Chrome

Chrome Extension Thwarts User Profiling Based On Typing Behavior 60 60

An anonymous reader writes: Per Thorsheim, the founder of PasswordsCon, created and trained a biometric profile of his keystroke dynamics using the Tor browser at a demo site. He then switched over to Google Chrome and not using the Tor network, and the demo site correctly identified him when logging in and completing a demo financial transaction. Infosec consultant Paul Moore came up with a working solution to thwart this type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM. A Firefox version of the plugin is in the works.
Google

Gmail Messages Can Now Self-Destruct 197 197

New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.
Firefox

Firefox Will Soon Show You Which Tabs Are Making Noise, and Let You Mute Them 151 151

An anonymous reader writes: Mozilla is working on identifying Firefox tabs that are currently playing audio. The feature will show an icon if a tab is making sounds and let the user mute the playback. It's worth noting that while Chrome has had audio indicators for more than a year now, it still doesn't let you easily mute tabs. The option is available in Google's browser, but it's not enabled by default (you have to turn on the #enable-tab-audio-muting flag in chrome://flags/).
Chrome

Chrome 44 Launches With Tweaks To Push Messaging and Notifications 67 67

An anonymous reader writes: Google has launched Chrome 44 for Windows, Mac, and Linux with new developer tools. Aside from a host of security fixes, this release focuses mainly on developer features. The API for push notifications was updated to match the specification, a new implementation of multi-column layout was added, and they've extended support for Unicode escapes in strings. The full changelog notes a number of performance improvements as well.
Microsoft

Microsoft Edge Performance Evaluated 132 132

An anonymous reader writes: Now that Windows 10 is close to launch, Anandtech has put Microsoft's new browser, Edge, through a series of tests to see how it stacks up against other browsers. Edge has shown significant improvements since January. It handily beats Chrome and Firefox in Google's Octane 2.0 benchmark, and it managed the best score on the Sunspider benchmark as well. But Chrome and Firefox both still beat Edge in other tests, by small margins in the Kraken 1.1 and HTML5Test benchmarks, and larger ones in WebXPRT and Oort Online. The article says, "It is great to see Microsoft focusing on browser performance again, and especially not sitting idle since January, since the competition in this space has not been idle either."
Cellphones

Ask Slashdot: Measuring (and Constraining) Mobile Data Use? 129 129

An anonymous reader writes: I've carried a smart phone for several years, but for much of that time it's been (and I suspect this is true for anyone for whom money is an object) kept pretty dumb — at least for anything more data-intensive than Twitter and the occasional map checking. I've been using more of the smart features lately (Google Drive and Keep are seductive.) Since the data package can be expensive, though, and even though data is cheaper than it used to be, that means I don't check Facebook often, or upload pictures to friends by email, unless I'm in Wi-Fi zone (like home, or a coffee shop, etc). Even so, it seems I'm using more data than I realized, and I'd like to keep it under the 2GB allotment I'm paying for. I used to think half a gig was generous, but now I'm getting close to that 2GB I've paid for, most months.

This makes me a little paranoid, which leads to my first question: How accurate are carriers' own internal tools for measuring use, and do you recommend any third-party apps for keeping track of data use? Ideally, I'd like a detailed breakdown by app, over time: I don't think I'm at risk for data-stealing malware on my phone (the apps I use are either built-in, or plain-vanilla ones from Google's store, like Instagram, Twitter's official client, etc.), but of course really well-crafted malware would be tough to guard against or to spot. And even if they can be defeated, more and more sites (Facebook, for one) now play video just because I've rolled over a thumbnail.
Read on for second part of the question.
Windows

Ask Slashdot: Are Post-Install Windows Slowdowns Inevitable? 517 517

blackest_k writes: I recently reinstalled Windows 7 Home on a laptop. A factory restore (minus the shovelware), all the Windows updates, and it was reasonably snappy. Four weeks later it's running like a slug, and now 34 more updates to install. The system is clear of malware (there are very few additional programs other than chrome browser). It appears that Windows slows down Windows! Has anyone benchmarked Windows 7 as installed and then again as updated? Even better has anybody identified any Windows update that put the slug into sluggish? Related: an anonymous reader asks: Our organization's PCs are growing ever slower, with direct hard-drive encryption in place, and with anti-malware scans running ever more frequently. The security team says that SSDs are the only solution, but the org won't approve SSD purchases. It seems most disk scanning could take place after hours and/or under a lower CPU priority, but the security team doesn't care about optimization, summarily blaming sluggishness on lack of SSDs. Are they blowing smoke?
Yahoo!

