RSS Advisory Board: This month marks the 20th anniversary of the effort that became the Atom feed format. It all began on June 16, 2003, with a blog post from Apache Software Foundation contributor Sam Ruby asking for feedback about what constitutes a well-formed blog entry. The development of RSS 2.0 had been an unplanned hopscotch from a small group at Netscape to a smaller one at UserLand Software, but Atom was a barn raising. Hundreds of software developers, web publishers and technologists gathered for a discussion in the abstract that led to a concrete effort to build a well-specified syndication format and associated publishing API that could become Internet standards. Work was done on a project wiki that grew to over 1,500 pages. Everything was up for a vote, including a plebiscite on choosing a name that ballooned into a four-month-long bikeshed discussion in which Pie, Echo, Wingnut, Feedcast, Phaistos and several dozen alternatives finally, mercifully, miraculously lost out to Atom.

The road map of the Atom wiki lists the people, companies and projects that jumped at the chance to create a new format for feeds. XML specification co-author Tim Bray wrote: "The time to write it all down and standardize it is not when you're first struggling to invent the technology. We now have aggregators and publishing systems and search engines and you-name-it, and I think the community collectively understands pretty well what you need, what you don't need, and what a good syntax looks like. So, now's the time."

For Red Hat's 30th anniversary, North Carolina's News & Observer newspaper ran a special four-part series of articles.

In the first article Red Hat co-founder Bob Young remembers Red Hat's first big breakthrough: winning InfoWorld's "OS of the Year" award in 1998 — at a time when Microsoft's Windows controlled 85% of the market. "How is that possible," Young said, "that one of the world's biggest technology companies, on this strategically critical product, loses the product of the year to a company with 50 employees in the tobacco fields of North Carolina?" The answer, he would tell the many reporters who suddenly wanted to learn about his upstart company, strikes at "the beauty" of open-source software.

"Our engineering team is an order of magnitude bigger than Microsoft's engineering team on Windows, and I don't really care how many people they have," Young would say. "Like they may have thousands of the smartest operating system engineers that they could scour the planet for, and we had 10,000 engineers by comparison...."

Young was a 40-year-old Canadian computer equipment salesperson with a software catalog when he noticed what Marc Ewing was doing. [Ewing was a recent college graduate bored with his two-month job at IBM, selling customized Linux as a side hustle.] It's pretty primitive, but it's going in the right direction, Young thought. He began reselling Ewing's Red Hat product. Eventually, he called Ewing, and the two met at a tech conference in New York City. "I needed a product, and Marc needed some marketing help," said Young, who was living in Connecticut at the time. "So we put our two little businesses together."

Red Hat incorporated in March 1993, with the earliest employees operating the nascent business out of Ewing's Durham apartment. Eventually, the landlord discovered what they were doing and kicked them out.
The four articles capture the highlights. ("A visual effects group used its Linux 4.1 to design parts of the 1997 film Titanic.") And it doesn't leave out Red Hat's skirmishes with Microsoft. ("Microsoft was owned by the richest person in the world. Red Hat engineers were still linking servers together with extension cords. ") "We were changing the industry and a lot of companies were mad at us," says Michael Ferris, Red Hat's VP of corporate development/strategy. Soon there were corporate partnerships with Netscape, Intel, Hewlett-Packard, Compaq, Dell, and IBM — and when Red Hat finally goes public in 1999, its stock sees the eighth-largest first-day gain in Wall Street history, rising in value in days to over $7 billion and "making overnight millionaires of its earliest employees."

But there's also inspiring details like the quote painted on the wall of Red Hat's headquarters in Durham: "Every revolution was first a thought in one man's mind; and when the same thought occurs to another man, it is the key to that era..." It's fun to see the story told by a local newspaper, with subheadings like "It started with a student from Finland" and "Red Hat takes on the Microsoft Goliath."

