Language Selection

English French German Italian Portuguese Spanish

Web

Browsers: Mozilla Firefox and Bromite

Filed under
Google
Moz/FF
Web
  • Firefox 60 Product Integrity Requests Report

    Late last year I was putting out weekly reports on the number of requests Mozilla’s Product Integrity group was receiving and how well we were tracking toward our self-imposed service-level agreement (respond to 90% within 48 hours).

    The initial system we set up was only ever intended to be minimally viable and has not scaled well, although that’s probably to be expected. There’s been quite a lot of growing pains so I’ve been tasked with taking it to the next level.

  • Tab Warming: How Firefox Will Improve Web Browsing Experience? How To Get It Now?

    Mozilla developer Mike Conley described the details about Tab Warming in a post on his personal blog. It will improve tab switching by pre-loading the contents of a tab before it gets displayed in front of the users.

  • Bromite Is the New NoChromo — Open Source Chrome Port with Ad Blocking

    A while back, we told you about NoChromo, a no-root ad-blocking browser based on Google Chrome's open source code base, Chromium. That browser was wildly successful, as it offered an identical interface to regular Chrome, but without any ads. Sadly, the developer abandoned NoChromo, but a new ad-blocking Chromium port called Bromite has been released to fill its void.

Private Internet Access creator, London Trust Media, acquires Linux Journal

Filed under
GNU
Linux
Web

Over the years, with your help, we have supported many worthy projects and events in the open source space. At the beginning of December, Carlie Fairchild posted a farewell to the Linux community in a post titled “Linux Journal Ceases Publication.” We know that some of our users may have also read this message, given the strong overlap between those that care about privacy and those that care about freedom and open source software. Needless to say, upon reading the news, we immediately reached out to see how we could help.

Many members of our team have been Linux Journal readers for years – even since before they worked with Private Internet Access. We truly believe that Linux Journal needs to be there to chronicle our journey into a more open future. Private Internet Access is proud to announce that our parent company, LTM, has acquired Linux Journal. 2018 is going to be a big year for Linux – and we will continue to play our part in facilitating this.

Read more

Also: Happy New Year- Welcome to Linux Journal 2.0!

More on Chrome 63

Filed under
Google
Software
Web

New Chrome Browser and End of Chrome Web Store

Filed under
Google
Web
  • Chrome 63 rolling out to Mac, Windows, and Linux w/ Flags redesign, Site Certificate shortcut

    Chrome 63 is rolling out to Mac, Windows, and Linux today with an assortment of developer-focused features and security fixes. The biggest additions in this desktop release are a redesigned chrome://flags page and a tweaked permissions dropdown.

  • Chrome Apps are dead, as Google shuts down the Chrome Web Store section

    More than a year ago, Google announced that Chrome Apps would be removed from Windows, Mac, and Linux versions of Chrome (but not Chrome OS) some time in 2017, and it seems we've come to that point today. Google has shut down the "app" section of the Chrome Web Store for those platforms, meaning you can't install Chrome Apps anymore. Google has started sending out emails to Chrome app developers telling them that Chrome Apps are deprecated, and while previously installed apps still work, the functionality will be stripped out of Chrome in Q1 2018.

Opera-Inspired Otter and Vivaldi

Filed under
Software
Web
  • Otter RC3 Released As The Browser Inspired By Opera 12 & Implemented Using Qt5

    At the end of 2013 we wrote about a new Qt5 web-browser inspired by Opera and in 2014 it entered alpha form. But since then we hadn't heard much of that browser, Otter, until a Phoronix reader brought it up in our forums today.

    It turns out that the Otter web browser is nearing its hard feature freeze for their first major release and the latest release candidate was made available this week. The goal of Otter remains to "recreate the best aspects of the classic Opera (12.x)" while making use of the Qt5 tool-kit and offering packages for Windows, macOS, and Linux (including AppImage support).

  • Raspberry Pi, Linux on Arm users: Now you get a new browser option with Vivaldi

    Raspberry Pi users now have one more browser to choose from besides Chromium, Firefox and Midori, with the newly announced availability of an experimental version of power-user focused Vivaldi.

    The Blink-based browser from former Opera CEO Jon von Tetzchner is expanding beyond Windows, macOS and Linux PCs to a range of Arm-based developer boards, including the Raspberry Pi, CubieBoard, Asus Tinker Board, and more.

