Beware: 'Digmine' Cryptocurrency Bot Is Spreading Via Facebook Messenger ( 96

Cybersecurity firm Trend Micro has discovered a cryptocurrency bot that is being spread through Facebook Messenger. The bot, dubbed Digmine, was discovered in South Korea and has since been found in Vietnam, Azerbaijan, Ukraine, Vietnam, Philippines, Thailand, and Venezuela. TechSpot explains: Victims receive a file named "" from one of their Facebook Messenger contacts. Opening it will load Chrome along with a malicious browser extension. Extensions can only be downloaded from the Chrome Web Store, but this is bypassed using the command line. Once the malware infects a system, a modified version of XMRig -- a Monero mining tool -- is installed. This mines the cryptocurrency in the background using a victim's CPU, sending all profits back to the hackers. Additionally, the Chrome extension is also used to spread Digmine. If someone has their Facebook account set to log in automatically, the fake video file link will be sent to all their friends via Messenger. The malware could also be used to take over a Facebook account entirely. The good news is that Digmine only works through the Chrome desktop version of Messenger. Right now, opening the malicious file via the Facebook/Messenger app or mobile webpage won't have the same effect. After Trend Micro revealed its findings, Facebook said it had taken down any links connected to Digmine.

Established Players in Tech Industry Are Displaced By New Technologies and Companies Often When They Are Operating At Their Peak ( 57

In a column, Steven Sinofsky, former President of the Windows Division at Microsoft, cites various examples from the past to suggest that it is often when incumbents in technology space have established market dominance that new startups rise and displace them: While the tech incumbents are clearly generating massive revenue and profits, nearly all of this comes from products developed long ago. In fact, as we now know in hindsight, it is exactly when conventional wisdom conflates today's economic success with forward-looking product innovation that seeds are being planted for the next massive wave of innovation. Google was formed at time when the incumbents of AOL and even Yahoo were stronger than ever. Facebook came just after the dot com bubble burst. Even the reincarnation of Apple took place after the bubble burst with products being developed as the bubble peaked. And for what it is worth, the PC ecosystem, particularly Windows, was relatively "flat" mired in Windows Vista while Firefox dominated and Google Chrome was appeared (Windows 7 wouldn't come out for a year after Chrome). In the infrastructure space, the seeds were planted for both AWS and VMWare in the shadow of the dot com bubble. In an historical context it is highly likely that the next wave of innovation in new technologies and new companies will happen right under the noses of big companies operating at what the public markets think of as peak (earnings) potential.
The Internet

Some Telcos and ISPs are Frustrating IPv6 Adoption ( 135

An anonymous reader writes: "There are indications that telecommunications operators and traditional ISPs in the country are frustrating adoption of Internet Protocol version six (IPv6) by other networks," reports Nigeria's Guardian newspaper, citing Nigeria CommunicationsWeek. The magazine found 32 networks with IPv6 addresses -- but only three which are using them. And the newspaper cites "a network engineer with a university who does not want to be named" frustrated that their ISP's network isn't IPv6-compatible, so the university can't use its own IPv6 address. "Mohammed Rudman, chairman, IPv6 Council Nigeria, said that most telecommunications operators and internet service providers in the country have not adopted IPv6 which raises the issue of compatibility with other networks."
Firefox has a fast-fallback-to-IPv4 option, which you can disable in about:config (as well as an option to disable IPv6 altogether). But "the Chrome browser supports IPv6 natively and doesn't allow users to decide which protocol to use," reports

How does your browser perform? Long-time Slashdot reader ourlovecanlastforeve shared a link to, which detects whether "when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6."

Microsoft Removes Google's Chrome Installer From the Windows Store ( 124

Not too long after Google published a Chrome app in the Windows Store, Microsoft removed it, claiming it "violates our Microsoft Store policies." The Verge reports: Citing the need to ensure apps "provide unique and distinct value," Microsoft says "we welcome Google to build a Microsoft Store browser app compliant with our Microsoft Store policies." That's an invitation that Google is unlikely to accept. There are many reasons Google won't likely bring Chrome to the Windows Store, but the primary reason is probably related to Microsoft's Windows 10 S restrictions. Windows Store apps that browse the web must use HTML and JavaScript engines provided by Windows 10, and Google's Chrome browser uses its own Blink rendering engine. Google would have to create a special Chrome app that would adhere to Microsoft's Store policies. Most Windows 10 machines don't run Windows 10 S, so Google probably won't create a special version just to get its browser listed in the Windows Store. Google can't just package its existing desktop app into a Centennial Windows Store app, either. Microsoft is explicit about any store apps having to use the Edge rendering engine.

