Language Selection

English French German Italian Portuguese Spanish

Web

Google Does 'Squoosh' and Microsoft Cannot Even Get the Basics Right

Filed under
Google
Web

Ghostery - The eye of the tracker is upon you

Filed under
Moz/FF
Web

Here's a mind-blowing but obvious realization: the Internet is one giant shopping litmus test lab, with billions of voluntary participants helping big corporations fine-tune their products and marketing strategies. This is done without the use of elaborate, interruptive questionnaires. All it takes is some Javascript running behind every visible Web page, and Bob's your uncle.

The most pervasive form of marketing is, you guessed right, online ads. Shown to you in all sorts of shapes and colors, they not only peddle wondrous solutions, they also directly and indirectly measure (i.e. track) the human response to the shown content, and this wealth of statistical data is used to make future products and future ads work even better for the selling party. On its own, this might not be bad, except people are greedy. What might have been just innocent marketing has become one giant data harvesting industry, going way beyond simple browsing habits. If you are not so keen on participating mind and soul, you are probably using an ad blocker tool of some sort. We talked about Noscript, we talked about UMatrix, we talked about Adblock Plus. Today, we will talk about Ghostery.

[...]

Ghostery is an interesting tool, with a pleasant interface, flexible and granular control of tracking elements, some odd quirks, and a questionable opt-in feature. It is indeed as I expected, a bridge between a plug-n-play ad blocker and a fully featured Javascript manager like Noscript. The good thing is, it works well in unison with either one of these, so you can mix. Shake 'n' bake. For example, intimidated by Noscript or UMatrix? You can use Adblock Plus plus [sic] Ghostery. The former for ads, the latter for extra trackers, no crippling of Javascript functionality. And then, the tool can block ads on its own, too.

I believe Ghostery works best in the complementary mode. It is also best suited for less skilled users who seek more control than just ad blocking, and the cross-platform availability sure makes it appealing. The one thing that remains outstanding is the use of the opt-in policy. Not sure how that fits into the larger scheme of things. That said, I believe it's worth testing and exploring. So far, I'm pleased with its mode of work, and the results from my escapade are promising. Now whether one should really care about these trackers and all that, well that's a separate story. Or as they say, all your ad are belong to us.

Read more

12 Firefox Add-ons for Developers & Designers

Filed under
Development
Moz/FF
Web

Just recently, we released a post on the 12 Google Chrome Extensions for Developers & Designers and while some of those extensions are available on Firefox, I wouldn’t repeat any here.

In the same way, some of the extensions listed below are available on Chrome so consider such apps as bonuses for the respective browsers.

Read more

Also: Daniel Lange: Firefox asking to be made the default browser again and again

Best Free Linux News Aggregators (Updated 2018)

Filed under
Software
Web

It’s been a long time since we covered news aggregators, and there’s been notable entrants and leavers to the scene. With regard to the leavers, Google Reader was discontinued in July 2013. And software like Newsbeuter, RSSOwl, Blogbridge, and Bloglines have been abandoned by their respective developers. Fortunately, there’s a number of great replacements that have filled the void.

A news aggregator is software which collect news, weblog posts, and other information from the web so that they can be read in a single location for easy viewing. With the range of news sources available on the internet, news aggregators play an essential role in helping users to quickly locate breaking news.

For individuals that read lots of weblogs, a news aggregator makes keeping track of them effortless, and particularly useful if the weblogs are only updated occasionally.

There are a number of different file formats which information publishers use. The most frequently ones are RSS and Atom. RSS is an acronym for Really Simple Syndication. It is a defined standard based on XML with the specific purpose of delivering updates to web-based content. In other words, RSS is a Web content syndication format.

Read more

The D in Systemd stands for 'Dammmmit!' A nasty DHCPv6 packet can pwn a vulnerable Linux box

Filed under
Red Hat
Security
Web

A security bug in Systemd can be exploited over the network to, at best, potentially crash a vulnerable Linux machine, or, at worst, execute malicious code on the box.

The flaw therefore puts Systemd-powered Linux computers – specifically those using systemd-networkd – at risk of remote hijacking: maliciously crafted DHCPv6 packets can try to exploit the programming cockup and arbitrarily change parts of memory in vulnerable systems, leading to potential code execution. This code could install malware, spyware, and other nasties, if successful.

