X

Jamie Zawinski Calls Cinnamon Screensaver Lock-Bypass Bug 'Unconscionable' (jwz.org) 172

Legendary programmer Jamie Zawinski has worked on everything from the earliest releases of the Netscape Navigator browser to XEmacs, Mozilla, and, of course, the XScreenSaver project.

Now Slashdot reader e432776 writes: JWZ continues to track issues with screensavers on Linux (since 2004!), and discusses a new bug in cinnamon-screensaver. Long-standing topics like X11, developer interaction, and code licensing all feature. Solutions to these long-standing issues remain elusive.
Jamie titled his blog post "I told you so, 2021 edition": You will recall that in 2004 , which is now seventeen years ago, I wrote a document explaining why I made the design trade-offs that I did in XScreenSaver, and in that document I predicted this exact bug as my example of, "this is what will happen if you don't do it this way."

And they went and made that happen.

Repeatedly.

Every time this bug is re-introduced, someone pipes up and says something like, "So what, it was a bug, they've fixed it." That's really missing the point. The point is not that such a bug existed, but that such a bug was even possible. The real bug here is that the design of the system even permits this class of bug. It is unconscionable that someone designing a critical piece of security infrastructure would design the system in such a way that it does not fail safe .

Especially when I have given them nearly 30 years of prior art demonstrating how to do it right, and a two-decades-old document clearly explaining What Not To Do that coincidentally used this very bug as its illustrative strawman!

These bugs are a shameful embarrassment of design -- as opposed to merely bad code...

ZDNet reports that Linux Mint has issued a patch for Cinnamon that fixes the screensaver bug. But HotHardware notes that it was discovered when "one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team."

But that's not the only thing bothering Jamie Zawinski: Just to add insult to injury, it has recently come to my attention that not only are Gnome-screensaver, Mint-screensaver and Cinnamon-screensaver buggy and insecure dumpster fires, but they are also in violation of my license and infringing my copyright.

XScreenSaver was released under the BSD license, one of the oldest and most permissive of the free software licenses. It turns out, the Gnome-screensaver authors copied large parts of XScreenSaver into their program, removed the BSD license and slapped a GPL license on my code instead -- and also removed my name. Rude...

Mint-screensaver and Cinnamon-screensaver, being forks and descendants of Gnome-screensaver, have inherited this license violation and continue to perpetuate it. Every Linux distro is shipping this copyright- and license-infringing code.

I eagerly await hearing how they're going to make this right.

Mozilla

Firefox To Block Backspace Key From Working as 'Back' Button (zdnet.com) 130

Mozilla developers plan to remove support for using the Backspace key as a Back button inside Firefox. From a report: The change is currently active in the Firefox Nightly version and is expected to go live in Firefox 86, scheduled to be released next month, in late February 2021. The removal of the Backspace key as a navigational element didn't come out of the blue. It was first proposed back in July 2014, in a bug report opened on Mozilla's bug tracker. At the time, Mozilla engineers argued that many users who press the Backspace key don't always mean to navigate to the previous page (the equivalent of pressing the Back button).
Firefox

Mozilla Is Working On a Firefox Design Refresh (ghacks.net) 246

Mozilla is "investigating" a design refresh for its Firefox browser. Ghacks reports that the refresh is referred to internally as "Photon." Information about the design refresh is limited at this point in time. Mozilla created a meta bug on Bugzilla as a reference to keep track of the changes. While there are not any mockups or screenshots posted on the site, the names of the bugs provide information on the elements that will get a refresh. These are:

- The Firefox address bar and tabs bar.
- The main Firefox menu.
- Infobars.
- Doorhangers.
- Context Menus.
- Modals.
Most user interface elements are listed in the meta bug. Mozilla plans to release the new design in Firefox 89; the browser is scheduled for a mid-2021 release. Its release date is set to May 18, 2021...

