Chrome Version 64 is Out

Google ChromeAn even stronger pop-up blocker…

Chrome 64 arrives with stronger pop-up blocker and new developer features

Venturebeat – By: Emil Protalinski – “Google today launched Chrome 64 for Windows, Mac, and Linux. Additions in this release include a stronger pop-up blocker and a slew of developer features. You can update to the latest version now using the browser’s built-in silent updater or download it directly from google.com/chrome.

Chrome is arguably more than a browser. With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with Chrome’s regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available.

First up, Chrome 64 has a stronger pop-up blocker that prevents sites with abusive experiences from opening new tabs or windows. These include third-party websites disguised as play buttons, other site controls, or even transparent overlays on websites that capture all clicks. If you’re a site owner, you can use the Abusive Experiences Report in the Google Search Console to see if your site has been found with abusive experiences.

Chrome 64 also brings support for the Resize Observer API, which gives web applications finer control over changes to sizes of elements on a page. Responsive web apps currently use CSS media queries or window.onresize to build responsive components that adapt to different viewport sizes, but these are both global signals and require the overall viewport to change in order for the site to respond accordingly.

Chrome now also supports the import.meta property within JavaScript modules that expose the module URL via import.meta.url. This is useful to developers writing JavaScript modules who want access to host-specific metadata about the current module or library authors who want to access the URL of the module being bundled into the library.

Developers will also want to know that Chrome 64 includes an update to the V8 JavaScript engine: version 6.4. You can expect the usual speed and memory improvements, plus new ECMAScript language features. Check out the summary of API changes for more information.

Chrome 64 was supposed to stop sites from autoplaying content with sound. We tested this and it appears the feature has not been turned on, even though it does work in non-stable versions.

Chrome 63 was supposed to include an option to completely disable audio for whole sites. It didn’t make it into that version, but it is available in Chrome 64, so it’s possible Google might simply be running behind schedule. Presumably by Chrome 65, if not sooner, Google’s browser will disable all autoplaying content with sound.

In related news, Google released Chrome 64 for Android yesterday. In addition to the usual performance and stability improvements, this version has the same stronger ad blocker as the desktop version that prevents sites with abusive ad experiences from opening new windows or tabs.”

The Mosaic Browser is 25 Years Old!

MosiacYes, I actually remember using Mosaic! It was a brave new World!

Mosaic’s birthday: 25 years of the modern web

ZDNet – By: By Steven J. Vaughan-Nichols – “In the beginning, the web, or WEB as it was known then, was a mystery. Like gopher and archie, it was a character-based internet tool interface that only the proud, the few, and the early internet users knew about. Then, everything changed. First, the Commercial Internet Exchange (CIX) made it easy for anyone to get on the net, and then two graduate students, Marc Andreessen and Eric Bina, at the National Center for Supercomputing Applications (NCSA) at the University of Illinois Urbana-Champaign, created the first popular web browser: Mosaic.

Mosaic’s first beta was released for Unix operating systems running X Window on January 23, 1993. It wasn’t the first graphical web browser. That honor goes to ViolaWWW, a Unix browser, although some argue the even more obscure Erwise should get the credit for being the first web browser. The early browser Cello takes the prize for being the first Windows graphical web browser. No matter who really gets the credit for being the very first web browser, no one can argue Mosaic was the first popular web browser.

Mosaic changed everything. Because Mosaic was fast and enabled people to see images within pages, it quickly gained fans. Earlier browsers could only show images in separate windows. Moasic was also the first “easy to use” browser. It also popularized icons, bookmarks, and a more attractive interface.

That’s not to say anyone could use Mosaic. It was far from simple to set up. In those days, getting on the internet was a major pain in the rump. For instance Windows didn’t natively support the internet’s fundamental protocol, TCP/IP, until Windows 95 appeared. If you wanted TCP/IP on Windows 3.1x, you needed to use the arcane but absolutely necessary Trumpet Winsocket program, and find an internet service provider (ISP).

Just because it was hard to do, it didn’t stop people. As Bob Metcalfe, co-founder of Ethernet, wrote in 1995, after Andreessen and Bina developed NCSA Mosaic, “Several million [people] then suddenly noticed that the web might be better than sex.”

Well maybe. As the popular musical Avenue Q wittily points out, ‘The Internet Is For Porn.’ But, we didn’t know that yet.

More dryly, the NCSA stated that soon after Mosaic was released, “more than 5,000 copies were being downloaded each month; the center was receiving hundreds of thousands of email inquiries a week, and internet traffic was dramatically rising.” By mid-1994, Joseph Hardin, an NCSA director, claimed Mosaic downloads were up to 50,000 a month. In the day when 28.8 kilobits per second was a fast internet connection, that’s a remarkable number.