The Next Java Update Could Make Yahoo Your Default Search Provider 328 328

itwbennett writes: At the company's shareholder meeting on Wednesday, Yahoo CEO Marissa Mayer announced a partnership with Oracle that could result in Yahoo becoming your default search provider in your browser. Starting this month, when users are prompted to update to the next version of Java, they'll be asked to make Yahoo their default search engine on Chrome (and Internet Explorer, for what it's worth). And, according to a Wall Street Journal report, the button will be checked by default, so if you aren't looking out for it, you might unwittingly find yourself a Yahoo user.
Chromium

Google Criticized For 'Opaque' Audio-Listening Binary In Debian Chromium 85 85

An anonymous reader writes: Google has fallen under criticism for including a compiled audio-monitoring binary in Chromium for Debian. A report was logged at Debian's bug register on Tuesday noting the presence of a non-auditable 'hotword' module in Chromium 43. The module facilitates Google's "OK, Google" functionality, which listens for that phrase via a Chrome user's microphone and attempts afterwards to interpret the user's instructions as a search query. Matt Giuca from the Chromium development team responded after the furore developed, disclaiming Google from any responsibility from auditing Chromium code, but promising clearer controls over the feature in release 45.
Chrome

Ask Slashdot: Options After Google Chrome Discontinues NPAPI Support? 208 208

An anonymous reader writes: I've been using Google Chrome almost exclusively for more than 3 years. I stopped using Mozilla Firefox because it was becoming bloated and slow, and I migrated all my bookmarks etc. to Chrome. Now Chrome plans to end NPAPI support — which means that I will not be able to access any sites that use Java, and I need this for work. I tried going back to Firefox for a couple of days but it still seems slow — starting it takes time, even the time taken to load a page seems more than Chrome. So what are my options now? Export all my bookmarks and go back to Mozilla Firefox and just learn to live with the performance drop? Or can I tweak Firefox performance in any way? FWIW, I am on a Windows 7 machine at work.
Chrome

Chrome Beta Now Automatically Pauses Less Important Flash Content 98 98

An anonymous reader writes: Google today detailed a very interesting initiative in partnership with Adobe: The two have been working to make Flash content more power-efficient in Chrome. Available now in the browser's beta channel, Chrome will use less power by simply choosing to play less Flash content on the page. Here's how the feature works: Chrome beta will automatically pause Flash content that isn't "central to the webpage" while keeping central content playing without interruption. The company offers an obvious example: Animations on the side will be paused while the video you're trying to watch will be unaffected.
Google

Google Chrome Tops 1 Billion Users 102 102

An anonymous reader writes with this excerpt from Venture Beat: At the I/O 2015 developer conference today, Sundar Pichai, Google's senior vice president of product, announced that Chrome has passed 1 billion active users. Less than a year ago, Google revealed Android has over 1 billion active users. These are indeed Google's biggest ecosystems. Google also shared that Google Search, YouTube, and Google Maps all have over 1 billion users as well. Gmail will reach the milestone next; it has 900 million users.
Android

Android M Arrives In Q3: Native Fingerprint Support, Android Pay, 'Doze' Mode 83 83

MojoKid writes with yet more news from the ongoing Google IO conference: Google I/O kicked off this afternoon and the first topic of discussion was of course Google's next generation mobile operating system. For those that were hoping for a huge UI overhaul or a ton of whiz-bang features, this is not the Android release for you. Instead, Android M is more of a maintenance released focused mainly on squashing bugs and improving stability/performance across the board. Even though Android M is about making Android a more stable platform, there are a few features that have been improved upon or introduced for this release: App Permissions, Chrome Custom Tabs for apps, App Links (instead of asking you which app to choose when clicking a link, Android M's new Intent System can allow apps to verify that they are rightfully in possession of a link), NFC-based Android Pay, standardized fingerprint scanning support, and a new "doze" mode that supposedly offers 2X longer battery life when idle.
Open Source

Ask Slashdot: Can SaaS Be Both Open Source and Economically Viable? 49 49

An anonymous reader writes: The CTO behind Lucidchart, an online diagramming app, recently cited the open source rbush project as an invaluable tool for helping implement an "in-memory spatial index" that "increased spatial search performance by a factor of over 1,000 for large documents." My question is this: what risks does a SaaS company like Lucidchart face in making most of their own code public, like Google's recent move with Chrome for Android, and what benefits might be gained by doing so? Wouldn't sharing the code just generate more users and interest? Even if competitors did copy it, they'd always be a step behind the latest developments.
Chrome