Chrome 64 Beta Adds Sitewide Audio Muting, Pop-Up Blocker, Windows 10 HDR Video ( 43

Chrome 64 is now in beta and it has several new features over version 63. In addition to a stronger pop-up blocker and support for HDR video playback when Windows 10 is in HDR mode, Chrome 64 features sitewide audio muting to block sound when navigating to other pages within a site. 9to5Google reports: An improved pop-up blocker in Chrome 64 prevents sites with abusive experiences -- like disguising links as play buttons and site controls, or transparent overlays -- from opening new tabs or windows. Meanwhile, as announced in November, other security measures in Chrome will prevent malicious auto-redirects. Beginning in version 64, the browser will counter surprise redirects from third-party content embedded into pages. The browser now blocks third-party iframes unless a user has directly interacted with it. When a redirect attempt occurs, users will remain on their current page with an infobar popping up to detail the block. This version also adds a new sitewide audio muting setting. It will be accessible from the permissions dropdown by tapping the info icon or green lock in the URL bar. This version also brings support for HDR video playback when Windows 10 is in HDR mode. It requires the Windows 10 Fall Creator Update, HDR-compatible graphics card, and display. Meanwhile, on Windows, Google is currently prototyping support for an operating system's native notification center. Other features include a new "Split view" feature available on Chrome OS. Developers will also be able to take advantage of the Resize Observer API to build responsive sites with "finger control to observe changes to sizes of elements on a page."

Google Glitch Took Thousands of Chromebooks Offline ( 77

Slashdot reader Bismillah was the first to notice stories about Chromebooks going offline. GeekWire reports: Tens of thousands, perhaps millions, of Google Chromebooks, widely prized by schools due to their low cost and ease of configuration, were reported to be offline for several hours on Tuesday. The apparent cause? A seemingly botched WiFi policy update pushed out by Google that caused many Chromebooks to forget their approved network connection, leaving students disconnected.
Google eventually issued a new network policy without the glitch -- but not everyone was satisfied. The Director of Technology at one school district complains Google waited three and a half hours before publicly acknowledging the problem -- adding that "manually joining a WiFi network on 10,000+ Chromebooks is a nightmare."

Chrome 63 Offers Even More Protection From Malicious Sites, Using Even More Memory ( 63

An anonymous reader quotes a report from Ars Technica: To further increase its enterprise appeal, Chrome 63 -- which hit the browser's stable release channel yesterday -- includes a couple of new security enhancements aimed particularly at the corporate market. The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another. [...]

Naturally, this greater use of multiple processes incurs a price; with this option enabled, Chrome's already high memory usage can go up by another 15 to 20 percent. As such, it's not enabled by default; instead, it's intended for use by enterprise users that are particularly concerned about organizational security. The other new capability is the ability for administrators to block extensions depending on the features those extensions need to use. For example, an admin can block any extension that tries to use file system access, that reads or writes the clipboard, or that accesses the webcam or microphone. Additionally, Google has started to deploy TLS 1.3, the latest version of Transport Layer Security, the protocol that enables secure communication between a browser and a Web server. In Chrome 63, this is only enabled between Chrome and Gmail; in 2018, it'll be turned on more widely.


Google Wants Progressive Web Apps To Replace Chrome Apps ( 154

An anonymous reader quotes a report from Android Police: The Chrome Web Store originally launched in 2010, and serves a hub for installing apps, extensions, and themes packaged for Chrome. Over a year ago, Google announced that it would phase out Chrome apps on Windows, Mac, and Linux in 2018. Today, the company sent out an email to developers with additional information, as well as news about future Progressive Web App support. The existing schedule is mostly still in place -- Chrome apps on the Web Store will no longer be discoverable for Mac, Windows, and Linux users. In fact, if you visit the store right now on anything but a Chromebook, the Apps page is gone. Google originally planned to remove app support on all platforms (except Chrome OS) entirely by Q1 2018, but Google has decided to transition to Progressive Web Apps:

"The Chrome team is now working to enable Progressive Web Apps (PWAs) to be installed on the desktop. Once this functionality ships (roughly targeting mid-2018), users will be able to install web apps to the desktop and launch them via icons and shortcuts; similar to the way that Chrome Apps can be installed today. In order to enable a more seamless transition from Chrome Apps to the web, Chrome will not fully remove support for Chrome Apps on Windows, Mac or Linux until after Desktop PWA installability becomes available in 2018. Timelines are still rough, but this will be a number of months later than the originally planned deprecation timeline of 'early 2018.' We also recognize that Desktop PWAs will not replace all Chrome App capabilities. We have been investigating ways to simplify the transition for developers that depend on exclusive Chrome App APIs, and will continue to focus on this -- in particular the Sockets, HID and Serial APIs."