    Vivaldi doesn't yet have a mobile browser but it was its work on one that helped spawn the build for Raspberry Pi, according to the company. It also points to Samsung's DeX project as a potential new platform for Vivaldi. DeX aims to run full Linux on a Galaxy phone connected to a display.

Recommended Privacy Tools (Apps, Add-Ons, Search Engines) for Ubuntu Users

Filed under
GNU
Linux
Security
Web
HowTos

This is an user-friendly list of tools to protect user's internet privacy for Ubuntu users. The tools including search engine (StartPagec.com), add-ons (HTTPS Everywhere, Disconnect), and programs (DNSCrypt Proxy, OpenVPN) that are easy for beginners to install on Ubuntu. This list introduces the importance of privacy for all of you (yes, please read PrivacyTools.io) and that protecting your privacy is not difficult. This list is kept short so you can learn one by one and exercise them on many computers you have. I wish this helps you a lot!

Read more

Mastodon is Free Software, But It Does Not Respect Free Speech

Filed under
OSS
Web

Mastodon was always known to be tough on Nazis; it was known that they were strict on free speech only to a degree. After the treatment that I received yesterday, however, I can no longer recommend Mastodon. It may be Free software, but it’s very weak on free speech.

Read more

The Fox Hunt - Firefox and friends compared

Filed under
Google
Moz/FF
Web

So what should you use? Well, it depends. You want extensions, the entire repertoire as it's meant to be? Go with Pale Moon, but be aware of the inconsistencies and problems down the road. However, another piece of penalty is less than optimal looks. If you are more focused on speed and future development, then it's Firefox, as it offers the most complete compromise. The add-ons will make it or break it. Waterfox makes less sense, because the margins of benefit are too small.

My take is - Firefox. It's not ideal, but Pale Moon does not solve the problem fully, it combines nostalgia with technicals, and that's a rough patch, even though the project is quite admirable in what it's trying to do. Alas, I'm afraid the old extensions will die, and the new ones won't be compatible, so the browser will be left stranded somewhere in between. But hopefully, this little comparison test gives you a better overview and understanding how things work.

Finally, we go back to the question of speed. We've seen how one flavor of Fox stacks against another, but what about Chrome? I will answer that in a follow-up article, which will compare Chrome to Vivaldi, again based on popular demand, and then we will also check how all these different browsers compare using my small, limited and entirely personal corner of the Web. Stay tuned.

Read more

Also: Firefox Private Browsing vs. Chrome Incognito: Which is Faster?

Tor Improvements and Bugfix

Filed under
Security
Web
  • Next-Gen Algorithms Make Tor Browser More Secure And Private, Download The Alpha Now

    Tor, the anonymity network was in need of an upgrade, as the world started raising concerns about its reliability. It was this year only when a hacker managed to take down almost 1/5th of the onion network.

    The possible applications of Tor have reached far ahead than calling it a grey market for drugs and other illegal things. It’s already actively used for the exchange of confidential information, file transfer, and cryptocurrency transactions with an expectation that nobody can track it.

  • TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

    The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses.

    The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking.

  • Critical Tor flaw leaks users’ real IP address—update now

    Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users' IP addresses when they visit certain types of addresses.

    TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes. When the Tor browser for macOS and Linux is in the process of opening such an address, "the operating system may directly connect to the remote host, bypassing Tor Browser," according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.

Chromium in Slackware, New Chrome Beta

Filed under
Google
Web
  • [Slackware] Chromium is now compiled using clang

    In my previous blog post about Chromium 62, I described the issues I had while attempting to compile it on Slackware14.2. The gcc compiler suite on Slackware 14.2 is “too old” for Chromium because it lacks the required C++11 support. More to the point, the Google developers use clang instead of gcc for their own compilations and therefore gcc support is becoming stale. Response by Google developers when they encounter a gcc-related bug report is to ‘please switch to clang’.

  • Google Pushes Chrome 63 Into Beta with Dynamic Module Imports, Device Memory API

    Google recently pushed the Chrome 63 web browser for beta testing for all supported platforms, giving us a heads up to what we should expect from this release when it hits stable next month.

    Google Chrome 63 now lives in the Beta channel pocket, and it can be installed on Chrome OS, Linux, Android, Mac, and Windows operating systems. It promises big changes for developers, including dynamic module imports, a new Device Memory API, permissions UI changes, as well as async generators and iterators.

