Slashdot Deals: Prep for the CompTIA A+ certification exam. Save 95% on the CompTIA IT Certification Bundle ×
Encryption

Browser Makers To End RC4 Support In Early 2016 38

msm1267 writes: Google, Microsoft and Mozilla today announced they've settled on an early 2016 timeframe to permanently deprecate the shaky RC4 encryption algorithm in their respective browsers. Mozilla said Firefox's shut-off date will coincide with the release of Firefox 44 on Jan. 26. Google and Microsoft said that Chrome and Internet Explorer 11 (and Microsoft Edge) respectively will also do so in the January-February timeframe. Attacks against RC4 are growing increasingly practical, rendering the algorithm more untrustworthy by the day.
Software

Why Your Software Project Is Failing 119

An anonymous reader writes: At OSCON this year, Red Hat's Tom Callaway gave a talk entitled "This is Why You Fail: The Avoidable Mistakes Open Source Projects STILL Make." In 2009, Callaway was starting to work on the Chromium project—and to say it wasn't a pleasant experience was the biggest understatement Callaway made in his talk. Callaway said he likes challenges, but he felt buried by the project, and reached a point where he thought he should just quit his work. (Callaway said it's important to note that Chromium's code is not bad code; it's just a lot of code and a lot of code that Google didn't write.) This was making Callaway really frustrated, and people wanted to know what was upsetting him. Callaway wanted to be able to better explain his frustration, so he crafted this list which he called his "Points of Fail."
Chrome

Chrome 44 Launches With Tweaks To Push Messaging and Notifications 67

An anonymous reader writes: Google has launched Chrome 44 for Windows, Mac, and Linux with new developer tools. Aside from a host of security fixes, this release focuses mainly on developer features. The API for push notifications was updated to match the specification, a new implementation of multi-column layout was added, and they've extended support for Unicode escapes in strings. The full changelog notes a number of performance improvements as well.
Chromium

Google Criticized For 'Opaque' Audio-Listening Binary In Debian Chromium 85

An anonymous reader writes: Google has fallen under criticism for including a compiled audio-monitoring binary in Chromium for Debian. A report was logged at Debian's bug register on Tuesday noting the presence of a non-auditable 'hotword' module in Chromium 43. The module facilitates Google's "OK, Google" functionality, which listens for that phrase via a Chrome user's microphone and attempts afterwards to interpret the user's instructions as a search query. Matt Giuca from the Chromium development team responded after the furore developed, disclaiming Google from any responsibility from auditing Chromium code, but promising clearer controls over the feature in release 45.
Technology

An Extra-Large Nanocage Molecule For Quantum Computing 22

JMarshall writes: Researchers have built a molecular nanocage 8 nm across that represents a step toward quantum computing. It is difficult to make uniform nanoparticles more than 4 nm across, but new work solves this problem. Researchers made eight-membered metal rings from chromium and nickel that can act like a qubits in quantum computing. More connected rings means greater quantum computing capacity, so the team worked to combine many rings into one molecule. They managed to pull 24 rings together into an 8-nm sphere, secured by palladium ions at the core. The molecule had a surprisingly good phase memory, an indication of the molecule's quantum computing potential. The researchers say building a molecule with 70-100 rings would allow them to do "some serious stuff" in quantum computing.
Chrome

Ask Slashdot: Options After Google Chrome Discontinues NPAPI Support? 208

An anonymous reader writes: I've been using Google Chrome almost exclusively for more than 3 years. I stopped using Mozilla Firefox because it was becoming bloated and slow, and I migrated all my bookmarks etc. to Chrome. Now Chrome plans to end NPAPI support — which means that I will not be able to access any sites that use Java, and I need this for work. I tried going back to Firefox for a couple of days but it still seems slow — starting it takes time, even the time taken to load a page seems more than Chrome. So what are my options now? Export all my bookmarks and go back to Mozilla Firefox and just learn to live with the performance drop? Or can I tweak Firefox performance in any way? FWIW, I am on a Windows 7 machine at work.
Chrome

Chrome For Android Is Now Almost Entirely Open Source 51

jones_supa writes: After lots of work by Chrome for Android team and a huge change, Chrome for Android is now almost entirely open source, a Google engineer announced in Reddit. Over 100,000 lines of code, including Chrome's entire user interface layer, has been made public, allowing anyone with the inclination to do so to look at, modify, and build the browser from source. Licensing restrictions prevent certain media codecs, plugins and Google service features form being included, hence the "almost." This is on par with the open source Chromium browser that is available on the desktop.
Portables