Mozilla Revenue Jump Fuels Its Firefox Overhaul Plan ( 127

Well, now we know what paid for all those programmers cranking out the overhauled Firefox Quantum browser: a major infusion of new money. From a report: Mozilla, the nonprofit behind the open-source web browser, saw its 2016 revenue increase 24 percent to an all-time high of $520 million, it said Friday. Expenses grew too, but not as much, from $361 million to $337 million, so the organization's war chest is significantly bigger now. Mozilla, which now has about 1,200 employees, releases prior-year financial results in conjunction with tax filings. Most of Mozilla's money comes from partnerships with search engines like Google, Yahoo, DuckDuckGo, Baidu and Yandex. When you search through Firefox's address bar, those search engines show search ads alongside results and share a portion of the revenue to Mozilla. Mozilla in 2014 signed a major five-year deal with Yahoo to be the default search engine in the US, but canceled it only three years in and moved back to Google instead in November. Mozilla's mission -- to keep the internet open and a place where you aren't in the thrall of tech giants -- may seem abstract. But Mozilla succeeded in breaking the lock Microsoft's Internet Explorer had on the web a decade ago, and now it's fighting the same battle again against Google's Chrome.

Google Will Block Third-Party Software From Injecting Code Into Chrome ( 40

Catalin Cimpanu, writing for BleepingComputer: Google has laid out a plan for blocking third-party applications from injecting code into the Chrome browser. The most impacted by this change are antivirus and other security products that often inject code into the user's local browser process to intercept and scan for malware, phishing pages, and other threats. Google says these changes will take place in three main phases over the next 14 months. Phase 1: In April 2018, Chrome 66 will begin showing affected users a warning after a crash, alerting them that other software is injecting code into Chrome and guiding them to update or remove that software. Phase 2: In July 2018, Chrome 68 will begin blocking third-party software from injecting into Chrome processes. If this blocking prevents Chrome from starting, Chrome will restart and allow the injection, but also show a warning that guides the user to remove the software. Phase 3: In January 2019, Chrome 72 will remove this accommodation and always block code injection.

Wondering Why Your Internal .dev Web App Has Stopped Working? ( 311

Kieren McCarthy, writing for The Register: Network admins, code wranglers and other techies have hit an unusual problem this week: their test and development environments have vanished. Rather than connecting to private stuff on an internal .dev domain to pick up where they left off, a number of engineers and sysadmins are facing an error message in their web browser complaining it is "unable to provide a secure connection." How come? It's thanks to a recent commit to Chromium that has been included in the latest version of Google Chrome. As developers update their browsers, they may find themselves booted out their own systems. Under the commit, Chrome forces connections to all domains ending in .dev (as well as .foo) to use HTTPS via a HTTP Strict Transport Security (HSTS) header. This is part of Google's larger and welcome push for HTTPS to be used everywhere for greater security.

Microsoft Office Now Available On All Chromebooks ( 113

Microsoft has reportedly finished testing out its Office apps on Chromebooks as a number of Chromebooks are now seeing the Office apps in the Google Play Store. Samsung's Chromebook Pro, Acer's Chromebook 15, and Acer's C771 have the Office apps available for download. The Verge reports: The apps are Android versions of Office which include the same features you'd find on an Android tablet running Office. Devices like Asus' Chromebook Flip (with a 10.1-inch display) will get free access to Office on Chrome OS, but larger devices will need a subscription. Microsoft has a rule across Windows, iOS, and Android hardware that means devices larger than 10.1 inches need an Office 365 subscription to unlock the ability to create, edit, or print documents.

