Android Zero Days To Governments (vice.com) 51

An anonymous reader writes: The story of Azimuth Security, a tiny startup in Australia, provides a rare peek inside the secretive industry that helps government hackers get around encryption. Azimuth is part of an opaque, little known corner of the intelligence world made of hackers who develop and sell expensive exploits to break into popular technologies like iOS, Chrome, Android and Tor.
Chrome

Scammers Use Download Bombs To Freeze Chrome Browsers on Shady Sites (bleepingcomputer.com) 72

An anonymous reader shares a report: The operators of some tech support scam websites have found a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded software or servicing fees. The trick relies on using JavaScript code loaded on these malicious pages to initiate thousands of file download operations that quickly take up the user's memory resources, freezing Chrome on the scammer's site. The trick is meant to drive panicked users into calling one of the tech support phone numbers shown on the screen. According to Jerome Segura -- Malwarebytes leading expert in tech support scam operations, malvertising, and exploit kits -- this new trick utilizes the JavaScript Blob method and the window.navigator.msSaveOrOpenBlob function to achieve the "download bomb" that freezes Chrome.
Chrome

A Bug in Browser Extension Grammarly, Now Patched, Could Have Allowed an Attacker To Read Everything Users Wrote Online (gizmodo.com) 57

Copyediting app Grammarly included a gaping security hole that left users of its browser extension open to more embarrassment than just misspelled words. From a report: The Grammarly browser extension for Chrome and Firefox contained a "high severity bug" that was leaking authentication tokens, according to a bug report by Tavis Ormandy, a security researcher with Google's Project Zero. This meant that any website a Grammarly user visited could access the user's "documents, history, logs, and all other data," according to Ormandy. Grammarly provides automated copyediting for virtually anything you type into a browser that has the extension enabled, from blogs to tweets to emails to your attorney. In other words, there is an unfathomable number of scenarios in which this kind of major vulnerability could result in disastrous real-world consequences. Grammarly has approximately 22 million users, according to Ormandy, and the company told Gizmodo in an email that it "has no evidence that any user information was compromised" by the security hole. "We're continuing to monitor actively for any unusual activity," a Grammarly spokesperson said.
Android

Chrome OS Is Almost Ready To Replace Android On Tablets (theverge.com) 61

Several news features rolling out to Chromebooks paint a picture of the future of Chrome OS as the rightful replacement for Android tablet software. Those include a new split-screen feature for multitasking while in tablet mode, and a screenshot feature borrowed from Android. The Verge reports: As it stands now, Chrome OS is very close to taking up the mantle there, and features like this push it ever closer to becoming the hybrid OS for all types of Google-powered screens. This has been in the works for quite a while as Google's Chrome and Android teams have coordinated closely to ensure the influx of low-cost, hybrid computing devices like 2-in-1 Chromebooks get the best of both worlds. There is, of course, Android app compatibility on Chrome OS, an initiative that first arrived somewhat half-baked last year and has taken months to fully jell as Google worked out the kinks. For instance, just last month Google added the ability for Android apps on Chromebooks run in the background. In July of last year, Google also began embarking on a touch-focused redesign of Chrome OS to make the software more functional in tablet mode. We're likely not getting the full-blown merging of the two divisions and their respective platforms anytime soon, or perhaps ever, as Google has played with the idea for years without ever seeming to decide that one platform should supersede the other. In essence, however, Android remains Google's dominant mobile OS, while Chrome OS has been taking on more responsibility as Chromebooks have steadily become more capable and tablet-like.
Chrome

Google Chrome To Feature Built-In Image Lazy Loading (bleepingcomputer.com) 131

An anonymous reader writes: Future versions of Google Chrome will feature built-in support for lazy loading, a mechanism to defer the loading of images and iframes if they are not visible on the user's screen at load time. This system will first ship with Chrome for Android and Google doesn't rule out adding it to desktop versions if tests go as planned. The feature is called Blink LazyLoad, and as the name hints, it will implement the principle of "lazy loading" inside Chrome itself.