Syndicate content

More in Tux Machines

Security: OpenSSL, IoT, and LWN Coverage of 'Intelpocalypse'

  • Another Face to Face: Email Changes and Crypto Policy
    The OpenSSL OMC met last month for a two-day face-to-face meeting in London, and like previous F2F meetings, most of the team was present and we addressed a great many issues. This blog posts talks about some of them, and most of the others will get their own blog posts, or notices, later. Red Hat graciously hosted us for the two days, and both Red Hat and Cryptsoft covered the costs of their employees who attended. One of the overall threads of the meeting was about increasing the transparency of the project. By default, everything should be done in public. We decided to try some major changes to email and such.
  • Some Basic Rules for Securing Your IoT Stuff

    Throughout 2016 and 2017, attacks from massive botnets made up entirely of hacked [sic] IoT devices had many experts warning of a dire outlook for Internet security. But the future of IoT doesn’t have to be so bleak. Here’s a primer on minimizing the chances that your IoT things become a security liability for you or for the Internet at large.

  • A look at the handling of Meltdown and Spectre
    The Meltdown/Spectre debacle has, deservedly, reached the mainstream press and, likely, most of the public that has even a remote interest in computers and security. It only took a day or so from the accelerated disclosure date of January 3—it was originally scheduled for January 9—before the bugs were making big headlines. But Spectre has been known for at least six months and Meltdown for nearly as long—at least to some in the industry. Others that were affected were completely blindsided by the announcements and have joined the scramble to mitigate these hardware bugs before they bite users. Whatever else can be said about Meltdown and Spectre, the handling (or, in truth, mishandling) of this whole incident has been a horrific failure. For those just tuning in, Meltdown and Spectre are two types of hardware bugs that affect most modern CPUs. They allow attackers to cause the CPU to do speculative execution of code, while timing memory accesses to deduce what has or has not been cached, to disclose the contents of memory. These disclosures can span various security boundaries such as between user space and the kernel or between guest operating systems running in virtual machines. For more information, see the LWN article on the flaws and the blog post by Raspberry Pi founder Eben Upton that well describes modern CPU architectures and speculative execution to explain why the Raspberry Pi is not affected.
  • Addressing Meltdown and Spectre in the kernel
    When the Meltdown and Spectre vulnerabilities were disclosed on January 3, attention quickly turned to mitigations. There was already a clear defense against Meltdown in the form of kernel page-table isolation (KPTI), but the defenses against the two Spectre variants had not been developed in public and still do not exist in the mainline kernel. Initial versions of proposed defenses have now been disclosed. The resulting picture shows what has been done to fend off Spectre-based attacks in the near future, but the situation remains chaotic, to put it lightly. First, a couple of notes with regard to Meltdown. KPTI has been merged for the 4.15 release, followed by a steady trickle of fixes that is undoubtedly not yet finished. The X86_BUG_CPU_INSECURE processor bit is being renamed to X86_BUG_CPU_MELTDOWN now that the details are public; there will be bug flags for the other two variants added in the near future. 4.9.75 and 4.4.110 have been released with their own KPTI variants. The older kernels do not have mainline KPTI, though; instead, they have a backport of the older KAISER patches that more closely matches what distributors shipped. Those backports have not fully stabilized yet either. KPTI patches for ARM are circulating, but have not yet been merged.
  • Is it time for open processors?
    The disclosure of the Meltdown and Spectre vulnerabilities has brought a new level of attention to the security bugs that can lurk at the hardware level. Massive amounts of work have gone into improving the (still poor) security of our software, but all of that is in vain if the hardware gives away the game. The CPUs that we run in our systems are highly proprietary and have been shown to contain unpleasant surprises (the Intel management engine, for example). It is thus natural to wonder whether it is time to make a move to open-source hardware, much like we have done with our software. Such a move may well be possible, and it would certainly offer some benefits, but it would be no panacea. Given the complexity of modern CPUs and the fierceness of the market in which they are sold, it might be surprising to think that they could be developed in an open manner. But there are serious initiatives working in this area; the idea of an open CPU design is not pure fantasy. A quick look around turns up several efforts; the following list is necessarily incomplete.
  • Notes from the Intelpocalypse
    Rumors of an undisclosed CPU security issue have been circulating since before LWN first covered the kernel page-table isolation patch set in November 2017. Now, finally, the information is out — and the problem is even worse than had been expected. Read on for a summary of these issues and what has to be done to respond to them in the kernel. All three disclosed vulnerabilities take advantage of the CPU's speculative execution mechanism. In a simple view, a CPU is a deterministic machine executing a set of instructions in sequence in a predictable manner. Real-world CPUs are more complex, and that complexity has opened the door to some unpleasant attacks. A CPU is typically working on the execution of multiple instructions at once, for performance reasons. Executing instructions in parallel allows the processor to keep more of its subunits busy at once, which speeds things up. But parallel execution is also driven by the slowness of access to main memory. A cache miss requiring a fetch from RAM can stall the execution of an instruction for hundreds of processor cycles, with a clear impact on performance. To minimize the amount of time it spends waiting for data, the CPU will, to the extent it can, execute instructions after the stalled one, essentially reordering the code in the program. That reordering is often invisible, but it occasionally leads to the sort of fun that caused Documentation/memory-barriers.txt to be written.