Why ESR Hates C++, Respects Java, and Thinks Go (But Not Rust) Will Replace C ( 608

Open source guru Eric S. Raymond followed up his post on alternatives to C by explaining why he won't touch C++ any more, calling the story "a launch point for a disquisition on the economics of computer-language design, why some truly unfortunate choices got made and baked into our infrastructure, and how we're probably going to fix them." My problem with [C++] is that it piles complexity on complexity upon chrome upon gingerbread in an attempt to address problems that cannot actually be solved because the foundational abstractions are leaky. It's all very well to say "well, don't do that" about things like bare pointers, and for small-scale single-developer projects (like my eqn upgrade) it is realistic to expect the discipline can be enforced. Not so on projects with larger scale or multiple devs at varying skill levels (the case I normally deal with)... C is flawed, but it does have one immensely valuable property that C++ didn't keep -- if you can mentally model the hardware it's running on, you can easily see all the way down. If C++ had actually eliminated C's flaws (that is, been type-safe and memory-safe) giving away that transparency might be a trade worth making. As it is, nope.
He calls Java a better attempt at fixing C's leaky abstractions, but believes it "left a huge hole in the options for systems programming that wouldn't be properly addressed for another 15 years, until Rust and Go." He delves into a history of programming languages, touching on Lisp, Python, and programmer-centric languages (versus machine-centric languages), identifying one of the biggest differentiators as "the presence or absence of automatic memory management." Falling machine-resource costs led to the rise of scripting languages and Node.js, but Raymond still sees Rust and Go as a response to the increasing scale of projects.
Eventually we will have garbage collection techniques with low enough latency overhead to be usable in kernels and low-level firmware, and those will ship in language implementations. Those are the languages that will truly end C's long reign. There are broad hints in the working papers from the Go development group that they're headed in this direction... Sorry, Rustaceans -- you've got a plausible future in kernels and deep firmware, but too many strikes against you to beat Go over most of C's range. No garbage collection, plus Rust is a harder transition from C because of the borrow checker, plus the standardized part of the API is still seriously incomplete (where's my select(2), again?).

The only consolation you get, if it is one, is that the C++ fans are screwed worse than you are. At least Rust has a real prospect of dramatically lowering downstream defect rates relative to C anywhere it's not crowded out by Go; C++ doesn't have that.


Firefox Quantum Is 'Better, Faster, Smarter than Chrome', Says Wired ( 383

Wired's senior staff writer David Pierce says Firefox Quantum "feels like a bunch of power users got together and built a browser that fixed all the little things that annoyed them about other browsers." The new Firefox actually manages to evolve the entire browser experience, recognizing the multi-device, ultra-mobile lives we all lead and building a browser that plays along. It's a browser built with privacy in mind, automatically stopping invisible trackers and making your history available to you and no one else. It's better than Chrome, faster than Chrome, smarter than Chrome. It's my new go-to browser.

The speed thing is real, by the way. Mozilla did a lot of engineering work to allow its browser to take advantage of all the multi-core processing power on modern devices, and it shows... I routinely find myself with 30 or 40 tabs open while I'm researching a story, and at that point Chrome effectively drags my computer into quicksand. So far, I haven't been able to slow Firefox Quantum down at all, no matter how many tabs I use... [But] it's the little things, the things you do with and around the web pages themselves, that make Firefox really work. For instance: If you're looking at a page on your phone and want to load that same page on your laptop, you just tap "Send to Device," pick your laptop, and it opens and loads in the background as if it had always been there. You can save pages to a reading list, or to the great read-it-later service Pocket (which Mozilla owns), both with a single tap...

Mozilla has a huge library of add-ons, and if you use the Foxified extension, you can even run Chrome extensions in Firefox. Best I can tell, there's nothing you can do in Chrome that you can't in Firefox. And Firefox does them all faster.

I've noticed that when you open a new tab in Chrome's mobile version, it forces you to also see news headlines that Google picked out for you. But how about Slashdot's readers? Chrome, Firefox -- or undecided?

Google Is Working On Fuchsia OS Support For Apple's Swift Programming Language ( 54

An anonymous reader shares a report from Android Police: Google's in-development operating system, named "Fuchsia," first appeared over a year ago. It's quite different from Android and Chrome OS, as it runs on top of the real-time "Magenta" kernel instead of Linux. According to recent code commits, Google is working on Fuchsia OS support for the Swift programming language. If you're not familiar with it, Swift is a programming language developed by Apple, which can be used to create iOS/macOS/tvOS/watchOS applications (it can also compile to Linux). Apple calls it "Objective-C without the C," and on the company's own platforms, it can be mixed with existing C/Objective-C/C++ code (similar to how apps on Android can use both Kotlin and Java in the same codebase). We already know that Fuchsia will support apps written in Dart, a C-like language developed by Google, but it looks like Swift could also be supported. On Swift's GitHub repository, a pull request was created by a Google employee that adds Fuchsia OS support to the compiler. At the time of writing, there are discussions about splitting it into several smaller pull requests to make reviewing the code changes easier.

