Language Selection

English French German Italian Portuguese Spanish

Web

More curl bug bounty

Filed under
OSS
Web

The idea is that sponsors donate money to the bounty fund, and we will use that fund to hand out rewards for reported issues. It is a way for the curl project to help compensate researchers for the time and effort they spend helping us improving our security.

Right now the bounty fund is very small as we just started this project, but hopefully we can get a few sponsors interested and soon offer "proper" rewards at decent levels in case serious flaws are detected and reported here.

If you're a company using curl or libcurl and value security, you know what you can do...

Read more

Chrome's Latest

Filed under
Google
Web

The world’s biggest curl installations

Filed under
OSS
Web

curl is quite literally used everywhere. It is used by a huge number of applications and devices. But which applications, devices and users are the ones with the largest number of curl installations? I've tried to come up with a list...

I truly believe curl is one of the world's most widely used open source projects.

If you have comments, other suggestions or insights to help me polish this table or the numbers I present, please let me know!

Read more

The 'New' Microsoft

Filed under
Google
Microsoft
Moz/FF
Web
  • Windows derails Chrome, Firefox installation, promotes Microsoft Edge instead [iophk: "Where are the Microsoft apologists on this? They sure have been quiet."]

    Microsoft is trying a new tactic to get people to use its Edge browser: a warning dialog box that interrupts the installation of other browsers like Mozilla Firefox or Google Chrome.

  • Microsoft tests ‘warning’ Windows 10 users not to install Chrome or Firefox

    While the prompts can be turned off, they’re yet another example of Microsoft infesting Windows 10 with annoying ads and pop-ups. Some similar prompts already appear and attempt to push Chrome or Firefox users to use Edge, but this latest one steps up Microsoft’s war against Chrome even further. It’s not clear why Microsoft thinks it’s a good idea to include these irritating prompts, as all they’re likely to do is anger Windows 10 users rather than convince them to switch to Edge.

  • Microsoft Tests Warning Windows 10 Users About Installing Google Chrome or Mozilla Firefox [iophk: "yeah, Microsoft "loves" FOSS"]

    While the warning does not block the installation, it is a blatant move from Microsoft to try and stop users from downloading a rival's Web browser. As per a CNET report, test was confirmed in Windows 10 version 1809, build 17758.1. It is worth noting that it is a preview release, which will not be available to the general public for another month or so. In a statement to CNET, Microsoft referred to its Windows test programme, and said, "We're currently testing this functionality with insiders only. The Windows Insider Program enables Microsoft to test different features, functionality and garner feedback before rolling out broadly. Customers remain in control and can choose the browser of their choice." The Verge, on the other hand, cites its sources to say the warning will not make its way to the Windows 10 October 2018 Update.

Chrome 69 Tip for GNU/Linux and Beta of Next Chrome Release

Filed under
Google
Web
  • Change UI theme in Google Chrome 69

    Say what you will about Chrome, but over the years, it has maintained a rather consistent look & feel. The changes are mostly done under the hood and they do not interfere with how the user interacts with the browser. But occasionally, mostly guided by their wider influence in the OS space, especially the mobile world, Google has made some stylistic changes. Most notably, they introduced Material Design to the Chrome UI, and now, there's another facelift.

    I noticed the new looks in the freshly updated Chrome 69 in Kubuntu Beaver, and I wasn't too happy. The font is gray and pale, ergo contrast isn't as good as it should be, and the new round design feels odd. So I decided to change this back to the older style. Let me show you how you can do this.

    [...]

    There you go. If you don't like the aesthetically pleasing but ergonomically dubious change to the Chrome's UI look in version 69 onwards, then you can change (we don't know for how long) the layout back to what it was, or try one of the several available themes. The goal is to retain maximum visual clarity and efficiency. The old looks offer that. The new ones hamper that.

    I am quite alarmed by this trend. The only solace I get is the knowledge that a few Google shares in me possession are generating profit, which I shall use to heal my soul of all this sub-IQ100 touch-led destruction of the desktop and fast productivity, a crusade that started worldwide around 2011 or so.