Something I'd never thought of. 2001's 9/11 terrorist attack on the World Trade Center "destroyed the principal data centers of many Wall Street investment banks, which were housed in the twin towers. With their computers wiped out, financial institutions had to choose whether to rebuild with standard proprietary software or the emergent open source. Many picked the latter." And by the mid-2000s, "Red Hat was the world's largest provider of Linux...' according to part two of the series. "Soon, Red Hat was servicing more than 90% of Fortune 500 companies." By then, even the most vehement former critics were amenable to Red Hat's kind of software. Microsoft had begun to integrate open source into its core operations. "Microsoft was on the wrong side of history when open source exploded at the beginning of the century, and I can say that about me personally," Microsoft President Brad Smith later said.

In the 2010s, "open source has won" became a popular tagline among programmers. After years of fighting for legitimacy, former Red Hat executives said victory felt good. "There was never gloating," Tiemann said.

"But there was always pride."
In 2017 Red Hat's CEO answered questions from Slashdot's readers.

A new wave of chat bots like ChatGPT use artificial intelligence that could reinvent or even replace the traditional internet search engine. From a report: Over the past three decades, a handful of products like Netscape's web browser, Google's search engine and Apple's iPhone have truly upended the tech industry and made what came before them look like lumbering dinosaurs. Three weeks ago, an experimental chat bot called ChatGPT made its case to be the industry's next big disrupter. [...] Although ChatGPT still has plenty of room for improvement, its release led Google's management to declare a "code red." For Google, this was akin to pulling the fire alarm. Some fear the company may be approaching a moment that the biggest Silicon Valley outfits dread -- the arrival of an enormous technological change that could upend the business.

For more than 20 years, the Google search engine has served as the world's primary gateway to the internet. But with a new kind of chat bot technology poised to reinvent or even replace traditional search engines, Google could face the first serious threat to its main search business. One Google executive described the efforts as make or break for Google's future. ChatGPT was released by an aggressive research lab called OpenAI, and Google is among the many other companies, labs and researchers that have helped build this technology. But experts believe the tech giant could struggle to compete with the newer, smaller companies developing these chat bots, because of the many ways the technology could damage its business.

An anonymous reader quotes a report from The Verge: Darin Fisher has built a lot of web browsers. A lot of web browsers. He was a software engineer at Netscape early in his career, working on Navigator and then helping turn that app into Firefox with Mozilla. Then, he went to Google and spent 16 years building Chrome and ChromeOS into massively successful products. Last year, he left Google for Neeva, where he worked on ways to build a browser around the startup's search engine. And now, he's leaving Neeva to join The Browser Company and work on Arc, one of the hottest new browsers on the market. Arc, which has been in an invite-only beta for more than a year, is trying to rethink the whole browser UI. It has a sidebar instead of a row of tabs, offers a lot of personalization options, and is meant for people who live their computing life in a browser (which is increasingly most people). CEO Josh Miller often talks about building "the internet computer," too, and using the browser as a way to make the internet more useful.

Fisher has been an advisor to The Browser Company for a while, but Monday is his first official day at the company as a software engineer. Ahead of his new gig, Fisher and I got on a call to talk about why he thinks browsers are due for a reinvention -- and why he thinks a startup is the best place to do it. The answer starts with the browser's defining feature: tabs. Fisher doesn't hate tabs -- in fact, he helped popularize them. But he hates that using a modern browser involves opening a million of them, not being able to find them again, and eventually just giving up and starting all over again. "I remember when tabbed browsing was novel," Fisher says, "and helped people feel less cluttered because you don't have as many windows." But now, "even when I use Chrome," Fisher says, "I get a bunch of clutter. At some point, I just say, 'Forget it, I'm not even going to bother trying to sort through all these tabs. If it's important, I'll open it again.'" Browsers need better systems for helping you manage tabs, not just open more of them.