The vulnerability – which was made public this week – sits within the written-from-scratch DHCPv6 client of the open-source Systemd management suite, which is built into various flavors of Linux.

Read more

Proprietary Browsers (With Some Code): Vivaldi 2.1 and Chrome 71 Beta

Filed under
OSS
Web
  • Vivaldi 2.1 Adds AV1 Video Codec Support, Puts More Power into Quick Commands

    Vivaldi Technologies released today Vivaldi 2.1, the first point release to the 2.x series of the Chromium-based, cross-platform web browser.

    Vivaldi is known as "the web browser for power users," so Vivaldi 2.1 continues to bring more productivity additions in an attempt to make you more efficient when using Vivaldi to browse the Web or do whatever work you're doing at the office. The start of this release is Quick Commands, which received a bunch of new features.

  • Chrome 71 Beta Offers Low-Latency Canvas Contexts, International Relative Time

    With Google Chrome/Chromium 70 having debuted last week, promoted now from dev to beta is Chrome 71.

    Chrome 71 Beta introduces a new JavaScript interface for an international relative time format with support for multiple languages/words/phrases for handling relative time measurements. The new beta also has new full-screen options for Android, the full-screen API itself is now un-prefixed, new TextEncoderStream and TextDecoderStream APIs, various interoperability improvements, and other developer changes primarily around JavaScript and some CSS.

  • Chrome 71 Beta: relative time formats and more

    Unless otherwise noted, changes described below apply to the newest Chrome Beta channel release for Android, Chrome OS, Linux, macOS, and Windows. View a complete list of the features in Chrome 71 on ChromeStatus.com. Chrome 71 is beta as of October 25, 2018.

Browsing the web with Min, a minimalist open source web browser

Filed under
OSS
Web

Does the world need another web browser? Even though the days of having a multiplicity of browsers to choose from are long gone, there still are folks out there developing new applications that help us use the web.

One of those new-fangled browsers is Min. As its name suggests (well, suggests to me, anyway), Min is a minimalist browser. That doesn't mean it's deficient in any significant way, and its open source, Apache 2.0 license piques my interest.

Read more

Brave and Firefox Latest

Filed under
Moz/FF
Web
  • Brave Browser Team Up With Tor

     

    TOR [sic] or The Onion Router uses technology that separates your computer from the website you’re viewing by routing the network traffic through 3 seperate servers before it reaches your computer. That being said Brave Core Beta hasn’t been fully tested yet so “users should not rely on it for serious use just yet,” Brave said.

  •  

  • Your RSS is grass: Mozilla euthanizes feed reader, Atom code in Firefox browser, claims it's old and unloved

    When Firefox 64 arrives in December, support for RSS, the once celebrated content syndication scheme, and its sibling, Atom, will be missing.

    "After considering the maintenance, performance and security costs of the feed preview and subscription features in Firefox, we’ve concluded that it is no longer sustainable to keep feed support in the core of the product," said Gijs Kruitbosch, a software engineer who works on Firefox at Mozilla, in a blog post on Thursday.

    RSS – which stands for Rich Site Summary, RDF Site Summary, or Really Simple Syndication, as you see fit – is an XML-based format for publishing and subscribing to web content feeds. It dates back to 1999 and for a time was rather popular, but been disappearing from a variety of applications and services since then.

    Mozilla appears to have gotten the wrecking ball rolling in 2011 when it removed the RSS button from Firefox. The explanation then was the same as it is now: It's just not very popular.

  • Cameron Kaiser: It's baaaaa-aaack: TenFourFox Intel

    It's back! It's undead! It's ugly! It's possibly functional! It's totally unsupported! It's ... TenFourFox for Intel Macs!

    Years ago as readers of this blog will recall, Claudio Leite built TenFourFox 17.0.2 for Intel, which the update check-in server shows some determined users are still running to this day on 10.5 and even 10.4 despite various problems such as issue 209. However, he didn't have time to maintain it, and a newer version was never built, though a few people since then have made various attempts and submitted some patches.