Google engineers reported page load speed improvements varying from 18% to 35%, depending on the underlying network. Other browser makers have been notified of the Chrome team's plan, but none have provided input if they plan to implement a similar feature. Compared to most JS-based lazy loading scripts that only target images, Google implementation will also target iframes.

Television

Ask Slashdot: How Can I Build a Private TV Channel For My Kids? 163

Long-time Slashdot reader ljw1004 writes: I want to assemble my OneDrive-hosted mp4s into a "TV channel" for my kids -- so at 7am while I sleep in, they know they can turn the TV on, it will show Mr Rogers then Sesame Street then grandparents' story-time, then two hand-picked cartoons, and nothing for the rest of the day. How would you do this? With Chromecast and write a JS Chrome plugin to drive it? Write an app for FireTV? Is there any existing OSS software for either the scheduling side (done by parents) or the TV-receiver side? How would you lock down the TV beyond just hiding the remote?
"There are good worthwhile things for them to see," adds the original submission, "but they're too young to be given the autonomy to pick them, and I can do better than Nickeloden or CBBC or Amazon Freetime Unlimited."

Slashdot reader Rick Schumann suggested putting the video files on an external hard drive (or burning them to a DVD), while apraetor points out many TVs now play files from flash drives -- and also suggests a private Roku channel. But what's the best way to build a private TV channel for kids?

Leave your best answers in the comments.
GNOME

Should Apps Replace Title Bars with Header Bars? (gnome.org) 362

Gnome contributor Tobias Bernard is on a crusade against title bars -- "the largely empty bars at the top of some application windows [that] contain only the window title and a close button." Instead he wants to see header bars -- "a newer, more flexible pattern that allows putting window controls and other UI elements in the same bar." Tobias Bernard writes: Header bars are client-side decorations (CSD), which means they are drawn by the app rather than the display server. This allows for better integration between application and window chrome. All GNOME apps (except for Terminal) have moved to header bars over the past few years, and so have many third-party apps. However, there are still a few holdouts.
He's announcing the CSD Initiative, "an effort to get apps (both GNOME and third-party) to drop title bars and adopt GNOME-style client-side decorations... The only way to solve this problem long-term is to patch applications upstream to not use title bars. So this is what we'll have to do."
  • Talk to the maintainers and convince them that this is a good idea
  • Do the design work of adapting the layout and make mockups
  • Figure out what is required at a technical level
  • Actually implement the new layout and get it merged

Implementation is already in progress for Firefox, though it has not yet been started for other high-priority apps like LibreOffice, GNOME Terminal, and Skype. "If you want to help with any of the above tasks," writes Tobias, "come talk to us on #gnome-design on IRC/Matrix."


Privacy

DuckDuckGo App and Extension Upgrades Offer Privacy 'Beyond the Search Box' (theverge.com) 48

An anonymous reader quotes the Verge: DuckDuckGo is launching updated versions of its browser extension and mobile app, with the promise of keeping internet users safe from snooping "beyond the search box." The company's flagship product, its privacy-focused search engine, will remain the same, but the revamped extension and app will offer new tools to help users keep their web-browsing as safe and private as possible. These include grade ratings for websites, factoring in their use of encryption and ad tracking networks, and offering summaries of their terms of service (with summaries provided by third-party Terms of Service Didn't Read). The app and extension are available for Firefox, Safari, Chrome, iOS, and Android.

The ability to block ad tracking networks is probably the most important feature here. These networks are used by companies like Google and Facebook to follow users around the web, stitching together their browsing history to create a more accurate profile for targeted advertising.

DuckDuckGo calls it "a major step to simplify online privacy," adding that without it, "It's hard to use the Internet without it feeling a bit creepy -- like there's a nosey neighbor watching everything you do from across the street."

Slashdot Top Deals