Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Chrome

Google Introduces HTML 5.1 Tag To Chrome 87

Posted by timothy
from the tagging-wars-ensue dept.
darthcamaro (735685) writes "Forget about HTML5, that's already passe — Google is already moving on to HTML5.1 support for the upcoming Chrome 38 release. Currently only a beta, one of the biggest things that web developers will notice is the use of the new "picture" tag which is a container for multiple image sizes/formats. Bottom line is it's a new way to think about the "IMG" tag that has existed since the first HTML spec."
Chromium

Chromium 37 Launches With Major Security Fixes, 64-bit Windows Support 113

Posted by Unknown Lamer
from the almost-makes-up-for-<dialog> dept.
An anonymous reader writes Google has released Chrome/Chromium version 37 for Windows, Mac, and Linux. Among the changes are better-looking fonts on Windows and a revamped password manager. There are 50 security fixes, including several to patch a sandbox escaping vulnerability. The release also brings stable 64-bit Windows support which ...offers many benefits for speed, stability and security. Our measurements have shown that the native 64-bit version of Chrome has improved speed on many of our graphics and media benchmarks. For example, the VP9 codec that’s used in High Definition YouTube videos shows a 15% improvement in decoding performance. Stability measurements from people opted into our Canary, Dev and Beta 64-bit channels confirm that 64-bit rendering engines are almost twice as stable as 32-bit engines when handling typical web content. Finally, on 64-bit, our defense in depth security mitigations such as Partition Alloc are able to far more effectively defend against vulnerabilities that rely on controlling the memory layout of objects. The full changelog.
Security

Google Forks OpenSSL, Announces BoringSSL 128

Posted by Soulskill
from the if-you-want-something-done-right dept.
An anonymous reader writes Two months after OpenBSD's LibReSSL was announced, Adam Langley introduces Google's own fork of OpenSSL, called BoringSSL. "[As] Android, Chrome and other products have started to need some subset of these [OpenSSL] patches, things have grown very complex. The effort involved in keeping all these patches (and there are more than 70 at the moment) straight across multiple code bases is getting to be too much. So we're switching models to one where we import changes from OpenSSL rather than rebasing on top of them. The result of that will start to appear in the Chromium repository soon and, over time, we hope to use it in Android and internally too." First reactions are generally positive. Theo de Raadt comments, "Choice is good!!."
Networking

PHK: HTTP 2.0 Should Be Scrapped 220

Posted by Unknown Lamer
from the just-give-up dept.
Via the HTTP working group list comes a post from Poul-Henning Kamp proposing that HTTP 2.0 (as it exists now) never be released after the plan of adopting Google's SPDY protocol with minor changes revealed flaws that SPDY/HTTP 2.0 will not address. Quoting: "The WG took the prototype SPDY was, before even completing its previous assignment, and wasted a lot of time and effort trying to goldplate over the warts and mistakes in it. And rather than 'ohh, we get HTTP/2.0 almost for free', we found out that there are numerous hard problems that SPDY doesn't even get close to solving, and that we will need to make some simplifications in the evolved HTTP concept if we ever want to solve them. ... Wouldn't we get a better result from taking a much deeper look at the current cryptographic and privacy situation, rather than publish a protocol with a cryptographic band-aid which doesn't solve the problems and gets in the way in many applications ? ... Isn't publishing HTTP/2.0 as a 'place-holder' is just a waste of everybody's time, and a needless code churn, leading to increased risk of security exposures and failure for no significant gains ?"
Encryption

30-Day Status Update On LibreSSL 164

Posted by Soulskill
from the all-the-hyperlinks-you-can-handle dept.
ConstantineM writes: "Bob Beck — OpenBSD, OpenSSH and LibreSSL developer and the director of Alberta-based non-profit OpenBSD Foundation — gave a talk earlier today at BSDCan 2014 in Ottawa, discussing and illustrating the OpenSSL problems that have led to the creation of a big fork of OpenSSL that is still API-compatible with the original, providing for a drop-in replacement, without the #ifdef spaghetti and without its own "OpenSSL C" dialect.

Bob is claiming that the Maryland-incorporated OpenSSL Foundation is nothing but a for-profit front for FIPS consulting gigs, and that nobody at OpenSSL is actually interested in maintaining OpenSSL, but merely adding more and more features, with the existing bugs rotting in bug-tracking for a staggering 4 years (CVE-2010-5298 has been independently re-discovered by the OpenBSD team after having been quietly reported in OpenSSL's RT some 4 years prior). Bob reports that the bug-tracking system abandoned by OpenSSL has actually been very useful to the OpenBSD developers at finding and fixing even more of OpenSSL bugs in downstream LibreSSL, which still remain unfixed in upstream OpenSSL. It is revealed that a lot of crude cleaning has already been completed, and the process is still ongoing, but some new ciphers already saw their addition to LibreSSL — RFC 5639 EC Brainpool, ChaCha20, Poly1305, FRP256v1, and some derivatives based on the above, like ChaCha20-Poly1305 AEAD EVP from Adam Langley's Chromium OpenSSL patchset.