Ask Slashdot: Most Chromebook-Like Unofficial ChromeOS Experience? 99

An anonymous reader writes: I am interested in Chromebooks, for the reasons that Google successfully pushes them: my carry-around laptops serve mostly as terminals, rather than CPU-heavy workhorses, and for the most part the whole reason I'm on my computer is to do something that requires a network connection anyhow. My email is Gmail, and without particularly endorsing any one element, I've moved a lot of things to online services like DropBox. (Some offline capabilities are nice, but since actual Chromebooks have been slowly gaining offline stuff, and theoretically will gain a lot more of that, soon, I no longer worry much about a machine being "useless" if the upstream connection happens to be broken or absent. It would just be useless in the same way my conventional desktop machine would be.) I have some decent but not high-end laptops (Core i3, 2GB-4GB of RAM) that I'd enjoy repurposing as Chromebooks without pedigree: they'd fall somewhat short of the high-end Pixel, but at no out-of-pocket expense for me unless I spring for some cheap SSDs, which I might.

So: how would you go about making a Chromebook-like laptop? Yes, I could just install any Linux distro, and then restrain myself from installing most apps other than a browser and a few utilities, but that's not quite the same; ChromeOS is nicely polished, and very pared down; it also seems to do well with low-memory systems (lots of the current models have just 2GB, which brings many Linux distros to a disk-swapping crawl), and starts up nicely quick.

It looks like the most "authentic" thing would be to dive into building Chromium OS (which looks like a fun hobby), but I'd like to find something more like Cr OS — only Cr OS hasn't been updated in quite a while. Perhaps some other browser-centric pared-down Linux would work as well. How would you build a system? And should I go ahead and order some low-end 16GB SSDs, which I now see from online vendors for less than $25?
Google

Google To Propose QUIC As IETF Standard 84

As reported by TechCrunch, "Google says it plans to propose HTTP2-over-QUIC to the IETF as a new Internet standard in the future," having disclosed a few days ago that about half of the traffic from Chrome browsers is using QUIC already. From the article: The name "QUIC" stands for Quick UDP Internet Connection. UDP's (and QUIC's) counterpart in the protocol world is basically TCP (which in combination with the Internet Protocol (IP) makes up the core communication language of the Internet). UDP is significantly more lightweight than TCP, but in return, it features far fewer error correction services than TCP. ... That's why UDP is great for gaming services. For these services, you want low overhead to reduce latency and if the server didn't receive your latest mouse movement, there's no need to spend a second or two to fix that because the action has already moved on. You wouldn't want to use it to request a website, though, because you couldn't guarantee that all the data would make it. With QUIC, Google aims to combine some of the best features of UDP and TCP with modern security tools.
Bug

OS X Users: 13 Characters of Assyrian Can Crash Your Chrome Tab 119

abhishekmdb writes No browsers are safe, as proved yesterday at Pwn2Own, but crashing one of them with just one line of special code is slightly different. A developer has discovered a hack in Google Chrome which can crash the Chrome tab on a Mac PC. The code is a 13-character special string which appears to be written in Assyrian script. Matt C has reported the bug to Google, who have marked the report as duplicate. This means that Google are aware of the problem and are reportedly working on it.
Google

TSYNC Not a Hard Requirement For Google Chrome After All 46

An anonymous reader writes A few days ago it appeared that Google began requiring new versions of the Linux kernel for the Chrome/Chromium web browser. To some people, such requirement smelled funny, and it turns out that those people had the right hunch. Google does not intend for there to be a hard requirement on the latest versions of the Linux kernel that expose SECCOMP_FILTER_FLAG_TSYNC, but instead many users are hitting an issue around it. A Chromium developer commented on the related bug: "Updating the title so that people who have been mislead into thinking non-TSYNC kernels were deprecated immediately understand that there is simply 'some unknown bug' hitting some users." Of course, a user having the TSYNC feature in his kernel will still get a security benefit.
Bug

Google Chrome Requires TSYNC Support Under Linux 338

An anonymous reader writes Google's Chrome/Chromium web browser does not support slightly older versions of the Linux kernel anymore. Linux 3.17 is now the minimum requirement. According to a thread on the Debian mailing list, a kernel feature called TSYNC is what makes the difference. When a backported patch for the Debian 8 kernel was requested, there were hostile replies about not wanting to support "Google spyware."
Chrome

Firefox 37 To Check Security Certificates Via Blocklist 29

An anonymous reader writes The next version of Firefox will roll out a 'pushed' blocklist of revoked intermediate security certificates, in an effort to avoid using 'live' Online Certificate Status Protocol (OCSP) checks. The 'OneCRL' feature is similar to Google Chrome's CRLSet, but like that older offering, is limited to intermediate certificates, due to size restrictions in the browser. OneCRL will permit non-live verification on EV certificates, trading off currency for speed. Chrome pushes its trawled list of CA revocations every few hours, and Firefox seems set to follow that method and frequency. Both Firefox and Chrome developers admit that OCSP stapling would be the better solution, but it is currently only supported in 9% of TLS certificates.
Chrome