The best way to improve the browser, Fisher ultimately decided, is to just start from scratch. Arc is full of new ideas about how web browsers can work: it combines bookmarks and tabs into one app switcher-like concept; it makes it easy to search among your open tabs; it has built-in tools for taking notes and making shareable mini websites. The experience can be jarring because it's so different, but Fisher says that's part of what he's excited about. "This is not stuff people haven't talked about before," he says, "but actually putting it together and focusing on it and thinking about the small steps that go a long way, I think that's where there's so much opportunity." Fisher likes to compare a browser to an operating system, which matches with The Browser Company's idea that Arc isn't just a browser but rather an iOS-like system for the open web. "It has task management UI, it has UI for creating and starting a journey, but there's so much more in between," he says. What the iPhone did for native apps, Arc hopes to do for web apps. Fisher says he's interested in improving the way files move around the internet, for instance, finding a better way than the constant downloading and uploading we all do all day. He likes that Arc has a picture-in-picture mode that works by default, pulling your YouTube video out when you switch tabs. All these make the web feel more connected and cohesive rather than just a bunch of tabs in a horizontal line. The Browser Company also plans to reinvent the internet browser for mobile, too. On mobile, in particular, he says, "there are so many opportunities because the starting point is so archaic."

"He's vague on the details of his plans -- and The Browser Company hasn't really started working on a mobile browser yet anyway -- but says that's a big focus for him going forward," adds The Verge.

Where did the internet come from? When students are asked that by an assistant professor of media studies at the University of Virginia, some mention ARPANET or Silicon Valley — and "no fewer than four students have simply written, 'Bill Gates....'"

But even beyond that, "The best-known histories describe an internet that hasn't existed since 1994..." argues Kevin Driscoll "the intersection of hundreds of regional, national, commercial, and cooperative networks." So in an excerpt from his new book, Driscoll describes exactly how "a mixture of commercial online services, university networks, and local community networks mutated into something bigger, more commercial, and more accessible to the general public..."

And what's often left out is the pre-web "modem world": Whereas ARPANET was created by professional researchers in university and government labs, the modem world was driven by community-oriented amateurs and entrepreneurs — hobby radio groups, computer clubs, software pirates, and activist organizations. Despite their shared interest in computer networking, these were, with rare exception, distinct spheres of social and technical activity. The predominant form of PC networking was the bulletin board system, or BBS.... The ARPANET family of networks ran on a fundamentally different infrastructure from consumer-oriented BBS networks, and relatively few people were expert users of both. BBSs were not so much ignored by institutions of power as they were overlooked....

Between 1994 and 1995, the World Wide Web — and not the BBS — became the public face of cyberspace. On television and in print, journalists touted graphical browsers like NCSA Mosaic and Netscape Navigator as the internet's future. As hype mounted, investment capital flooded the data communications industry. But instead of BBSs, the money and attention flowed to firms linked to the nascent Web. Finally, when a moral panic over "cyberporn" threatened to burst the dot-com bubble, BBSs provided a convenient scapegoat. BBSs were old and dirty; the Web was new, clean, and safe for commerce. To avoid the stigma, enterprising BBS operators quietly rebranded. Seemingly overnight, thousands of dial-up BBSs vanished, replaced by brand-new "internet service providers." In the United States, the term BBS fell out of use.

The people who built the modem world in the 1980s laid the groundwork for millions of others who would bring their lives online in the 1990s and beyond. Along with writing code and running up their phone bills, BBS operators developed novel forms of community moderation, governance, and commercialization. When internet access finally came to the public, former BBS users carried the experience of grassroots networking into the social Web. Over time, countless social media platforms have reproduced the social and technical innovations of the BBS community.

Forgetting has high stakes. As the internet becomes the compulsory infrastructure of everyday life, the stories we tell about its origins are more important than ever. Recovering the history of the modem world helps us to imagine a world beyond — or perhaps after — commercial social media, mass surveillance, and platform monopolies. Endlessly modifiable, each BBS represented an idiosyncratic dream of what cyberspace could be, a glimpse of the future written in code and accessible from your local telephone jack. Immersing ourselves in this period of experimentation and play makes the internet seem strange again. By changing how we remember the internet's past, we can change our expectations for its future.

At the end of 2008, Firefox was flying high. Twenty percent of the 1.5 billion people online were using Mozilla's browser to navigate the web. In Indonesia, Macedonia, and Slovenia, more than half of everyone going online was using Firefox. "Our market share in the regions above has been growing like crazy," Ken Kovash, Mozilla's data analytics team manager at the time, wrote in a blog post. Almost 15 years later, things aren't so rosy. From a report: Across all devices, the browser has slid to less than 4 percent of the market -- on mobile it's a measly half a percent. "Looking back five years and looking at our market share and our own numbers that we publish, there's no denying the decline," says Selena Deckelmann, senior vice president of Firefox. Mozilla's own statistics show a drop of around 30 million monthly active users from the start of 2019 to the start of 2022. "In the last couple years, what we've seen is actually a pretty substantial flattening," Deckelmann adds.