To conclude, Bob warns against portable LibreSSL knockoffs, and asks the community for Funding Commitment. The Linux Foundation has not yet committed support, but discussions are ongoing. Funding can be directed to the OpenBSD Foundation."
Update: 05/18 14:28 GMT by S : Changed last paragraph to better reflect the Linux Foundation's involvement.
Programming

GitHub Open Sources Atom, Their Text Editor Based On Chromium 121

Posted by Unknown Lamer
from the emacs-does-it-better dept.
First time accepted submitter aojensen (1503269) writes "GitHub has made good on promises to open source Atom, a programmer's text editor based on Chromium. Atom is released under the MIT license (source repository). GitHub announced the following on their blog: 'Because we spend most of our day in a text editor, the single most important feature we wanted in an editor was extensibility. Atom is built with the same open source technologies used by modern web browsers. ... But more importantly, extending Atom is as simple as writing JavaScript and CSS, two languages used by millions of developers each day.'

Apart from being extensible via HTML, JavaScript, and CSS, Atom also offers out-of-the-box Node.js integration, a modular design with a built-in package manager (apm), and extensive features such as file system browser, themes, project-wide search and replace, panes, snippets, code folding, and more. Launched only 10 weeks ago, Atom seems to have a well-established ecosystem of packages and extensions already."
The editor is based on atom-shell, a more general framework for building desktop apps using JavaScript/HTML. Beware: according to the FAQ, by default it sends "usage data" to Google Analytics (which can be disabled at least).
Security

Heartbleed Disclosure Timeline Revealed 62

Posted by samzenpus
from the when-did-you-know dept.
bennyboy64 (1437419) writes "Ever since the Heartbleed flaw in OpenSSL was made public there have been various questions about who knew what and when. The Sydney Morning Herald has done some analysis of public mailing lists and talked to those involved with disclosing the bug to get the bottom of it. The newspaper finds that Google discovered Heartbleed on or before March 21 and notified OpenSSL on April 1. Other key dates include Finnish security testing firm Codenomicon discovering the flaw independently of Google at 23:30 PDT, April 3. SuSE, Debian, FreeBSD and AltLinux all got a heads up from Red Hat about the flaw in the early hours of April 7 — a few hours before it was made public. Ubuntu, Gentoo and Chromium attempted to get a heads up by responding to an email with few details about it but didn't, as the guy at Red Hat sending the disclosure messages out in India went to bed. By the time he woke up, Codenomicon had reported the bug to OpenSSL."
Education

Phil Shapiro says 20,000 Teachers Should Unite to Spread Chromebooks (Video) 101

Posted by Roblimo
from the computers-for-eager-young-minds-and-fingers dept.
Phil Shapiro often loans his Chromebook to patrons of the public library where he works. He says people he loans it to are happily suprised at how fast it is. He wrote an article earlier this month titled Teachers unite to influence computer manufacturing that was a call to action; he says that if 20,000 teachers demand a simple, low-cost Chromebook appliance -- something like a Chrome-powered Mac mini with a small SSD instead of a hard drive, and of course without the high Mac mini price -- some computer manufacturer will bite on the idea. Monitors? There are plenty of used ones available. Ditto speakers and keyboards, not that they cost much new. The bottom line is that Phil believes Chromebooks, both in their current form factor and in a simpler one, could be "the" computer for schools and students. Maybe so, not that Android tablets are expensive or hard to use. And wait! Isn't there already a Chromebox? And even a Chromebase all-in-one Chrome-based desktop? In any case, Chrome-based computers look pretty good for schools and libraries, especially if and when prices for the simplest members of the family get down to where Phil thinks they should be. (Alternate video link)
Earth