Google Chrome Will Adopt HTTP/2 In the Coming Weeks, Drop SPDY Support 88

An anonymous reader writes: Google today announced it will add HTTP/2, the second major version of Hypertext Transfer Protocol (HTTP), to Google Chrome. The company plans to gradually roll out support to the latest version of its browser, Chrome 40, "in the upcoming weeks." At the same time, Google says it will remove support for SPDY in early 2016. SPDY, which is not an acronym but just a short version for the word "speedy," is a protocol developed primarily at Google to improve browsing by forcing SSL encryption for all sites and speeding up page loads. Chrome will also lose support for the TLS extension NPN in favor of ALPN.
Space

We May Have Jupiter To Thank For the Nitrogen In Earth's Atmosphere 46

An anonymous reader writes: Nitrogen makes up about 78% of the Earth's atmosphere. It's also the 4th most abundant element in the human body. But where did all the nitrogen on Earth come from? Scientists aren't sure, but they have a new theory. Back when the solar system was just a protoplanetary disk, the ice orbiting the early Sun included ammonia, which has a nitrogen atom and three hydrogen atoms. But there needed to be a way for the nitrogen to get to the developing Earth. That's where Jupiter comes in. During its theorized Grand Tack, where it plunged into the inner solar system and then retreated outward again, it created shock waves in the dust and ice cloud surrounding the sun. These shock waves caused gentle heating of the ammonia ice, which allowed it to melt and react with chromium-bearing metal to form a mineral called carlsbergite. New research (abstract) suggests this mineral was then present when the Earth's accretion happened, supplying much of the nitrogen we would eventually need for life.
Opera

Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser 158

New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.
Google

Google Explains Why WebView Vulnerability Will Go Unpatched On Android 4.3 579

MojoKid writes If you're running Android 4.3 or earlier, you're pretty much out of luck when it comes to a baked-in defense against a WebView vulnerability that was discovered earlier this month by security analyst Tod Beardsley. The vulnerability leaves millions of users open to attack from hackers that choose to exploit the security hole. WebView is a core component of the Android operating system that renders web pages. The good news is that the version of WebView included in Android 4.4 KitKat and Android 5.0 Lollipop is based on Chromium and is not affected by the vulnerability. The bad news is that those running Android 4.3 and earlier are wide open, which means that 60 percent of Android users (or nearly one billion customers) are affected. What's most interesting is that Google has no trouble tossing grenades at the feet of Microsoft and Apple courtesy of its Project Zero program, but doesn't seem to have the resources to fix a vulnerability that affects a substantial portion of the Android user base.
Chrome

With Community Help, Chrome Could Support Side Tabs Extension 117

jones_supa writes The lack of a vertical tab strip (or "Tree Style Tab" as the Firefox extension is called) has been under a lot of discussion under Chrome/Chromium bug tracker. Some years ago, vertical tabs existed as an experimental feature enabled with a "secret" command line parameter, but that feature was eventually removed from the browser. Since then, Google has been rather quiet about whether such feature is still on the roadmap. Now, a Google engineer casts some light on the issue. He says that a tree-style interface for tabs would be overly complex as a native implementation, but Google would back the idea of improving the extensions interface to support a sidebar-like surface to render the tab UI on, if someone from the open source community would step forward to do the work to drive the feature to completion.
Chrome

Google Chrome Will Block All NPAPI Plugins By Default In January 107

An anonymous reader writes Google today provided an update on its plan to remove Netscape Plugin Application Programming Interface (NPAPI) from Chrome, which the company says will improve the browser's security, speed, and stability, as well as reduce complexity in the code base. In short, the latest timeline is as follows: Block all plugins by default in January 2015, disable support in April 2015, and remove support completely in September 2015. For context, Google first announced in September 2013 that it was planning to drop NPAPI. At the time, Google said anonymous Chrome usage data showed just six NPAPI plugins were used by more than 5 percent of users, and the company was hoping to remove support from Chrome "before the end of 2014, but the exact timing will depend on usage and user feedback."
Chrome

Chrome 39 Launches With 64-bit Version For Mac OS X and New Developer Features 67

An anonymous reader writes "Google today released Chrome 39 for Windows, Mac, and Linux. The biggest addition in this release is 64-bit support for OS X, which first arrived in Chrome 38 beta. Unlike on Windows, where 32-bit and 64-bit versions will both continue to be available (users currently have to opt-in to use the 64-bit release), Chrome for Mac is now only available in 64-bit. There are also a number of security fixes and developer features. Here's the full changelog.