In the two decades since Firefox launched from the shadows of Netscape, it has been key to shaping the web's privacy and security, with staff pushing for more openness online and better standards. But its market share decline was accompanied by two rounds of layoffs at Mozilla during 2020. Next year, its lucrative search deal with Google -- responsible for the vast majority of its revenue -- is set to expire. A spate of privacy-focused browsers now compete on its turf, while new-feature misfires have threatened to alienate its base. All that has left industry analysts and former employees concerned about Firefox's future. Its fate also has larger implications for the web as a whole. For years, it was the best contender for keeping Google Chrome in check, offering a privacy-forward alternative to the world's most dominant browser.

vm shares the blogpost of Mozilla releasing Firefox 100, and outlines some of thoughts: Out of the ashes of Netscape/AOL, Firebird rose as a promising new browser. A significant name change and a hundred releases later, Firefox 100 is still the underdog that keeps on fighting. With my mounting annoyance at all the Google services underpinning Chrome, I've since discovered and used Ungoogled Chromium, Waterfox, LibreWolf, and a handful of other lesser known spins on Chrome or Firefox. On mobile, Brave really does the best job at ad blocking whether you're on iOS or Android but the Mozilla Foundations is probably still the largest dev group fighting the good fight when it comes to both privacy and security enhancements.That's not to say that the Chromium team isn't security savvy -- I only wish they were just a little less Google. Anyhow, tell us about your favorite browser in the comments and have a look at Mozilla's latest release while you're at it.

Back in 1987 Alexander Trevor worked with the GIF format's creator, Steve Wilhite, at CompuServe. 35 years later Fast Company tech editor Harry McCracken (also Slashdot reader harrymcc) located Trevor for the inside story: Wilhite did not come up with the GIF format in order to launch a billion memes. It was 1987, and he was a software engineer at CompuServe, the most important online service until an upstart called America Online took off in the 1990s. And he developed the format in response to a request from CompuServe executive Alexander "Sandy" Trevor. (Trevor's most legendary contribution to CompuServe was not instigating GIF: He also invented the service's CB Simulator — the first consumer chat rooms and one of the earliest manifestation of social networking, period. That one he coded himself as a weekend project in 1980.)

GIF came to be because online services such as CompuServe were getting more graphical, but the computer makers of the time — such as Apple, Commodore, and IBM — all had their own proprietary image types. "We didn't want to have to put up images in 79 different formats," explains Trevor. CompuServe needed one universal graphics format.

Even though the World Wide Web and digital cameras were still in the future, work was already underway on the image format that came to be known as JPEG. But it wasn't optimized for CompuServe's needs: For example, stock charts and weather graphics didn't render crisply. So Trevor asked Wilhite to create an image file type that looked good and downloaded quickly at a time when a 2,400 bits-per-second dial-up modem was considered torrid. Reading a technical journal, Wilhite came across a discussion of an efficient compression technique known as LZW for its creators — Abraham Limpel, Jacob Ziv, and Terry Welch. It turned out to be an ideal foundation for what CompuServe was trying to build, and allowed GIF to pack a lot of image information into as few bytes as possible. (Much later, computing giant Unisys, which gained a patent for LZW, threatened companies that used it with lawsuits, leading to a licensing agreement with CompuServe and the creation of the patent-free PNG image format.)

GIF officially debuted on June 15, 1987. "It met my requirements, and it was extremely useful for CompuServe," says Trevor....

GIF was also versatile, offering the ability to store the multiple pictures that made it handy for creating mini-movies as well as static images. And it spread beyond CompuServe, showing up in Mosaic, the first graphical web browser, and then in Netscape Navigator. The latter browser gave GIFs the ability to run in an infinite loop, a crucial feature that only added to their hypnotic quality. Seeing cartoon hamsters dance for a split second is no big whoop, but watching them shake their booties endlessly was just one of many cultural moments that GIFs have given us.