    One of these attempts is now far enough along to the point where I'm permitted to announce its existence. Riccardo Mottola has done substantial work on getting TenFourFox to build and run again on old Intel Macs with a focus on 32-bit compatibility, and his patches have been silently lurking in the source code repository for some time. Along with Ken Cunningham's additional work, who now also has a MacPorts portfile so you can build it yourself (PowerPC support in the portfile is coming, though you can still use the official instructions, of course), enough functions in the new Intel build that it can be used for basic tasks.

Fediverse and Mastodon

Filed under
OSS
Web
  • Spritely: towards secure social spaces as virtual worlds

    If you follow me on the fediverse, maybe you already know. I've sent an announcement to my work that I am switching to doing a project named Spritely on my own full time. (Actually I'm still going to be doing some contracting with my old job, so I'll still have some income, but I'll be putting a full 40 hours a week into Spritely.)

    tl;dr: I'm working on building the next generation of the fediverse as a distributed game. You can support this work if you so wish.

  • The demise of G+ and return to blogging (w/ mastodon integration)

    I’m back to blogging, after shutting down my wordpress.com hosted blog in spring. This time, fully privacy aware, self hosted, and integrated with mastodon.

    Let’s talk details: In spring, I shutdown my wordpress.com hosted blog, due to concerns about GDPR implications with comment hosting and ads and stuff. I’d like to apologize for using that, back when I did this (in 2007), it was the easiest way to get into blogging. Please forgive me for subjecting you to that!

    Recently, Google announced the end of Google+. As some of you might know, I posted a lot of medium-long posts there, rather than doing blog posts; especially after I disabled the wordpress site.

Four Web Browsers for the Linux Command Line

Filed under
GNU
Linux
Web

Remember the days when the web was as simple as searchable text. The terminals and low powered personal computers were enough to access the text-based web over snail-paced internet connections. Of course, people then used the command-line web browsers to visit the web; these included the famous Lynx browser as well. Times have changed now, the browser technology has shifted to the graphical and more powerful web-browsers such as Chrome, Firefox and, Safari. Still, there are people who are more Terminal savvy and prefer accessing to-the-point information from the web through Terminal based browsing. Even Terminal based computers also exist and for them, command-line browsers are sometimes the only way to connect to the web. So how do we install and use these text-based browsers through our Linux command-line, the Terminal?

Read more

Syndicate content

More in Tux Machines

Qt/KDE: Qt for Python, Inkscape Dark Theme on KDE Plasma, Atelier at Maker Faire and QtCon 2018!

  • Python and Qt: 3,000 hours of developer insight
    With Qt for Python released, it’s time to look at the powerful capabilities of these two technologies. This article details one solopreneur’s experiences. [...] The big problem with Electron is performance. In particular, the startup time was too high for a file manager: On an admittedly old machine from 2010, simply launching Electron took five seconds. I admit that my personal distaste for JavaScript also made it easier to discount Electron. Before I go off on a rant, let me give you just one detail that I find symptomatic: Do you know how JavaScript sorts numbers? Alphabetically. ’nuff said. After considering a few technologies, I settled on Qt. It’s cross-platform, has great performance and supports custom styles. What’s more, you can use it from Python. This makes at least me orders of magnitude more productive than the default C++.
  • Inkscape Dark Theme on KDE Plasma
    On KDE Plasma, it's very easy to setup Inkscape Dark Theme. To do so, go to System Settings > Application Style > GNOME/GTK+ Style > under GTK+ Style: switch all themes to Dark ones and give check mark to Prefer Dark Theme > Apply. Now your Inkscape should turned into dark mode. To revert back, just revert the theme selections. This trick works on Kubuntu or any other GNU/Linux system as long as it uses Plasma as its desktop environment.
  • Atelier at Maker Faire and QtCon 2018!
    On the weekend of November 3 and 4, it happened on Rio de Janeiro the first Maker Faire of Latin America. And I was able to do a talk about Atelier and the current status of our project. The event hold more than 1.500 people on the first day, that saw a lot of talks and the exposition of makers of all over the country that came to Rio to participate in this edition of the Maker Faire.