Firefox vs Chrome: Speed and Memory ( 160

Mashable aleady reported Firefox Quantum performs better than Chrome on web applications (based on BrowserBench's JetStream tests), but that Chrome performed better on other benchmarks. Now Laptop Mag has run more tests, agreeing that Firefox performs beter on JetStream tests -- and on WebXPRT's six HTML5- and JavaScript-based workload tests. Firefox Quantum was the winner here, with a score of 491 (from an average of five runs, with the highest and lowest results tossed out) to Chrome's 460 -- but that wasn't quite the whole story. Whereas Firefox performed noticeably better on the Organize Album and Explore DNA Sequencing workloads, Chrome proved more adept at Photo Enhancement and Local Notes, demonstrating that the two browsers have different strengths...

You might think that Octane 2.0, which started out as a Google Developers project, would favor Chrome -- and you'd be (slightly) right. This JavaScript benchmark runs 21 individual tests (over such functions as core language features, bit and math operations, strings and arrays, and more) and combines the results into a single score. Chrome's was 35,622 to Firefox's 35,148 -- a win, if only a minuscule one.

In a series RAM-usage tests, Chrome's average score showed it used "marginally" less memory, though the average can be misleading. "In two of our three tests, Firefox did finish leaner, but in no case did it live up to Mozilla's claim that Quantum consumes 'roughly 30 percent less RAM than Chrome,'" reports Laptop Mag.

Both browsers launched within 0.302 seconds, and the article concludes that "no matter which browser you choose, you're getting one that's decently fast and capable when both handle all of the content you're likely to encounter during your regular surfing sessions."

Is Firefox 57 Faster Than Chrome? ( 234

An anonymous reader quotes TechNewsWorld: Firefox is not only fast on startup -- it remains zippy even when taxed by multitudes of tabs. "We have a better balance of memory to performance than all the other browsers," said Firefox Vice President for Product Nick Nguyen. "We use 30 percent less memory, and the reason for that is we can allocate the number of processes Firefox uses on your computer based on the hardware that you have," he told TechNewsWorld. The performance improvements in Quantum could be a drink from the fountain of youth for many Firefox users' systems. "A significant number of our users are on machines that are two cores or less, and less than 4 gigabytes of RAM," Nguyen explained.
Mashable ran JetStream 1.1 tests on the ability to run advanced web applications, and concluded that "Firefox comes out on top, but not by much. This means it's, according to JetStream, slightly better suited for 'advanced workloads and programming techniques.'" Firefox also performed better on "real-world speed tests" on and the New York Times' site, while Chrome performed better on National Geographic, CNN, and Mashable. Unfortunately for Mozilla, Chrome looks like it's keeping the top spot, at least for now. The only test that favors Quantum is JetStream, and that's by a hair. And in Ares-6 [which measures how quickly a browser can run new Javascript functions, including mathematical functions], Quantum gets eviscerated... Speedometer simulates user actions on web applications (specifically, adding items to a to-do list) and measures the time they take... When it comes to user interactions in web applications, Chrome takes the day...

In reality, however, Quantum is no slug. It's a capable, fast, and gorgeous browser with innovative bookmark functionality and a library full of creative add-ons. As Mozilla's developers fine-tune Quantum in the coming months, it's possible it could catch up to Chrome. In the meantime, the differences in page-load time are slight at best; you probably won't notice the difference.


Slashdot Asks: Have You Switched To Firefox 57? 589

Yesterday, Mozilla launched Firefox 57 for Windows, Mac, Linux, Android, and iOS. It brings massive performance improvements as it incorporates the company's next-generation browser engine called Project Quantum; it also features a visual redesign and support for extensions built using the WebExtension API. Have you used Firefox's new browser? Does it offer enough to make you switch from your tried-and-true browser of choice? We'd love to hear your thoughts.
The Internet

All Major Browsers Now Support WebAssembly ( 243

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

Firefox 57 Brings Better Sandboxing on Linux ( 124

Catalin Cimpanu, writing for BleepingComputer: Firefox 57, set to be released tomorrow, will ship with improvements to the browser's sandbox security feature for Linux users. The Firefox sandboxing feature isolates the browser from the operating system in a way to prevent web attacks from using a vulnerability in the browser engine and its legitimate functions to attack the underlying operating system, place malware on the filesystem, or steal local files. Chrome has always run inside a sandbox. Initially, Firefox ran only a few plugins inside a sandbox -- such as Flash, DRM, and other multimedia encoding plugins.

Slashdot Top Deals