"Arch Linux, the rolling Linux distribution that powers Valve's Steam Deck is now 20 years old," reports Neowin.

Slashdot reader segaboy81 writes that "What's cool to see here is that everything changed behind the scenes, but on the surface, things are the same." From the article: Announced on March 11th, 2002, and codenamed Homer, version 0.1 was released to minor fanfare. The release notes were a far cry from today's, essentially announcing it had broken ground and the foundation was going in, as it were.

Homer's release notes:

I've finally got a bootable iso image on the ftp site. The bad news is that you don't get a pretty interactive installer. But if you wanted one of those, you would have gone with RedHat, right? ;)

I'll try to get the docs up for ABS (Arch Build System) which, IMHO, is one of the best advantages of Arch. With ABS, you can easily create new packages, and it's trivial to rebuild existing packages with your own customizations....

It shipped with Linux kernel 2.4.18 which many of the Linux old-timers (myself included) will remember was right before we started to get nice things like auto-mounting USB drives in kernel 2.6. XFree86 4.2.0 was also in stow, which is what we now call Xorg. If you wanted to build software, you had to use an absolutely ancient gcc toolchain (2.95.3). Web browsing was covered by the ghost of Netscape Navigator, Mozilla 0.9.9. Heady days, these were!

A user writes: Jamie "jwz" Zawinski, famous for being one of the original Netscape developers, being a founder of the Mozilla project, and for this axiom, has laid into Mozilla after the Firefox developers announced they was accepting Dogecoin, Bitcoin, and Ethereum cryptocurrency payments, via Bitpay, for Mozilla's services and donations. Quote jwz: "I'm here to say fuck you and fuck this. Everyone involved in the project should be witheringly ashamed of this decision to partner with planet-incinerating Ponzi grifters."
UPDATE (1/6/2021): Days later the Mozilla Foundation announced they were instead pausing cryptocurrency donations to review whether the idea "fits with our climate goals."

A contract with a tech giant can put a startup on the map with venture capitalists and the market at large. That's what happened for Netskope, a cloud-based data security provider. Founded in 2012, the company was able to quickly scale up and secure multiple rounds of funding -- in part because it had a top-tier customer right out of the gate: Netflix. From a report: There was just one catch to landing that deal: It had to hire the streaming company's vice president of IT operations, Michael Kail, as a consultant and an advisor, and pay him with fees and stock options. Netskope (not to be confused with the now-defunct Netscape) wasn't the only startup confronted with that proposition. At least nine firms that worked for Netflix entered into similar arrangements, according to the U.S. Justice Department. Other companies drawn into Kail's web included software, cloud-storage and analytics companies Docurated, Numerify, NetEnrich, Platfora, VistaraIT, ElasticBox, Maginatics and Sumo Logic. The shady-sounding plot was described by the government during a criminal trial earlier this year in San Jose federal court. Kail was found guilty of more than two dozen fraud and money laundering counts. At his sentencing Oct. 19, prosecutors will ask that he get a stiff punishment of seven years in prison as well as be ordered to pay fines, restitution, and forfeit a $3.3 million home in Los Gatos, California.

The former Netflix VP, who also briefly served as chief information officer at Yahoo, "leveraged his status as a leader of the IT community in Silicon Valley to subvert the trust of Netflix and others to profit at their expense," prosecutors said in a recent court filing. They added that the similar schemes are "almost certainly" common among high-level tech executives, but that in no way excuses the behavior. The startups that paid to play, and possibly many others, believed this was how Netflix did business." A disturbing element of this narrative is the unequal playing field startups are on when they negotiate with big companies. As the government suggested, the crimes also seem relatively easy for an influential executive to carry out -- especially since the founders of fledgling firms have little if any incentive to blow the whistle, and may feel they have no choice but to go along with a pay-to-play scheme. In his own memorandum to the court, requesting that he be sentenced to a year of house arrest, Kail, 49, described himself as a "global power leader, top dev ops influencer and a thought leader." He appeared to minimize the impact of the crimes, describing them as "regrettable flaws in communication and transparency," and asserting that his undisclosed business relationships were more helpful than harmful to all involved. Yet many startup founders already have ample complaints about overly-generous advisor compensation and messy cap tables, even without the added corporate bribery wrinkle.