Security: Updates, Systematic Evaluation of Transient Execution Attacks and Defenses, New IoT Security Regulations and GPU Side-Channel Attacks

  • Security updates for Thursday
  • A Systematic Evaluation of Transient Execution Attacks and Defenses

    [...] we present a sound and extensible systematization of transient execution attacks. Our systematization uncovers 7 (new) transient execution attacks that have been overlooked and not been investigated so far. This includes 2 new Meltdown variants: Meltdown-PK on Intel, and Meltdown-BR on Intel and AMD. It also includes 5 new Spectre mistraining strategies. We evaluate all 7 attacks in proof-of-concept implementations on 3 major processor vendors (Intel, AMD, ARM). Our systematization does not only yield a complete picture of the attack surface, but also allows a systematic evaluation of defenses. Through this systematic evaluation, we discover that we can still mount transient execution attacks that are supposed to be mitigated by rolled out patches.

  • New IoT Security Regulations
    Due to ever-evolving technological advances, manufacturers are connecting consumer goods­ -- from toys to light bulbs to major appliances­ -- to the Internet at breakneck speeds. This is the Internet of Things, and it's a security nightmare. The Internet of Things fuses products with communications technology to make daily life more effortless. Think Amazon's Alexa, which not only answers questions and plays music but allows you to control your home's lights and thermostat. Or the current generation of implanted pacemakers, which can both receive commands and send information to doctors over the Internet. But like nearly all innovation, there are risks involved. And for products born out of the Internet of Things, this means the risk of having personal information stolen or devices being overtaken and controlled remotely. For devices that affect the world in a direct physical manner -- ­cars, pacemakers, thermostats­ -- the risks include loss of life and property.
  • University Researchers Publish Paper On GPU Side-Channel Attacks
    University researchers out of University of California Riverside have published a paper this week detailing vulnerabilities in current GPU architectures making them vulnerable to side-channel attacks akin to Spectre and Meltdown. With their focus on NVIDIA GPUs, UCLA Riverside researchers demonstrated attacks both for graphics and compute by exploiting the GPU's performance counters. Demonstrated attacks included a browser-based attack, extracting passwords / keystroke logging, and even the possibility of exposing a CUDA neural network algorithm.

VirtualBox 6.0 Beta 2

  • Announcement: VirtualBox 6.0 Beta 2 released
    Please do NOT use this VirtualBox Beta release on production machines! A VirtualBox Beta release should be considered a bleeding-edge release meant for early evaluation and testing purposes. You can download the binaries here: http://download.virtualbox.org/virtualbox/6.0.0_BETA2 Please do NOT open bug reports at our public bugtracker but use our VirtualBox Beta Feedback forum at https://forums.virtualbox.org/viewforum.php?f=15 to report any problems with the Beta. Please concentrate on reporting regressions since VirtualBox 5.2! Version 6.0 will be a new major release. Please see the forum at https://forums.virtualbox.org/viewtopic.php?f=15&t=90315 for an incomplete list of changes. Thanks for your help! Michael
  • VirtualBox 6.0 Beta 2 Adds File Manager For Host/Guest File Copies, OS/2 Shared Folder
    Last month Oracle rolled out the public beta of VirtualBox 6.0 though didn't include many user-facing changes. They have now rolled out a second beta that does add in a few more features. VirtualBox 6.0 Beta 2 was released today and to its user-interface is a new file manager that allows the user to control the guest file-system with copying file objects between the host and guest. Also improved with VirtualBox 6.0 Beta 2 is better shared folder auto-mounting with the VBox Guest Additions. This beta even brings initial shared folder support to the guest additions for OS/2.

Thunderbird version 60.3.1 now Available, Includes Fixes for Cookie Removal and Encoding Issues

Thunderbird happens to be one of the most famous Email client. It is free and an open source one which was developed by the Mozilla Foundation back in 2003, fifteen years ago. From a very basic interface, it has come a long way to be what it is today in 2018. With these updates, a recent one into the 60.x series from the 52.x series was a significant one. While the 60.x (60.3.0) update started rolling out, Mozilla was keen to push out 60.3.1. This new version of Thunderbird had a few bugs and kinks here and there which needed to be addressed which Mozilla did, most of them at least. Read more