[Developer/Firefox extension author] Sören Hentzschel revealed that he saw some of the Firefox Proton mockups... He notes that Firefox will look more modern when the designs land and that Mozilla plans to introduce useful improvements, especially in regards to the user experience. Hentzschel mentions two examples of potential improvements to the user experience: a mockup that displays vertical tabs in a compact mode, and another that shows the grouping of tabs on the tab bar.

Netscape

Brexit Deal Mentions Netscape Browser and Mozilla Mail (bbc.com) 194

References to decades-old computer software are included in the new Brexit agreement, including a description of Netscape Communicator and Mozilla Mail as being "modern" services. From a report: Experts believe officials must have copied and pasted chunks of text from old legislation into the document. The references are on page 921 of the trade deal, in a section on encryption technology. It also recommends using systems that are now vulnerable to cyber-attacks. The text cites "modern e-mail software packages including Outlook, Mozilla Mail as well as Netscape Communicator 4.x." The latter two are now defunct - the last major release of Netscape Communicator was in 1997. The document also recommends using 1024-bit RSA encryption and the SHA-1 hashing algorithm, which are both outdated and vulnerable to cyber-attacks.
Firefox

Firefox To Ship 'Network Partitioning' As a New Anti-Tracking Defense (zdnet.com) 65

An anonymous reader quotes a report from ZDNet: Firefox 85, scheduled to be released next month, in January 2021, will ship with a feature named Network Partitioning as a new form of anti-tracking protection. The feature is based on "Client-Side Storage Partitioning," a new standard currently being developed by the World Wide Web Consortium's Privacy Community Group. "Network Partitioning is highly technical, but to simplify it somewhat; your browser has many ways it can save data from websites, not just via cookies," privacy researcher Zach Edwards told ZDNet in an interview this week. "These other storage mechanisms include the HTTP cache, image cache, favicon cache, font cache, CORS-preflight cache, and a variety of other caches and storage mechanisms that can be used to track people across websites." Edwards says all these data storage systems are shared among websites.

The difference is that Network Partitioning will allow Firefox to save resources like the cache, favicons, CSS files, images, and more, on a per-website basis, rather than together, in the same pool. This makes it harder for websites and third-parties like ad and web analytics companies to track users since they can't probe for the presence of other sites' data in this shared pool. The Mozilla team expects [...] performance issues for sites loaded in Firefox, but it's willing to take the hit just to improve the privacy of its users.

Google

Apple, Google, Microsoft, and Mozilla Ban Kazakhstan's MitM HTTPS Certificate (zdnet.com) 45

Browser makers Apple, Google, Microsoft, and Mozilla, have banned a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country's capital, the city of Nur-Sultan (formerly Astana). From a report: The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block Nur-Sultan residents from accessing foreign sites unless they had a specific digital certificate issued by the government installed on their devices. While users were able to access most foreign-hosted sites, access was blocked to sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix, unless they had the certificate installed. Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies. Officials cited that cyberattacks targeting "Kazakhstan's segment of the internet" grew 2.7 times during the current COVID-19 pandemic as the primary reason for launching the exercise. The government's explanation did, however, make zero technical sense, as certificates can't prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers. After today's ban, even if users have the certificate installed, browsers like Chrome, Edge, Mozilla, and Safari, will refuse to use them, preventing Kazakh officials from intercepting user data.
Firefox

Firefox 84 Claims Speed Boost from Apple Silicon, Vows to End Flash Support (zdnet.com) 40

The Verge reports: Firefox's latest update brings native support for Macs that run on Apple's Arm-based silicon, Mozilla announced on Tuesday. Mozilla claims that native Apple silicon support brings significant performance improvements: the browser apparently launches 2.5 times faster and web apps are twice as responsive than they were on the previous version of Firefox, which wasn't native to Apple's chips...

Firefox's support of Apple's Arm-based processors follows Chrome, which added support for Apple's new chips shortly after the M1-equipped MacBook Pro, MacBook Air, and Mac mini were released in November.