This weekend finds some long-time Slashdot readers debating why research shows Firefox losing market share. Long-time Slashdot reader chiguy shares one theory: "Firefox keeps losing users, according to this rant, because it arrogantly refuses to listen to its users."

Slashdot reader BAReFO0t countered that that can't be the reason, "because Google does that too." (They blame Chrome's "feature" addition treadmill, where "they keep adding stupid kitchen sinks for the sole and only purpose to make others unable to keep up.")

Long-time Slashdot reader Z00L00K thinks that "All those totally unnecessary UI changes are what REALLY annoys users. Not only the immediately visible things in the header but also the renaming of items in the menus just bugs people." But long-time Slashdot reader AmiMoJo argues that "the most popular browser, Chrome, has all those things. In fact all the browsers that are more popular than Firefox do, so the idea that those are unpopular and driving people away doesn't really hold up... Firefox's decline is mostly due to Chrome just being really good, and [Firefox] not having a decent mobile version."

I'm still a loyal Firefox user. (Although the thing that annoyed me was when Firefox suddenly changed the keyboard shortcut for copying a link from CNTRL-A to CNTRL-L.) The "rant" at ItsFoss argues that Firefox's original sin was in 2009 when it decided to move tabs to the top of the browser, and when favorite features could no longer be re-enabled in Firefox's about:config file. But that's what I like about Firefox -- at it's best, it's ultimately customizable, with any feature you want easily enabled in what's essentially an incredibly detailed "preferences" menu. Maybe other browsers are just better at attracting new users through purely mechanical advantages like default placement on popular systems?

Long-time Slashdot reader zenlessyank is also a long-time Firefox user -- "Been using it since Netscape" -- and countered all the doubters with a comment headlined "Firefox rocks!"

"Doesn't matter to me how many other users there are or aren't I will still use it as long as it stays updated."

But what are your thoughts? Feel free to share your own opinions and experiences with Firefox in the comments.

"Amazon Web Services on Thursday fulfilled its commitment to rename Amazon Elasticsearch Service with its expected new identity, Amazon OpenSearch Service," reports the Register in a new update on Amazon's ongoing battle over open source licensing: The name change was necessary because AWS and Elasticsearch BV fell out over the licensing of the Elasticsearch open source software and the eating of one another's lunch.... While AWS promises that OpenSearch Service APIs will be backward-compatible with the existing service APIs (open source Elasticsearch 7.10), meaning no backend or client app changes should be necessary, building against new OpenSearch Service features means there's no going back. AWS says that upgrading from existing Elasticsearch 6.x and 7.x managed clusters to OpenSearch is irreversible.

[According to a blog post by Channy Yun, principal developer advocate for AWS], OpenSearch 1.0 (the AWS fork) supports three features unavailable in the legacy Elasticsearch versions still supported in Amazon OpenSearch Service: Transforms, Data Streams, and Notebooks in OpenSearch Dashboards... Amazon OpenSearch Service incorporates various other capabilities not present in the open-source Elasticsearch code, like security integrations (Active Directory, etc), reporting, alerting, and other such things. Cloud provider lock-in can become an issue even when there's compatibility between hosted open source services and the projects they're based upon.

What started out as an exercise in copying, the most lucrative form of flattery, has become a race to differentiate, or — to use the words of former Microsoft VP Paul Martiz when telling Intel representatives in 1995 about how Microsoft would deal with Netscape — "Embrace, extend, extinguish."

Private equity firm Thoma Bravo has announced plans to acquire cybersecurity company Proofpoint in a deal worth $12.3 billion. VentureBeat reports: Founded in 2002 by former Netscape CTO Eric Hahn, Proofpoint was originally known for an email security product that helped businesses identify spam, viruses, and other electric correspondence that might contravene company policies. In the subsequent years, the Sunnyvale, California-based company has expanded its scope to include an array of cloud-based security products designed to protect enterprises from targeted threats. Proofpoint went public back in 2012, with its shares initially trading at around $13 -- these have grown steadily over the past decade, hitting an all-time high of $140 earlier this year and giving it a market capitalization of more than $7 billion.