  • Chrome 70 beta: shape detection, web authentication, and more

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. View a complete list of the features in Chrome 70 on ChromeStatus.com. Chrome 70 is beta as of September 13, 2018.

  • Chrome 70 In Beta With TLS 1.3, Opus Support In MP4 & AV1 Decode

    Following last week's Chrome 69 release, Chrome 70 is now in beta as the latest feature-update to Google's browser.

Browsh and Firefox on Old PCs (Better on GNU/Linux)

Filed under
GNU
Linux
Moz/FF
Web
  • Browsh – A Modern Text Based Browser Which Supports Graphics And Video

    We had wrote many articles about text based browser in the past such as Links, Links2, ELinks, Lynx, w3m and Netrik.

    Why we need a text-based browser in Linux? As you already know most of the Linux servers are running without GUI. It helps Linux administrator to browse the website from CLI.

    As i know, all these text-based browsers renders only web pages and supports color but browsh is advanced, well-established, feature-rich modern text based browser which supports graphics and video.

  • Firefox Just Dropped Windows XP and Vista Support, and Soon Steam Will Too

    Version 52 of Firefox’s Extended Support Edition (ESR) was the last version of Firefox compatible with Windows XP and Vista machines, but it is no longer getting security updates as of last week. This means any security flaws will never be patched, potentially putting users in danger of breaches.

WordPress Gutenberg will be the end of WordPress

Filed under
OSS
Web

WordPress is the most popular Content Management System (CMS) and blogging platform in the world. There are a lot of good reasons for that. It is accessible, simple and intuitive to use, and highly flexible, with a bewildering range of professional plugins and themes. Over the years, it has asserted itself as the dominant choice for those looking to create dynamic, responsive websites. I am a happy user, too. I've been using it myself since 2012, on my book writing blog. Unfortunately, all this goodness is poised to go down the drain.

WordPress 5.0, the next major release, is going to feature a revised UI (the backend) using a framework called Gutenberg. This new UI looks like it's going to take away all the good things that made WordPress so cool, and destroy the beautiful elegance, efficiency and simplicity with something that feels like an abstract, touch-optimized experiment. Let's discuss.

[...]

Unholy Crusade against the desktop

Ever since mobile (touch) became the prevalent consumer platform, there's been a lot of focus on developing mobile solutions. This is fine. Except these mobile solutions are also pushed onto the desktop, where they utterly fail. Touch software does not work on the desktop. It just does not.

Moreover, there's a bigger problem here. While most of the content is consumed on the mobile, most of the content is created on the desktop. It makes sense. The desktop is an infinitely superior platform for writing and image processing. The full keyboard + mouse combo and the multi-application usability beat all and any touch solution.

I do not consider social media "updates" content. I consider content to be meaningful articles that provide new and unique information, of which there is less and less every day. I am extremely confident than the vast majority of actually valuable articles and posts are made using the classic desktop formula. Just imagine writing 500 words on a keyboard versus touch.

Read more

The WebExtocalypse

Filed under
Moz/FF
Web

Mozilla recently dropped support for Firefox XUL extensions.

The initial threat of this prompted me to discover how to re-enable XUL extensions by modifying Firefox's omni.ja file. That clearly is not going to last very long since Mozilla is also deleting XPCOM interfaces but I note the Tor Browser is temporarily still using XUL extensions.

Since I have some extensions I wrote for myself, I will need to rewrite them as WebExtension add-ons.

The first thing to do is check how to install WebExtension add-ons. My local XUL extensions are run from the corresponding git trees. Using an example extension I discovered that this no longer works. The normal way to install add-ons is to use the web-ext tool, upload to the Mozilla app store and then install from there. This seems like overkill for an unpolished local add-on. One way to workaround this is to disable signing but that seems suboptimal if one has installed Mozilla-signed add-ons, which I will probably have to do until Debian packages more add-ons. Luckily Mozilla offers alternative "sideloading" distribution mechanisms and Debian enables these by default for the Debian webext-* packages. Installing a symlink to the git repository into the extensions directory and adding a gecko identifier to the add-on manifest.json file works.