Firefox 84 will also be the very last release to support Adobe Flash, notes ZDNet, calling both developments "a reminder of the influence Apple co-founder Steve Jobs has had and continues to exert on software and hardware nine years after his death." Jobs wrote off Flash in 2010 as successful Adobe software but one that was a 'closed' product "created during the PC era — for PCs and mice" and not suitable for the then-brand-new iPad, nor any of its prior iPhones. Instead, Jobs said the future of the web was HTML5, JavaScript and CSS.

At the end of this year Google Chrome, Microsoft Edge and Apple Safari also drop support for Flash.

Senior Apple execs recently reflected in an interview with Om Malik what the M1 would have meant to Jobs had been alive today. "Steve used to say that we make the whole widget," Greg Joswiak, Apple's senior vice president of Worldwide Marketing told Malik.

"We've been making the whole widget for all our products, from the iPhone, to the iPads, to the watch. This was the final element to making the whole widget on the Mac."

ZDNet also notes that Firefox 84 offers WebRender, "Mozilla's faster GPU-based 2D rendering engine" for MacOS Big Sur, Windows devices with Intel Gen 6 GPUs, and Intel laptops running Windows 7 and 8. "Mozilla promises it will ship an accelerated rendering pipeline for Linux/GNOME/X11 users for the first time."

Firefox now also uses "more modern techniques for allocating shared memory on Linux," writes Mozilla, "improving performance and increasing compatibility with Docker."

And Firefox 85 will include a new network partitioning feature to make it harder for companies to track your web surfing.
Government

Tech Giants Will Block Kazakhstan's Web Surveillance Efforts Again (engadget.com) 47

Apple, Google, Microsoft and Mozilla have teamed up to block the Kazakhstan government's attempts to force its citizens to install a "national security certificate" on every internet-capable device in the country. "That government-issued root certificate would allow authorities to keep tabs on people's online traffic, essentially becoming a back door to access citizens' data," reports Engadget. From the report: In its announcement, Mozilla said it was recently informed that ISPs in Kazakhstan have recently started telling customers that they're required to install the digital certificate to be able to access foreign websites. ZDNet reported earlier this month that Kazakh IPS have been cutting people's access to websites like Google, Twitter, Facebook, Instagram and Netflix unless they install the certificate.

When users in Kazakhstan who complied with their ISPs' demand try to access websites on their devices, they'll get an error telling them that the certificate shouldn't be trusted. The companies are also encouraging those users to research the use if VPN or the Tor Browser for web browsing and to change the passwords for their accounts.
The Kazakhstan's government made a similar attempt back in 2015 and then again in 2019, but tech giants did what they're doing now to put a stop to those plans.
Firefox

How Firefox Boosted Its JavaScript Performance (infoworld.com) 51

InfoWorld reports: Firefox users can expect improved JavaScript performance in the Firefox 83 browser, with the Warp update to the SpiderMonkey JavaScript engine enabled by default.

Also called WarpBuilder, Warp improves responsiveness and memory usage and speeds up page loads by making changes to JiT (just-in-time) compilers... Warp has been shown to be faster than Ion, SpiderMonkey's previous optimizing JiT, including a 20 percent improvement on Google Docs load time. Other JavaScript-intensive websites such as Netflix and Reddit also have shown improvement...

Warp has replaced the front end — the MIR building phase — of the IonMonkey JiT... Mozilla also will continue to incrementally optimize the back end of the IonMonkey JiT, as Mozilla believes there is still room for improvement for JavaScript-intensive workloads.

Government

US Congress Passes an IoT Security Bill 'That Doesn't Totally Suck' (theregister.com) 80

Shotgun (Slashdot reader #30,919) shared these thoughts from The Register: Every now and again the U.S. Congress manages to do its job and yesterday was one of those days: the Senate passed a new IoT cybersecurity piece of legislation that the House also approved, and it will now move to the President's desk.