Thoma Bravo has a track record of taking publicly traded cybersecurity companies private, having done just that with network security company Barracuda in a 2017 deal worth $1.6 billion and with Sophos last year for $3.9 billion. The Proofpoint deal, which is expected to close in Q3 2021, sees Thoma Bravo paying a 34% premium on Proofpoint's closing price at the last full trading day (April 23), with shareholders set to receive $176 for each share they own. It's worth noting that the $12.3 billion price tag positions this as the biggest cybersecurity acquisition of all time, putting it ahead of the $7.68 billion Intel shelled out for McAfee 11 years ago. And by VentureBeat's calculations, the Proofpoint acquisition represents one of the biggest overall technology acquisitions ever, putting it in the top 20, alongside megadeals that include Dell's $67 billion EMC purchase, IBM's $34 billion Red Hat deal, and Salesforce's impending $27.7 billion Slack acquisition.

Legendary programmer Jamie Zawinski has worked on everything from the earliest releases of the Netscape Navigator browser to XEmacs, Mozilla, and, of course, the XScreenSaver project.

Now Slashdot reader e432776 writes: JWZ continues to track issues with screensavers on Linux (since 2004!), and discusses a new bug in cinnamon-screensaver. Long-standing topics like X11, developer interaction, and code licensing all feature. Solutions to these long-standing issues remain elusive.
Jamie titled his blog post "I told you so, 2021 edition": You will recall that in 2004 , which is now seventeen years ago, I wrote a document explaining why I made the design trade-offs that I did in XScreenSaver, and in that document I predicted this exact bug as my example of, "this is what will happen if you don't do it this way."

And they went and made that happen.

Repeatedly.

Every time this bug is re-introduced, someone pipes up and says something like, "So what, it was a bug, they've fixed it." That's really missing the point. The point is not that such a bug existed, but that such a bug was even possible. The real bug here is that the design of the system even permits this class of bug. It is unconscionable that someone designing a critical piece of security infrastructure would design the system in such a way that it does not fail safe .

Especially when I have given them nearly 30 years of prior art demonstrating how to do it right, and a two-decades-old document clearly explaining What Not To Do that coincidentally used this very bug as its illustrative strawman!

These bugs are a shameful embarrassment of design -- as opposed to merely bad code...
ZDNet reports that Linux Mint has issued a patch for Cinnamon that fixes the screensaver bug. But HotHardware notes that it was discovered when "one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team."

But that's not the only thing bothering Jamie Zawinski: Just to add insult to injury, it has recently come to my attention that not only are Gnome-screensaver, Mint-screensaver and Cinnamon-screensaver buggy and insecure dumpster fires, but they are also in violation of my license and infringing my copyright.

XScreenSaver was released under the BSD license, one of the oldest and most permissive of the free software licenses. It turns out, the Gnome-screensaver authors copied large parts of XScreenSaver into their program, removed the BSD license and slapped a GPL license on my code instead -- and also removed my name. Rude...

Mint-screensaver and Cinnamon-screensaver, being forks and descendants of Gnome-screensaver, have inherited this license violation and continue to perpetuate it. Every Linux distro is shipping this copyright- and license-infringing code.

I eagerly await hearing how they're going to make this right.

References to decades-old computer software are included in the new Brexit agreement, including a description of Netscape Communicator and Mozilla Mail as being "modern" services. From a report: Experts believe officials must have copied and pasted chunks of text from old legislation into the document. The references are on page 921 of the trade deal, in a section on encryption technology. It also recommends using systems that are now vulnerable to cyber-attacks. The text cites "modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x." The latter two are now defunct - the last major release of Netscape Communicator was in 1997. The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks.