It Was the Worst Industrial Disaster In US History, and We Learned Nothing 290

Posted by Soulskill
from the par-for-the-course dept.
superboj writes "Forget Deepwater Horizon or Three Mile Island: The biggest industrial disaster in American history actually happened in 2008, when more than a billion gallons of coal sludge ran through the small town of Kingston, Tennessee. This story details how, five years later, nothing has been done to stop it happening again, thanks to energy industry lobbying, federal inaction, and secrecy imposed on Congress. 'It estimated that 140,000 pounds of arsenic had spilled into the Emory River, as well as huge quantities of mercury, aluminum and selenium. In fact, the single spill in Kingston released more chromium, lead, manganese, and nickel into the environment than the entire U.S. power industry spilled in 2007. ... Kingston, though, is by far the worst coal ash disaster that the industry has ever seen: 5.4 million cubic yards of coal ash, containing at least 10 known toxins, were spilled. In fact, the event ... was even bigger than the Deepwater Horizon oil spill in April 2010, which spewed approximately 1 million cubic yards of oil into the Gulf of Mexico."
GUI

Google To Replace GTK+ With Its Own Aura In Chrome 240

Posted by timothy
from the your-aura-is-always-with-you dept.
sfcrazy writes "Google's Chromium team is working on an alternative of Gtk+ for the browser, called Aura. Elliot Glaysher, a Google developer explains, 'We aim to launch the Aura graphics stack on Linux in M35. Aura is a cross-platform graphics system, and the Aura frontend will replace the current GTK+ frontend.' The Free Software community is debating: is Google trying to do Canonical? Couldn't Google just switch to Qt, which is becoming an industry standard?"
Ubuntu

Canonical Ports Chromium To The Mir Display Server 63

Posted by Unknown Lamer
from the then-you-port-mir-to-chromium dept.
An anonymous reader writes "Months after Intel ported the Chromium open-source web browser to Wayland, Chromium is now running on Ubuntu's Mir. The Mir display server port ended up being based on Wayland's Chromium code for interfacing with Google's Ozone abstraction framework. The Ubuntu developer responsible for this work makes claims that they will be trying to better collaborate with Wayland developers over this code." Grab the code hot off the press.
Chrome

Google Won't Enable Chrome Video Acceleration Because of Linux GPU Bugs 295

Posted by Soulskill
from the off-the-poorly-rendered-table dept.
An anonymous reader writes "Citing 'code we consider to be permanently "experimental" or "beta,"' Google Chrome engineers have no plans on enabling video acceleration in the Chrome/Chromium web browser. Code has been written but is permanently disabled by default because 'supporting GPU features on Linux is a nightmare' due to the reported sub-par quality of Linux GPU drivers and many different Linux distributions. Even coming up with a Linux GPU video acceleration white-list has been shot down over fear of the Linux video acceleration code causing stability issues and problems for Chrome developers. What have been your recent experiences with Linux GPU drivers?"
Programming

Github Rolls Out New Text Editor Atom 82

Posted by Unknown Lamer
from the like-emacs-but-...-no-basically-it's-emacs dept.
hypnosec writes "Github has introduced Atom, its new 'web native' code editor which has been in development for more than six years. Atom is available as a part of an invite-only beta program. GitHub describes Atom as an attempt to create an editor 'that will be welcoming to an elementary school student on their first day learning to code, but also a tool they won't outgrow as they develop into seasoned hackers.'" You can request an invite on atom.io. The source to supporting libraries has already been released, but it looks like Atom itself might not be released (although it is a "specialized variant of Chromium designed to be a text editor rather than a web browser."). The editor is extensible in Javascript instead of "special-purpose scripting languages" like Emacs and VIM (is Javascript really any less messy than Emacs-Lisp though?). A preliminary user guide and customization guide are available to all.
Chrome

Background Javascript Compilation Boosts Chrome Performance 136

Posted by timothy
from the processing-processing-processing dept.
kc123 writes "The latest version of Chrome includes improvements in JavaScript compilation, according to the Chromium blog. Historically, Chrome compiled JavaScript on the main thread, where it could interfere with the performance of the JavaScript application. For large pieces of code this could become a nuisance, and in complex applications like games it could even lead to stuttering and dropped frames. In the latest Chrome Beta they've enabled concurrent compilation, which offloads a large part of the optimizing compilation phase to a background thread. The result is that JavaScript applications remain responsive and performance gets a boost."
Opera

Former Dev Gives Gloomy Outlook On Linux Support For the Opera Browser 181

Posted by Soulskill
from the blink-and-you'll-miss-it dept.
An anonymous reader writes: "It doesn't take a Columbo to figure out that the 'previous employer, a small browser vendor that decided to abandon its own rendering engine and browser stack' is referring to Opera in this comment answering the question 'Do you actually use the product you are working on?' It appears to originate from Andreas Tolfsen, a former Opera developer who is now part of the Mozilla project. From releasing a unified architecture browser including Linux support since 2001, Opera decided to put Linux development on indefinite hold, communicated through blog comments, and focus on Windows and Mac for their browser rewrite centered around the Blink engine that had its first beta release last spring. The promise to bring back the Linux version in due time was met with growing skepticism as the months went by, and clear answers have been avoided in the developer blog. The uncertainty has spawned user projects such as Otter browser in an attempt to recreate the Opera UI in a free application. Tolfsen's statement seem to be in line with what users have suspected all along: Opera for Linux is not something for the near future."
Chromium