As we noted back in March when the IoT Cybersecurity Improvement Act was introduced, the law bill is actually pretty good: it asks America's National Institute of Standards and Technology (NIST) to come up with guidelines for Internet-of-Things devices and would require any federal agency to only buy products from companies that met the new rules. It gives a minimum list of considerations to be covered: secure code, identity management, patching and configuration management. It also requires the General Services Administration — the arm of the federal government that sources products and comms for federal agencies — to come up with guidelines that would require each agency to report and publish details of security vulnerabilities, and how they resolved them, and coordinate with other agencies.

Industry has also got behind the effort — Symantec, Mozilla, BSA The Software Alliance (which includes Apple, Microsoft, IBM, Cloudflare, the CTIA and others) — and Congress has managed to keep its fingers out of things it knows nothing about by leaving the production of standards with the experts, using federal procurement to create a de facto industry standard.

Though it will still be legal sell insecure IoT devices, "for those looking for good, secure products, there will be a baseline standard across the industry..." the article concludes.

"[T]his is an essential first step to getting secure IoT in place."
Mozilla

Fearing Drama, Mozilla Opens Public Consultation Before Worldwide Firefox DoH Rollout (zdnet.com) 79

Mozilla has opened today a public comment and consultation period about the ways it could enable support for the controversial privacy-centric DNS-over-HTTPS (DoH) protocol inside Firefox. From a report: The browser maker's decision to open a rare public consultation period comes after the organization faced criticism last year in the UK for its plans to support DoH inside Firefox. UK government officials, law enforcement agencies, and local internet service providers criticized Mozilla for developing and wanting to roll out DoH, a feature they said could have helped suspects bypass enterprise firewalls and parental controls blocklists -- even earning the browser maker a nomination for an "Internet Villain" award from a local ISP. All last year's hoopla was caused by DoH, a web protocol developed as an alternative to the classic DNS (Domain Name System). DoH works by encrypting DNS queries (which are normally sent out in clear text) and hiding them inside normal-looking HTTPS web traffic.
Firefox

Firefox 83 Arrives With HTTPS-Only Mode and Faster Performance (venturebeat.com) 56

Mozilla today launched Firefox 83 for Windows, Mac, and Linux. An anonymous reader shares a report: Firefox 83's highlight feature is HTTPS-Only Mode, in which the browser attempts to establish fully secure connections to every website (just like the EFF's HTTPS Everywhere). If it can't, Firefox asks for your permission before connecting to a website that doesn't support secure connections. To enable HTTPS-Only Mode, click on Firefox's menu button, hit Preferences, then Privacy & Security, scroll down to HTTPS-Only Mode, and choose "Enable HTTPS-Only Mode in all windows." [...] Firefox 83 also brings performance improvements (improved page load performance by up to 15%, page responsiveness by up to 12%, and reduced memory usage by up to 8%). Firefox 83 is also the penultimate version of the web browser that will run Flash software; Firefox 85 will completely disable it when it arrives on Jan. 12, 2021.
Businesses

Stripe, Mozilla, Dropbox, Spotify, Others Form Tech 'Challenger Group' To Sway European Policy (theinformation.com) 11

Mark Di Stefano, reporting for The Information (paywalled): A few years back, two Brussels-based lobbyists from midsize tech companies were out for drinks, and in the course of the conversation they realized they had a common problem. Google, Amazon, Apple and Facebook were sucking all of the oxygen out of European debates about regulating the internet, leaving out the voices of smaller companies -- despite the fact that those policies can have a very different impact on them. The European lobbyists and policy officers from other companies -- a motley array that included Mozilla, Stripe, Transferwise, Etsy, Dropbox and Spotify -- began meeting regularly in Brussels, often in bars and restaurants, to share their experiences, according to two people familiar with the matter. Some of them jokingly referred to the outings, which haven't been previously reported, as "whine and dines." The companies, which have continued to gather during the pandemic over video calls, even have a name for their informal network, the two people said: the challenger group. "It was really soothing to meet up with other companies doing the same thing," Raegan MacDonald, policy chief of Mozilla, said during an interview with The Information. "We finally said, let's do stuff together.... The work together has been helpful and fruitful, not just cathartic."