Read more

Latest on Chrome and Mozilla

Filed under
Google
Moz/FF
Web
  • Google Wants to Kill the URL

     

    The focus right now, they say, is on identifying all the ways people use URLs to try to find an alternative that will enhance security and identity integrity on the web while also adding convenience for everyday tasks like sharing links on mobile devices.

  • Keybase: "Our browser extension subverts our encryption, but why should we care?"

    Two days ago I decided to take a look at Keybase. Keybase does crypto, is open source and offers security bug bounties for relevant findings — just the perfect investigation subject for me. It didn’t take long for me to realize that their browser extension is deeply flawed, so I reported the issue to them via their bug bounty program. The response was rather… remarkable. It can be summed up as: “Yes, we know. But why should we care?”

  • Daniel Stenberg: DoH in curl

    DNS-over-HTTPS (DoH) is being designed (it is not an RFC quite yet but very soon!) to allow internet clients to get increased privacy and security for their name resolves. I've previously explained the DNS-over-HTTPS functionality within Firefox that ships in Firefox 62 and I did a presentation about DoH and its future in curl at curl up 2018.

    We are now introducing DoH support in curl. I hope this will not only allow users to start getting better privacy and security for their curl based internet transfers, but ideally this will also provide an additional debugging tool for DoH in other clients and servers.

    Let's take a look at how we plan to let applications enable this when using libcurl and how libcurl has to work with this internally to glue things together.

  • Firefox 63 Beta On Linux Finally Runs WebExtensions In Their Own Process

    With Firefox 62.0 having shipped, Mozilla promoted Firefox 63.0 to beta as part of their usual release cadence.

    With Firefox 63.0 there are several Windows 10 and macOS improvements including better multi-GPU handling on Macs, faster tab switching, and better Windows 10 integration. But for Linux users there is one notable platform-specific change and that is WebExtensions now running in their own process.

Chrome 69

Filed under
Google
Web
  • Google Chrome Update Brings A UI Revamp And New Password Manager With More Accurate Auto Filling

    Google Chrome is the go to browser for most people. With a simple UI and great performance, it has been the most dominant browser for quite sometime.

    Today Google dropped a big update for Chrome, on it’s 10th Birthday. There are a lot of changes, including a UI revamp, a new password manager and more.

  • Chrome 69 Brings UI Refinement, Initial AV1 Decoder, Picture-In-Picture API

    While Firefox is hitting version 62 this week, Google has introduced Chrome 69 as the newest version of their cross-platform web-browser that recently celebrated its tenth birthday.

    With this Chrome 69 browser update there is a visual refresh to the user-interface as Google developers adopted the Material 2 design principles for the desktop browser. Chrome 69 also has various security improvements, CSS conic gradients support, CSS scroll snap positions, and various other developer additions.