Andreessen and Bina quickly realized they could make a mint from Mosaic. They took the Mosaic code. In October 1994, they used their experience in building Mosaic to create the first successful commercial web browser: Netscape Navigator. Five years later almost to the day, Netscape would release the Netscape source code as open source. This code would become the foundation to the Firefox web browser.

Microsoft, despite what Bill Gates would later claim, was late in realizing just how important the internet and the web would be. Microsoft played catch up by copying Spyglass’ Mosaic-like code base to make the first version of Internet Explorer (IE). IE 2.0 was released as an add-on to Windows 95 in the Microsoft Plus package in August 1995. There was never an IE 1.0.

Mosaic transformed our world. Today, we live our lives on the web, and we all owe a debt of gratitude to Mosaic. While the program itself, superseded by Netscape, lost most of its users by 1998, we’re still living in the world Mosaic pioneered.”

Would You Believe a Half-Terabyte MicroSD Card!

Integral MicroSDWow! Half a terabyte in a tiny micro-SD card!

Integral Memory’s new 512GB microSD card is the biggest microSD card yet

The Verge – By: Chaim Gartenberg – “There’s a new king of the microSD card: Integral Memory’s 512GB microSD card, which packs a record breaking full half-terabyte of storage into the diminutive card format. You definitely should try not to lose it.

The previous record holder — SanDisk’s now paltry 400GB card — is still a bit faster at 100MB/s, whereas Integral Memory’s new 512GB behemoth tops out at a maximum speed of 80MB/s. The new 512GB microSD card is also classified as an SDXC UHS-I U1 card (i.e., it has a minimum write speed of 10MB/s) and meets the V10 standard for video transfer rates, so it’s designed to capture full HD video off cameras.

No price was given, but it’s almost guaranteed to be expensive when in launches sometime in February.”

Android Oreo 8.1 Now Displays Connection Speed Info

Oreo 8.1Know before you connect which WiFi connection is faster.

Android 8.1 can now display Wi-Fi speeds before connecting

Techcrunch – By: Brian Heater – “Oreo was a bit of a lackluster update on first launch, but the mobile operating system is getting some nice new tricks with 8.1’s updates. The new Speed Labels feature is one of the more compelling of the bunch, offering estimated network signals prior to logging on.

Starting this week, users with 8.1 installed will see one of four qualifiers next to open Wi-Fi networks: Very Fast, Fast, OK and Slow. Pretty straightforward, that. Fast is fine for most videos, according to Google, with Very Fast required for much higher quality. OK should suffice for reading sites and streaming music, while Slow is basically okay for Wi-Fi calling and texts.

It’s not exactly a speed test rating, but it should make the job of deciding between networks a bit easier. The feature was announced in December and is finally starting to roll out to 8.1 users this week. Of course, that version of Android is still in relatively limited supply at the moment, with support on Google’s own phones, including the Pixel and Pixel 2, Nexus 6P and Nexus 5X.

Speeds won’t show up for protected networks, and admins who are sensitive about that sort of thing also can opt-out from having their speed displayed in Android.”

Duck Duck Go Adds Tracker Blocking Feature

DuckDuckGoThe privacy-aware search engine, Duck Duck Go, makes some big announcements!

DuckDuckGo adds tracker blocking to help curb the wider surveillance web

Techcrunch – By: Natasha Lomas – “Some major product news from veteran anti-tracking search engine DuckDuckGo: Today it’s launched revamped mobile apps and browser extensions that bake in a tracker blocker for third party sites, and include a suite of other privacy features intended to help users keep surfing privately as they navigate around the web.

The apps and browser extensions are available globally for Android, iOS, Chrome, Firefox and Safari as of now. (DDG tells us Opera is also on its radar but there’s no launch date yet.)

‘Our vision has been to set the standard of trust online,’ says CEO and founder Gabe Weinberg, discussing the new products. ‘[To date] we’ve been really focused on the search engine because it’s really complicated to compete with Google in their core market. But now that we feel we can handle that we are making progress on this broader vision of protecting people across the Internet.

‘What we’re really trying to do is move beyond a search box… What we realized from talking to people, especially over the last two years, is that privacy risks have gone completely mainstream.

DDG’s aim is to create a ‘use anywhere’ privacy tool that combines access to its private search engine with tracker blocking and a bundle of other ‘privacy essentials’ — such as an encryption protection feature that automatically sends a user to an encrypted version of a website (if there is one), instead of accepting a default non-encrypted version.

Also new: DDG is serving up a privacy rating for each website visited. This grade is based on how many hidden trackers a site is deploying; whether it’s encrypting your connection; and also considering the site’s own privacy policy (for the latter activity DDG is partnering with terms of service rating initiative, ToS;DR, but also notes that ‘most privacy policies still remain unstudied’ so says it’s going to be helping that organization rate and label ‘as many websites as possible’ too).