While members of the group won't say much about what that "stuff" is exactly, one of their priorities is having a voice in the upcoming overhaul of internet regulations in Europe, the biggest since the early 2000s. The European Commission -- the executive branch of the European Union, responsible for its legislation and policies -- plans to release the first drafts of this overhaul in the coming weeks, which will introduce sweeping new powers for competition regulators to intervene in tech markets.

Google

Simple Search Is a Browser Extension That Gives You Google Circa 2010 (theverge.com) 54

A group of journalists has built a browser extension, called Simple Search, to show you what Google search would look like without the information panels, shopping boxes, and search ads. The Verge reports: Introducing the extension, Maddy Varner and Sam Morris describe it as a conscious throwback to an earlier version of Google search, before the integration of the Knowledge Graph and its accompanying information boxes. "The extension lets you travel back to a time when online search operated a little differently," they write. "Nowadays, you don't always have to click any of the 'blue links' to get information related to your search -- Google gives you what it thinks is important in info boxes of information pulled from other websites." The extension works on Google and Bing searches and is available for both Firefox and Chrome browsers.
Chrome

Chrome To Block Tab-Nabbing Attacks (zdnet.com) 27

Google will deploy a new security feature in Chrome next year to prevent tab-nabbing, a type of web attack that allows newly opened tabs to hijack the original tab from where they were opened. From a report: The new feature is scheduled to go live with Chrome 88, to be released in January 2021. While the term "tab-nabbing" refers to a broad class of tab hijacking attacks [see OWASP, Wikipedia], Google is addressing a particular scenario. This scenario refers to situations when users click on a link, and the link opens in a new tab (via the "target=_blank" attribute). These new tabs have access to the original page that opened the new link. Via the JavaScript "window.opener" function, the newly opened tabs can modify the original page and redirect users to malicious sites. This type of attack has powered quite a few phishing campaigns across the years. To mitigate this threat, browser makers like Apple, Google, and Mozilla have created the rel="noopener" attribute.
The Internet

Net Applications Will No Longer Track the Browser Wars (venturebeat.com) 34

Emil Protalinski, reporting for VentureBeat: For more than a decade, I've used Net Applications' NetMarketShare tool to track the desktop browser and operating system markets. The monthly reports have been critical in gauging which browsers and new versions of operating systems are gaining or losing market share. Last week, Net Applications released its final NetMarketShare report. The loss could not come at a worse time. After Chrome cemented its spot as the world's de facto browser, there hasn't been a lot of movement. But that might be about to change. Chrome's creator, Google, is facing the biggest U.S. antitrust case in a generation. Mozilla, which depends on Google for almost all its revenue, is rightly worried about becoming "collateral damage."

[...] So why is Net Applications killing off NetMarketShare? Don't act surprised when I tell you the undisputed market leader has something to do with it. In January, Google proposed deprecating the User-Agent string (used to identify which browser and operating system is being used) as part of its war on fingerprinting. Net Applications says the change will break NetMarketShare's device detection technology and "cause inaccuracies for a long period of time." Add the ongoing problem of filtering out bots to prevent skewing of the result, and Net Applications decided it was best to throw in the towel after 14 years. Net Applications provided its reports based on data captured from 100 million sessions each month over thousands of websites.

Android

On Older Versions of Android, Many Let's Encrypt-Secured Sites May Stop Working in 2021 (letsencrypt.org) 45

This year Let's Encrypt announced that it's issued a billion certificates, and it's been estimated they've made certs for almost 30% of web domains. But Friday they posted that "The DST Root X3 root certificate that we relied on to get us off the ground is going to expire — on September 1, 2021. Fortunately, we're ready to stand on our own, and rely solely on our own root certificate."