The programming language JavaScript emerged 25 years ago and has grown to become one of the most important pieces of the web and browser applications we use today. From a report: JavaScript is the go-to language for front-end development and has spawned Microsoft's Typescript, a superset of JavaScript with a stronger optional type system for developers that compiles to JavaScript when run in the browser. Both JavaScript and TypeScript conform to ECMAScript, the standard for JavaScript and node.js, the runtime for running applications outside of the browser thanks to Google's powerful V8 JavaScript engine. JavaScript's impact on the web cannot be understated. Tech giants have thrown their weight behind the language. Besides Google's V8, there are open source projects like React from Facebook and Angular from Google, which help spread web applications across smartphones and desktop. After Netscape and Sun Microsystems -- where Java was hatched in May 1995 by James Gosling -- announced JavaScript in December 1995, Microsoft promoted Visual Basic (VB) as a standard for creating web applications using VB Script for its Internet Explorer browser. Oracle would go on to buy Sun Microsystems in 2008 largely to get its hands on Java and its huge development ecosystem. The press release about its launch from 25 years ago.

An anonymous reader shares a report: For years now, Google Chrome has been an absolute dominant force in the world of web browsers, but since the relaunch of Microsoft Edge based on Google's Chromium, that position has been challenged. Now, Google is preparing to drive more Android owners back to using Chrome through targeted notifications. Over the admittedly brief history of the Internet, there have been a number of fierce competitions, commonly called "browser wars," between companies, in an effort to get more people to use their particular web browser. Mozilla and Netscape waged war against Internet Explorer, and Chrome fought and won against Firefox. Most recently, Microsoft Edge and Samsung Internet have begun to wage war against Chrome on desktop and Android respectively. Now, we've found that Google is preparing to try and win back some of those who have left Chrome for other browsers, starting on Android. Based on our reading of a series of code changes, we believe Google Chrome for Android will send you a notification if you haven't used Chrome in a while.

SecurityWeek editor wiredmikey shares new that Jim Clark and Tom Jermoluk (past founders of Netscape, Silicon Graphics and @Home Network) "have launched a phone-resident personal certificate-based authentication and authorization solution that eliminates all passwords."

Security Week reports: The technology used is not new, being based on X.509 certificates and SSL (invented by Netscape some 25 years ago and still the bedrock of secure internet communications). It is the opportunity provided by the modern smartphone with biometric user access, enough memory and power, and a secure enclave to store the private keys of a self-certificate that never leaves the device that is new. The biometric access ties the phone to its user, and the Beyond Identity certificate authenticates the device/user to the service provider, whether that's a bank or a corporate network...

"When this technology was created at Netscape during the beginning of the World Wide Web, it was conceived as a mechanism for websites to securely communicate, but the tools didn't yet exist to extend the chain all the way to the end user," commented Jermoluk. "Beyond Identity includes the user in the same chain of certificates bound together with the secure encrypted transport (TLS) used by millions of websites in secure communications today...."

With no passwords, the primary cause of data breaches (either to steal passwords or by using stolen passwords) is gone. It removes all friction from the access process, takes the password reset load off the help desk, and can form the basis of a zero-trust model where identity is the perimeter.
Though they're first focusing on the corporate market, their solution should be available to consumers by the end of 2020, the article reports, which speculates that the possibility of pre-also installing the solution on devices "is not out of the question."

Google has announced plans today to phase out the usage of user-agent strings in its web browser Chrome. From a report: UA strings have been developed part of the Netscape browser in the 90s, and have been in use ever since. For decades, websites have used UA strings to fine-tune features based on a visitor's technical specifications. But now, Google says that this once-useful mechanism has become a constant source of problems, on different fronts. For starters, UA strings have been used by online advertisers as a way to track and fingerprint website visitors. "On top of those privacy issues, User-Agent sniffing is an abundant source of compatibility issues, in particular for minority browsers, resulting in browsers lying about themselves (generally or to specific sites) , and sites (including Google properties) being broken in some browsers for no good reason," said Yoav Weiss, a Google engineer working on the Chrome browser.

To address these issues, Google said it plans to phase out the importance of UA strings in Chrome by freezing the standard as a whole. Google's plan is to stop updating Chrome's UA component with new strings (the UA string text that Chrome shares with websites). The long-term plan is to unify all Chrome UA strings into generic values that don't reveal too much information about a user. This means that new Chrome browser releases on new platforms such as new smartphone models or new OS releases will use a generic UA string, rather than one that's customised for that specific platform.