‘The unfortunate reality is that hardly any sites really deserve an ‘A’ on privacy,’ says Weinberg on this. ‘We can get most sites up to a ‘B’ if we can… block all the trackers and get encryption. Then the gulf between the ‘B’ and the ‘A’ is actually their privacy policies.

‘Unfortunately… even if things are blocked and encrypted then the site itself can still collect data as a first party and sell it. And so to really get an ‘A’ rating the privacy policy needs to be vetted.’

For tracker blocking, he says DDG is using some technology from EasyList and Disconnect but also ‘running through our own tests to try to add to that, as well as make it so that less websites break when you use it’. (To be clear, it’s not doing any ad-blocking; it’s just blocking third party trackers.)

Weinberg claims the tracker blocker is ‘very effective now’, leaning on the open source community’s expertise, but says DDG also wants to build on the tool and add more privacy and blocking technologies over time — suggesting, for example, a feature that could thwart hidden cryptocurrency miners, which can get embedded on websites, as something else he’d like to add in future.

Asked how DDG’s approach stacks up compared to Mozilla-backed private search browser Cliqz, which last year acquired the Ghostery anti-tracker tool so is playing in a pretty similar space, Weinberg argues the rival product isn’t ‘really integrated’. ‘They’re more going after a pure browser situation whereas what we’re saying is, anywhere you are, on any device or major browser, we can augment it to help protect your privacy there in a seamless way,’ he says.

‘In general, I think that privacy is mainstream and people want simple, seamless solutions and they just don’t exist — until now,’ he continues, adding: ‘We expect most of our search engine users to accept and use the extension and the app because it really extends their privacy protection.

‘And beyond our user base, I think this is something that all consumers could benefit from — so we’re hoping that it gets downloaded widely.’

DuckDuckGo has been profitable since 2014, according to Weinberg. (It makes money not by tracking and profiling its users, as Google does, but by serving ads based on the search terms being used at the point of each search, and also from affiliate revenue.) Hence now feeling flush enough with cash to work on expanding beyond the core private search offering.

Last year DDG’s search engine served up just under 6BN private searches — with usage up around 50 per cent on 2016 levels. (Given it doesn’t track individual users it can’t really break out firm user metrics but Weinberg says third party estimates peg users at around 25M at this point.)

On the growth point, DDG says that over a third (36%) of all searches ever entered in its ten-year lifespan were conducted in 2017 alone. So the usage spike it got in 2013, after NSA whistleblower Edward Snowden’s revelations about government mass surveillance programs, has evidently turned into some sustained momentum.

tl;dr, privacy isn’t just a passing fad. Because mass surveillance isn’t just a government activity. The commercial web is lousy with trackers and data brokers too — and Weinberg argues web users are increasingly waking up to how they are being stalked around the Internet.

‘In the last couple of years mainstream people have really opened up to the idea that the Internet’s pretty creepy out there — and it’s in large part due to Google and Facebook,’ he says. ‘And in particular that they’re amassing unprecedented amounts of personal information on each person.’

The pair’s use of online tracking for online profiling to power their respective hypertargeted advertising platforms is ‘at best, annoying’, argues Weinberg, ‘and at worst causing major political upheavals, like the Russian ad interference’ (such as in the US election and the UK’s brexit referendum, to name just two examples on that front).

He cites figures that trackers used by Google are now on 76% of the top million websites and Facebook’s trackers are on 24% of pages — saying it drops off ‘pretty quickly after that’, with Twitter on just 12%.

Literally any site you visit you’re likely to have Facebook, Google watching you there.

‘I think people are aware now that hidden trackers are around, and slurping up their personal information. What they don’t realize, though, is how pervasive Google and Facebook trackers are,’ he suggests.

‘Literally any site you visit you’re likely to have Facebook, Google watching you there. That’s the piece that I think people are starting to wake up to now.’

The other problem that he argues is exacerbated by mass surveillance ad-targeting online business models is filter bubbles — aka the strategy of platforms using people’s own biases as a tactic to keep them clicking by reductively feeding them more of the same stuff.

And, again, concern about the societal impact of filter bubbles has increasingly become a mainstream discussion point in recent months and years.

Weinberg explains that the tracker blocker aspect of DDG’s new products group trackers into networks to try to make it easier for people to understand which companies are responsible for tracking you. So instead of just saying something generic — like it’s ‘blocking 25 trackers’, as a typical anti-tracker tool might — users of DDG’s tool will be told which tracker networks are being blocked and ‘what their purpose is’.

‘When people realize the harms… of filter bubble and pervasive ads those emotionally resonant with people and they’d like to get rid of them. And this is the easiest way to do that,’ he adds.

In the European Union, an updated online privacy framework, GDPR, will apply from May. This regulation makes explicit mention of online profiling, including a right for people to object to this kind of activity — and some privacy experts suggest it could cause big upheavals for adtech and online profiling.