"However, this does introduce some compatibility woes." Some software that hasn't been updated since 2016 (approximately when our root was accepted to many root programs) still doesn't trust our root certificate, ISRG Root X1. Most notably, this includes versions of Android prior to 7.1.1. That means those older versions of Android will no longer trust certificates issued by Let's Encrypt.

Android has a long-standing and well known issue with operating system updates. There are lots of Android devices in the world running out-of-date operating systems. The causes are complex and hard to fix: for each phone, the core Android operating system is commonly modified by both the manufacturer and a mobile carrier before an end-user receives it. When there's an update to Android, both the manufacturer and the mobile carrier have to incorporate those changes into their customized version before sending it out. Often manufacturers decide that's not worth the effort. The result is bad for the people who buy these devices: many are stuck on operating systems that are years out of date.

Currently, 66.2% of Android devices are running version 7.1 or above. The remaining 33.8% of Android devices will eventually start getting certificate errors when users visit sites that have a Let's Encrypt certificate. In our communications with large integrators, we have found that this represents around 1-5% of traffic to their sites. Hopefully these numbers will be lower by the time DST Root X3 expires next year, but the change may not be very significant.

Let's Encrypt engineer Jacob Hoffman-Andrews explains that "In the time between now and September 29 we plan to start serving certificates with the 'alternate' link relation 186 to allow Automatic Certificate Management Environment (ACME) clients to programmatically select a chain they prefer." But Friday's blog post explains that won't solve everything: There will be site owners that receive complaints from users and we are empathetic to that being not ideal. We're working hard to alert site owners so you can plan and prepare. We encourage site owners to deploy a temporary fix (switching to the alternate certificate chain) to keep your site working while you evaluate what you need for a long-term solution: whether you need to run a banner asking your Android users on older OSes to install Firefox, stop supporting older Android versions, drop back to HTTP for older Android versions, or switch to a CA that is installed on those older versions.
Gizmodo notes that Firefox will be unaffected "since it relies on its own certificate store that includes Let's Encrypt's root, though that wouldn't keep applications from breaking or ensure functionality beyond your browser." They describe Let's Encrypt as "the Mozilla-partnered nonprofit," and offers this succinct summary of the problem.

"One of the world's top certificate authorities warns that phones running versions of Android prior to 7.1.1 Nougat will be cut off from large portions of the secure web starting in 2021."
The Internet

Brave Browser First To Nix CNAME Deception (theregister.com) 47

An anonymous reader quotes a report from The Register: The Brave web browser will soon block CNAME cloaking, a technique used by online marketers to defy privacy controls designed to prevent the use of third-party cookies. The browser security model makes a distinction between first-party domains -- those being visited -- and third-party domains -- from the suppliers of things like image assets or tracking code, to the visited site. Many of the online privacy abuses over the years have come from third-party resources like scripts and cookies, which is why third-party cookies are now blocked by default in Brave, Firefox, Safari, and Tor Browser.

In a blog post on Tuesday, Anton Lazarev, research engineer at Brave Software, and senior privacy researcher Peter Snyder, explain that online tracking scripts may use canonical name DNS records, known as CNAMEs, to make associated third-party tracking domains look like they're part of the first-party websites actually being visited. They point to the site https://mathon.fr/ as an example, noting that without CNAME uncloaking, Brave blocks six requests for tracking scripts served by ad companies like Google, Facebook, Criteo, Sirdan, and Trustpilot. But the page also makes four requests via a script hosted at a randomized path under the first-party subdomain 16ao.mathon.fr. When Brave 1.17 ships next month (currently available as a developer build), it will be able to uncloak the CNAME deception and block the Eulerian script.
Other browser vendors are planning related defenses. "Mozilla has been working on a fix in Firefox since last November," notes The Register. "And in August, Apple's Safari WebKit team proposed a way to prevent CNAME cloaking from being used to bypass the seven-day cookie lifetime imposed by WebKit's Intelligent Tracking Protection system."
Windows

New Windows 10 Update Permanently Removes Adobe Flash (zdnet.com) 102

Microsoft has released a Windows update that removes Adobe's Flash Player before it reaches end of support on December 31, 2020. ZDNet reports: Update KB4577586 is part of Microsoft's effort to follow through with plans it announced along with Adobe, Apple, Facebook, Google, and Mozilla in 2017 to end support for Flash by December 2020. The Flash-removing update is available for all supported versions of Windows 10 and Windows Server, as well as Windows 8.1.