Chrome For Android Is Now Almost Entirely Open Source 51 51

jones_supa writes: After lots of work by Chrome for Android team and a huge change, Chrome for Android is now almost entirely open source, a Google engineer announced in Reddit. Over 100,000 lines of code, including Chrome's entire user interface layer, has been made public, allowing anyone with the inclination to do so to look at, modify, and build the browser from source. Licensing restrictions prevent certain media codecs, plugins and Google service features form being included, hence the "almost." This is on par with the open source Chromium browser that is available on the desktop.
Chrome

New Chrome Extension Uses Sound To Share URLs Between Devices 77 77

itwbennett writes: Google Tone is an experimental feature that could be used to easily and instantly share browser pages, search results, videos and other pages among devices, according to Google Research. "The initial prototype used an efficient audio transmission scheme that sounded terrible, so we played it beyond the range of human hearing," researcher Alex Kauffmann and software engineer Boris Smus wrote in a post on the Google Research blog.
Encryption

'Logjam' Vulnerability Threatens Encrypted Connections 71 71

An anonymous reader writes: A team of security researchers has revealed a new encryption vulnerability called 'Logjam,' which is the result of a flaw in the TLS protocol used to create encrypted connections. It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties."

Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).
Security

Microsoft Is Confident In Security of Edge Browser 133 133

jones_supa writes: It's no secret that Internet Explorer has always been criticized for its poor security, so with the Edge web browser (previously known as Spartan), Microsoft is trying to tackle this problem more effectively and make sure that users consider it at least as good as Chrome and Firefox. In a blog post, Microsoft details the security enhancements available in Edge, pointing out that most of the changes it made to the new browser make it much more secure than Internet Explorer. There is more protection against trickery, app containers are used as the sandbox mechanism, and protection against memory corruption is better. Old, insecure plugin interfaces are not supported at all: VML, VBScript, Toolbars, BHOs, and ActiveX are all nuked from the orbit.
Google

Superfish Injects Ads In 1 In 25 Google Page Views 91 91

An anonymous reader writes: A new report from Google has found that more than 5% of unique daily IP addresses accessing Google — tens of millions — are interrupted by ad-injection techniques, and that Superfish, responsible for a major controversy with Lenovo in February is the leading adware behind what is clearly now an industry. Amongst the report's recommendations to address the problem is the suggestion that browser makers "harden their environments against side-loading extensions or modifying the browser environment without user consent." Some of the most popular extensions for Chrome and Firefox, including ad-blockers, depend on this functionality.
Portables

Ask Slashdot: Most Chromebook-Like Unofficial ChromeOS Experience? 99 99

An anonymous reader writes: I am interested in Chromebooks, for the reasons that Google successfully pushes them: my carry-around laptops serve mostly as terminals, rather than CPU-heavy workhorses, and for the most part the whole reason I'm on my computer is to do something that requires a network connection anyhow. My email is Gmail, and without particularly endorsing any one element, I've moved a lot of things to online services like DropBox. (Some offline capabilities are nice, but since actual Chromebooks have been slowly gaining offline stuff, and theoretically will gain a lot more of that, soon, I no longer worry much about a machine being "useless" if the upstream connection happens to be broken or absent. It would just be useless in the same way my conventional desktop machine would be.) I have some decent but not high-end laptops (Core i3, 2GB-4GB of RAM) that I'd enjoy repurposing as Chromebooks without pedigree: they'd fall somewhat short of the high-end Pixel, but at no out-of-pocket expense for me unless I spring for some cheap SSDs, which I might.

So: how would you go about making a Chromebook-like laptop? Yes, I could just install any Linux distro, and then restrain myself from installing most apps other than a browser and a few utilities, but that's not quite the same; ChromeOS is nicely polished, and very pared down; it also seems to do well with low-memory systems (lots of the current models have just 2GB, which brings many Linux distros to a disk-swapping crawl), and starts up nicely quick.

It looks like the most "authentic" thing would be to dive into building Chromium OS (which looks like a fun hobby), but I'd like to find something more like Cr OS — only Cr OS hasn't been updated in quite a while. Perhaps some other browser-centric pared-down Linux would work as well. How would you build a system? And should I go ahead and order some low-end 16GB SSDs, which I now see from online vendors for less than $25?