But asked for his take on GDPR’s implications for profiling, Weinberg isn’t confident it will be much of a barrier to the web’s two main commercial surveillance entities: Facebook and Google.

‘I’m a big fan of the regulation and I’m hopeful that a lot of these kind of more hidden data brokers that don’t have consumer relationships are really going to get caught out with it because they can’t get consent,’ he says. ‘But unfortunately, the way I see it is — Facebook and Google — I don’t think they seem like they’re going to be as affected by the regulation.

‘Because while consent will be required in much more vigorous ways, I think that they’re going to push that through their products. And then people will end up consenting.’

‘I think you need a different consumer backlash as well — either people literally leaving the services. Or, in this case, in between: Blocking all their hidden trackers across the web. And not waiting for them to take any major action to curb their surveillance,’ he adds.”

Google’s Meltdown/Spectre Patch

Google: Our brilliant Spectre fix dodges performance hit, so you should all use it

ZDNet – By: Liam Tung – “Google’s ‘moonshot’ fix for the hardest-to-solve of the three Meltdown and Spectre CPU attacks seems to have paid off.

That fix, called Retpoline, addresses Variant 2 of the two Spectre CPU attacks called ‘branch target injection’. Variant 2 is considered by Microsoft and Google to be the trickiest speculative execution vulnerability to fix as it’s the only one that does cause a significant hit on CPU performance.

It is also the scariest threat to virtualized environments in the cloud for its potential to be used to hop between different instances on the same CPU.

The other way of fixing Variant 2 is via a blend of OS/kernel fixes and silicon microcode from Intel and AMD, but Google contends its software-based Retpoline answer is superior and should be adopted universally.

Google last week said Retpoline generally had ‘negligible impact on performance’ and has now outlined the specific impact for Google Cloud Platform services.

Ben Treynor Sloss, the VP of Google’s 24×7, said for several months it looked like the only option to fix Variant 2 would be to disable the performance-enhancing speculative execution CPU feature, which in turn would result in slower cloud applications.

Google had already patched Variant 1, also a Spectre attack, and Variant 3 aka Meltdown by September, with Variant 2 standing out until December. These first two fixes had ‘no perceptible impact’ on GCP or services like Gmail, Search and Drive, but the fix for Variant 2 did.

Intel initially denied reports that its Meltdown and Spectre fixes would cause a major hit on CPU performance, but yesterday admitted ‘impact on performance varies widely, based on the specific workload, platform configuration and mitigation technique’.

Sloss says during tests at Google, disabling the vulnerable CPU enhancements — that is, speculative execution — did result in ‘considerable slowdowns’.

‘Not only did we see considerable slowdowns for many applications, we also noticed inconsistent performance, since the speed of one application could be impacted by the behavior of other applications running on the same core. Rolling out these mitigations would have negatively impacted many customers,’ he wrote.

Microsoft’s analysis of the patches’ impact on PC, server and cloud performance came to a similar conclusion.

‘In general, our experience is that Variant 1 and Variant 3 mitigations have minimal performance impact, while Variant 2 remediation, including OS and microcode, has a performance impact,’ wrote Terry Myerson, executive vice president of Microsoft’s Windows and Devices Group.

Paul Turner, Retpoline’s creator, has provided a detailed write-up on the fix. The term is a portmanteau of ‘return’ and ‘trampoline’.

‘Retpoline sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches,’ explains Turner.

Retpoline is a stable fix too, according to Sloss, who says that since wrapping up all Meltdown and Spectre bugs for Google Cloud Platform in December, it hasn’t receive a single support ticket related to the updates.

‘This confirmed our internal assessment that in real-world use, the performance-optimized updates Google deployed do not have a material effect on workloads,’ he wrote.

‘We believe that Retpoline-based protection is the best-performing solution for Variant 2 on current hardware. Retpoline fully protects against Variant 2 without impacting customer performance on all our platforms. In sharing our research publicly, we hope that this can be universally deployed to improve the cloud experience industry-wide.'”

Intel Broadwell and Haswell CPU Reboot Issues

More fallout from Meltdown/Spectre.

Intel Security Issue Update: Addressing Reboot Issues

Intel Newsroom – By: Navin Shenoy – “As Intel CEO Brian Krzanich emphasized in his Security-First Pledge, Intel is committed to transparency in reporting progress in handling the Google Project Zero exploits.

We have received reports from a few customers of higher system reboots after applying firmware updates. Specifically, these systems are running Intel Broadwell and Haswell CPUs for both client and data center. We are working quickly with these customers to understand, diagnose and address this reboot issue. If this requires a revised firmware update from Intel, we will distribute that update through the normal channels. We are also working directly with data center customers to discuss the issue.

End-users should continue to apply updates recommended by their system and operating system providers.”

1 2 3 4 5 210