Syndicate content

More in Tux Machines

EEE, Entryism and Openwashing

  • New Linux distro specifically designed for Windows comes to the Microsoft Store [Ed: WLinux or Whitewater Foundry not the first time people exploit Microsoft to put a price tag on FOSS such as LibreOffice. Microsoft is doing a fine job sabotaging the GNU/Linux 'ecosystem'.]
    WLinux is based on Debian, and the developer, Whitewater Foundry, claims their custom distro will also allow faster patching of security and compatibility issues that appear from time to time between upstream distros and WSL. [...] In return for saving developers time Whitewater Foundry is charging $19.99 (though the app is currently 50% off and the distribution can be downloaded from Github for free).
  • Open source dev gets Win32 apps running on Xbox One [Ed: Running blobs on two DRM platforms does not make you "Open source dev"]
  • Building Blocks of Secure Development: How to Make Open Source Work for You [Ed: Veracode self-promotion in "webinar" form, badmouthing FOSS to push their proprietary things. They work with Microsoft.]
  • SD Times open source project of the week: TonY [Ed: Openwashing of a surveillance operation at Microsoft]
    Unsatisfied with the available solutions for connecting the analytics-generating power of their TensorFlow machine learning implementations with the scalable data computation and storage capabilities of their Apache Hadoop clusters, developers at LinkedIn decided that they’d take matters into their own hands with the development of this week’s highlighted project, TonY.
  • Open Source: Automating Release Notes in Github [Ed: The New York Times is still propping up Microsoft hosting]
  • Opendesk launches augmented-reality shopping for its open-source furniture [Ed: Calling furniture "open"]
    Opendesk customers can now use augmented reality to see how the furniture brand's pieces look in their homes before ordering them from local makers. The augmented-reality (AR) experience launched with the arrival of Apple's iOS 12 operating system this week. It enables customers to use their smartphones to view some of Opendesk's furniture superimposed on the room in front of them.
  • Open Source Testing Startup Cypress Leaves Beta With Thousands of Users, Launches Paid Plans [Ed: This is not Open Source; they misuse the label and even put dashes ("open-source") because they know they're faking it.]
    Cypress.io‘s CEO Drew Lanham explains that the startup’s tool is software created by developers, for developers. The company was founded in 2014 by technologist Brian Mann, after observing that while computing and application development had changed drastically over the past decade, software testing had not. Large companies now release thousands of software updates a year, often on a daily basis across their organization. Technology teams aim to move rapidly, iterating on an agile basis and working in parallel so they can sync their code together even faster. But, as Lanham explains, the testing software out there was far outdated for these agile processes.
  • Kindred Introduces SenseAct, the First Reinforcement Learning Open-Source Toolkit for Physical Robots [Ed: Kindred or SenseAct not actually FOSS; but they sure try to make it seem that way, by focusing on a toolkit.]

Top Linux Distros for Software Developers

A major factor in the choice of Linux distro is your personal preference. You may try one of the most popular Linux distros but find that you prefer one that’s less often used. Your experience with Linux will also factor into which distro is suited to you. With the benefits Linux can offer — including flexibility, stability, and support — it’s worth evaluating your options. Read more

Source Code From Deutsche Telekom

  • Edge compute platform is open source
    Deutsche Telekom and Aricent have partnered for the creation of an Open Source, low latency Edge compute platform available to operators, to enable them to develop and launch 5G mobile applications and services faster.
  • Deutsche Telekom and Aricent Create Open Source Edge Software Framework
    Deutsche Telekom and Aricent today announced the creation of an Open Source, Low Latency Edge Compute Platform available to operators, to enable them to develop and launch 5G mobile applications and services faster. The cost-effective Edge platform is built for software-defined data centers (SDDC) and is decentralized, to accelerate the deployment of ultra-low latency applications. The joint solution will include a software framework with key capabilities for developers, delivered as a platform-as-a-service (PaaS) and will incorporate cloud-native Multi-access edge computing (MEC) technologies.
  • DT and Aricent announce telco Open Source Edge framework for 5G
    Deutsche Telekom and Aricent have announced the creation of an Open Source Edge software framework, designed especially for developers, platform-as-a-service and cloud-native multi-access edge computing technologies and on-track to intersect with the deployment of 5G enabled network edge facilities to tackle ultra-low latency network applications. The Edge platform has been built for software-defined data centers (SDDC) and will include a software framework with key capabilities for developers, delivered as a platform-as-a-service (PaaS) and will incorporate cloud-native Multi-access edge computing (MEC) technologies.
  • Deutsche Telekom, Aricent brew up edge compute platform for 5G apps and services
    In order to speed up the rollout of 5G applications and services, Duetsche Telekom and Aricent have teamed up to build an edge compute platform. The open source, edge software framework was built for use in software-defined data centers in decentralized locations. It also uses cloud-native multiaccess edge computing (MEC) technologies.
  • Deutsche Telekom, Aricent Bridge Cloud Native, Telco MEC Gap
    German telecom giant Deutsche Telekom and Aricent threw their collective weight behind an open source edge computing platform targeted at software-defined data centers (SDDC). The initiative gamely joins a growing list of open source multi-access edge computing (MEC) initiatives. The DT-Aricent collaboration is at its core a decentralized platform designed to help telecom operators develop and launch low-latency 5G mobile applications and services. It includes a software framework with features delivered through a platform-as-a-service (PaaS) model.

Android Leftovers