This new update removes Flash Player from Windows devices and cannot be uninstalled, Microsoft says in a new support note. However, it isn't rolling out via Windows Server Update Service (WSUS) just yet, and the update needs to be downloaded and installed from the Microsoft Update Catalog. It will become available to WSUS in early 2021, but admins can import it to WSUS manually today. Microsoft is releasing the Flash-removing update ahead of the end of support so that enterprise customers can test the impact on business applications when Flash is removed from a Windows PC or server. But the company says it will continue to deliver Flash security updates until support ends.

Microsoft has also detailed two methods that users and admins can follow to continue using Flash Player after the update is installed. Users can reset a device to an earlier system restore point. However, users need to explicitly enable this feature and a system restore point must have been created on the Windows device before the update is applied. The other option is to reinstall Windows without applying the update.

Chrome

So How Good Is Edge on Linux? (zdnet.com) 52

"No one asked Microsoft to port its Edge browser to Linux," writes Steven J. Vaughan-Nichols at ZDNet, adding "Indeed, very few people asked for Edge on Windows.

"But, here it is. So, how good — or not — is it..?" The new release comes ready to run on Ubuntu, Debian, Fedora, and openSUSE Linux distributions... Since I've been benchmarking web browsers since Mosaic rolled off the bit assembly line, I benchmarked the first Edge browser and Chrome 86 and Firefox 81 on my main Linux production PC.... First up: JetStream 2.0, which is made up of 64 smaller tests. This JavaScript and WebAssembly benchmark suite focuses on advanced web applications. It rewards browsers that start up quickly, execute code quickly, and run smoothly. Higher scores are better on this benchmark.

JetStream's top-scorer — drumroll please — was Edge with 136.971. But, right behind it within the margin of error, was Chrome with a score of 132.413. This isn't too surprising. They are, after all, built on the same platform. Back in the back was Firefox with 102.131. Next up: Kraken 1.1. This benchmark, which is based on the long-obsolete SunSpider, measures JavaScript performance. To this basic JavaScript testing, it added typical use-case scenarios. Mozilla, Firefox's parent organization, created Kraken. With this benchmark, the lower the score, the better the result. To no great surprise, Firefox took first place here with 810.1 milliseconds (ms). Following it was Chrome with 904.5ms and then Edge with 958.8ms.

The latest version of WebXPRT is today's best browser benchmark. It's produced by the benchmark professionals at Principled Technology. This company's executives were the founders of the Ziff Davis Benchmark Operation, the gold-standard of PC benchmarking. WebXPRT uses scenarios created to mirror everyday tasks. These include Photo Enhancement, Organize Album, Stock Option Pricing, Local Notes, Sales Graphs, and DNA Sequencing. Here, the higher the score, the better the browser. On this benchmark, Firefox shines. It was an easy winner with a score of 272. Chrome edges out Edge 233 to 230.

The article concludes that "Oddly, Edge, which turned in a poor performance when I recently benchmarked it on Windows, did well on Linux. Who'd have guessed...? Edge is a good, fast browser on Linux. If you're a Windows user coming over to Linux or you're doing development work aimed at Edge, then by all means try Edge on Linux. It works and it works well."

Yet Vaughan-Nichols admits he's still not going to switch to Edge. "Chrome is more than fast enough for my purposes and I don't want my information tied into the Microsoft ecosystem. For better or worse, mine's already locked into the Googleverse and I can live with that."

Slashdot Top Deals