Google Planning To Remove CSS Regions From Blink 249

Posted by Unknown Lamer
from the good-riddance dept.
mikejuk writes "Google and Opera split from WebKit to create Blink, their own HTML rendering engine, and everyone was worried about the effect on standards. Now we have the first big example of a split in the form of CSS Regions support. Essentially Regions are used to provide the web equivalent of text flow, a concept very familiar to anyone who has used a desktop publishing program. The basic idea is that you define containers for a text stream which is then flowed from one container to another to provide a complex multicolumn layout. The W3C standard for Regions has mostly been created by Adobe — a long time DTP company. Now the Blink team has proposed removing Regions support to save 10,000 lines of code in 350,000 in the name of efficiency. If Google does remove the Regions code, which looks highly likely, this would leave Safari and IE 10/11 as the only two major browsers to support Regions. Both Apple and Microsoft have an interest in ensuring that their hardware can be used to create high quality magazine style layouts — Google and Opera aren't so concerned. I thought standards were there to implement not argue with." Although mikejuk thinks this is a bad thing, a lot of people think CSS Regions are awful. Mozilla has never intended to implement them, instead offering the CSS Fragmentation proposal as an alternative. One major flaw of CSS Regions is its reliance upon markup that is used solely for layout, violating the separation of content and style that CSS is intended to enforce.
Google

Google Launches Cordova Powered Chrome Apps For Android and iOS 47

Posted by Unknown Lamer
from the breaking-free dept.
An anonymous reader writes "Google has launched Chrome apps for Android and iOS. The company is offering an early developer preview of a toolchain based on Apache Cordova, an open-source mobile development framework for building native mobile apps using HTML, CSS, and JavaScript. Developers can use the tool to wrap their Chrome app with a native application shell that enables them to distribute it via Google Play and Apple's App Store."
Programming

Real-Time Face Substitution in Javascript 63

Posted by Unknown Lamer
from the ever-growing-mask dept.
An anonymous reader writes with news of an interesting demo for clmtrackr (a Javascript library for tracking of facial features) that hides your face using 3D masks overlayed on the video from your webcam using WebGL. The effect is kind of neat, and a bit creepy. The demo works in Chromium here, but not in Firefox (Debian unstable). There are a couple other demos; the facial deformation demo is reminiscent of the intro screen to Mario 64.
Programming

Google's Dart Becomes ECMA's Dart 190

Posted by timothy
from the trying-for-traction dept.
mikejuk writes "Google's Dart just reached version 1.0, but now it seems that it has aspirations to being an international standard. The question is will this make any difference to the language's future? Given that Google effectively owns Dart, what advantage does standardization bring? The answer to what Google thinks it brings is indicated in the Chromium blog: 'The new standardization process is an important step towards a future where Dart runs natively in web browsers.' and this seems reasonable. A standard is something that would be required before other browser makers decided to fall in line and support native Dart. It is probably a necessary but far from sufficient condition, however, with Microsoft, Apple and Mozilla having other interests to further. Last but not least, having the backing of a standard might just encourage possible users to believe that the language won't sink if Google gets distracted with other projects and decides that Dart is dispensable. However, a strong open source development community capable of supporting Dart without Google's input would be a better reassurance. If you want to help, Google would like you to join the committee. After all, it still doesn't have a Vice Chair. So can we expect to see ECMA CoffeeScript or TypeScript in the near future? Probably not."
Google

Google Is Building a Way To Launch Chrome Apps Without Installation 135

Posted by timothy
from the playing-the-long-game dept.
An anonymous reader writes "Google really wants Chrome apps to take off. Not only has the company added rich notifications, in-app payments, and an app launcher into its browser, but now it's developing ephemeral apps that launch by just clicking a link. There are two separate components here. Ephemeral apps (you can enable this under the chrome://flags/#enable-ephemeral-apps flag) let you try a Chrome app before installing it. Linkable ephemeral apps (under the chrome://flags/#enable-linkable-ephemeral-apps flag) meanwhile allow you to launch said apps from hyperlinks."

The one day you'd sell your soul for something, souls are a glut.

Working...