US Sanctions Against Chinese Android Phones, LWN Report on Eelo

  • A new bill would ban the US government from using Huawei and ZTE phones
    US lawmakers have long worried about the security risks posed the alleged ties between Chinese companies Huawei and ZTE and the country’s government. To that end, Texas Representative Mike Conaway introduced a bill last week called Defending U.S. Government Communications Act, which aims to ban US government agencies from using phones and equipment from the companies. Conaway’s bill would prohibit the US government from purchasing and using “telecommunications equipment and/or services,” from Huawei and ZTE. In a statement on his site, he says that technology coming from the country poses a threat to national security, and that use of this equipment “would be inviting Chinese surveillance into all aspects of our lives,” and cites US Intelligence and counterintelligence officials who say that Huawei has shared information with state leaders, and that the its business in the US is growing, representing a further security risk.
  • U.S. lawmakers urge AT&T to cut commercial ties with Huawei - sources
    U.S. lawmakers are urging AT&T Inc, the No. 2 wireless carrier, to cut commercial ties to Chinese phone maker Huawei Technologies Co Ltd and oppose plans by telecom operator China Mobile Ltd to enter the U.S. market because of national security concerns, two congressional aides said. The warning comes after the administration of U.S. President Donald Trump took a harder line on policies initiated by his predecessor Barack Obama on issues ranging from Beijing’s role in restraining North Korea to Chinese efforts to acquire U.S. strategic industries. Earlier this month, AT&T was forced to scrap a plan to offer its customers Huawei [HWT.UL] handsets after some members of Congress lobbied against the idea with federal regulators, sources told Reuters.
  • Eelo seeks to make a privacy-focused phone
    A focus on privacy is a key feature being touted by a number of different projects these days—from KDE to Tails to Nextcloud. One of the biggest privacy leaks for most people is their phone, so it is no surprise that there are projects looking to address that as well. A new entrant in that category is eelo, which is a non-profit project aimed at producing not only a phone, but also a suite of web services. All of that could potentially replace the Google or Apple mothership, which tend to collect as much personal data as possible.

today's howtos

Mozilla: Resource Hogs, Privacy Month, Firefox Census, These Weeks in Firefox

  • Firefox Quantum Eats RAM Like Chrome
    For a long time, Mozilla’s Firefox has been my web browser of choice. I have always preferred it to using Google’s Chrome, because of its simplicity and reasonable system resource (especially RAM) usage. On many Linux distributions such as Ubuntu, Linux Mint and many others, Firefox even comes installed by default. Recently, Mozilla released a new, powerful and faster version of Firefox called Quantum. And according to the developers, it’s new with a “powerful engine that’s built for rapid-fire performance, better, faster page loading that uses less computer memory.”
  • Mozilla Communities Speaker Series #PrivacyMonth
    As a part of the Privacy Month initiative, Mozilla volunteers are hosting a couple of speaker series webinars on Privacy, Security and related topics. The webinars will see renowned speakers talking to us about their work around privacy, how to take control of your digital self, some privacy-security tips and much more.
  • “Ewoks or Porgs?” and Other Important Questions
    You ever go to a party where you decide to ask people REAL questions about themselves, rather than just boring chit chat? Us, too! That’s why we’ve included questions that really hone in on the important stuff in our 2nd Annual Firefox Census.
  • These Weeks in Firefox: Issue 30