Language Selection

English French German Italian Portuguese Spanish

Google

The Demise of Chromium as Free Software

Filed under
Google
Web
  • This is why Leading Linux Distros going to remove Chromium from their Official Repositories

    Jochen Eisinger from Google team mentioned in a discussion thread that they will be banning sync support system of Chromium. This lead to lot of frustration in the Linux Dev community & rage against googles sudden decision.
    This Decision can kill small browser projects & lead the web to single browser monopoly i.e. Google Chrome!

    As a result of the googles decision multiple distros are strictly considering removal of Chromium from their official repositories. Leading distros like Arch Linux, Fedora, Debian, Slackware & OpenSUSE have stated that if the sync support goes down from google they will definitely remove chromium from their official repositories.

  • Chromium 88 removes Flash support [Ed: But DRM added]

    I uploaded a set of chromium packages to my repository today. Chromium 88.0.4324.96 sources were released two days ago.

    The release notes on the Google Chrome Releases Blog mention 36 security fixes with at least one being tagged as “critical” but the article does not mention that Flash support has been entirely removed from Chromium now.

    Adobe’s Flash was already actively being blocked for a long time and you had to consciously enable Flash content on web pages, but after Adobe discontinued Flash on 1st of January 2021 it was only a matter of time before support in web browsers would be removed as well.

    Let’s also briefly revisit the topic of my previous post – Google will remove access to Chrome Sync for all community builds of the open source variant of their Chrome browser: Chromium… thereby crippling it as far as I am concerned.

  • Chrome 89 Preparing To Ship With AV1 Encoder For WebRTC Usage [Ed: Massive patent trap]

    Now that Chrome 88 released, attention is turning to Chrome 89 of which an interesting technical change is the enabling of AV1 encode support within the web browser.

    Going back to 2018 there's been AV1 decode support within the browser when wanting to enjoy content encoded in this royalty-free, modern codec. But now for Chrome 89 is coming AV1 encode support.

    AV1 encode support is being added for the WebRTC use-case for real-time conferencing. Web applications like WebEx, Meet, and Duo (among others) already support using AV1 for better compression efficiency, improved low-bandwidth handling, and greater screen sharing efficiency. While hardware-based AV1 encoding isn't yet common, Chrome Linux/macOS/Windows desktop builds are adding the ability to use CPU-based AV1 encoding.

Google and Mozilla Embrace More Restrictions

Filed under
Google
Moz/FF
Web
  • Extensions in Firefox for Android Update | Mozilla Add-ons Blog

    Starting with Firefox 85, which will be released January 25, 2021, Firefox for Android users will be able to install supported Recommended Extensions directly from addons.mozilla.org (AMO). Previously, extensions for mobile devices could only be installed from the Add-ons Manager, which caused some confusion for people accustomed to the desktop installation flow. We hope this update provides a smoother installation experience for mobile users.

    As a quick note, we plan to enable the installation buttons on AMO during our regularly scheduled site update on Thursday, January 21. These buttons will only work if you are using a pre-release version of Firefox for Android until version 85 is released on Tuesday, January 25.

  • Porting Firefox to Apple Silicon

    The release of Apple Silicon-based Macs at the end of last year generated a flurry of news coverage and some surprises at the machine’s performance. This post details some background information on the experience of porting Firefox to run natively on these CPUs.

    We’ll start with some background on the Mac transition and give an overview of Firefox internals that needed to know about the new architecture, before moving on to the concept of Universal Binaries.

    We’ll then explain how DRM/EME works on the new platform, talk about our experience with macOS Big Sur, and discuss various updater problems we had to deal with. We’ll conclude with the release and an overview of various other improvements that are in the pipeline.

  • Google muzzles all Chromium browsers on 15 March 2021

    What is the relevance I hear you ask.
    Well, I provide Chromium packages for Slackware, both 32bit and 64bit versions. These chromium packages are built on our native Slackware platform, as opposed to the official Google Chrome binaries which are compiled on an older Ubuntu probably, for maximum compatibility across Linux distros where these binaries are used. One unique quality of my Chromium packages for Slackware is that I provide them for 32bit Slackware. Google ceased providing official 32bit binaries long ago.

    In my Slackware Chromium builds, I disable some of the more intrusive Google features. An example: listening all the time to someone saying “OK Google” and sending the follow-up voice clip to Google Search.

    And I create a Chromium package which is actually usable enough that people prefer it over Google’s own Chrome binaries, The reason for this usefulness is the fact that I enable access to Google’s cloud sync platform through my personal so-called “Google API key“. In Chromium for Slackware, you can logon to your Google account, sync your preferences, bookmarks, history, passwords etc to and from your cloud storage on Google’s platform. Your Chromium browser on Slackware is able to use Google’s location services and offer localized content; it uses Google’s translation engine, etcetera. All that is possible because I formally requested and was granted access to these Google services through their APIs within the context of providing them through a Chromium package for Slackware.

    The API key, combined with my ID and passphrase that allow your Chromium browser to access all these Google services are embedded in the binary – they are added during compilation. They are my key, and they are distributed and used with written permission from the Chromium team.

    These API keys are usually meant to be used by software developers when testing their programs which they base on Chromium code. Every time a Chromium browser I compiled talks to Google through their Cloud Service APIs, a counter increases on my API key. Usage of the API keys for developers is rate-limited, which means if an API key is used too frequently, you hit a limit and you’ll get an error response instead of a search result. So I made a deal with the Google Chromium team to be recognized as a real product with real users and an increased API usage frequency. Because I get billed for every access to the APIs which exceeds my allotted quota and I am generous but not crazy.
    I know that several derivative distributions re-use my Chromium binary packages (without giving credit) and hence tax the usage quota on my Google Cloud account, but I cover this through donations, thank you my friends, and no thanks to the leeches of those distros.

Proprietary Software and Security Issues

Filed under
Google
Microsoft
Security
  • Google Blames Gmail, YouTube Outage on Error in User ID System

    Google diagnosed a widespread outage that knocked out major services earlier this week, such as Gmail and YouTube, as a mistake with its system for identifying people online.

    Alphabet Inc.’s Google has several tools that enable it to verify and track logged-in users. In October, the company began moving those tools to a new file storage system, and in the process misreported portions of the data, according to a Friday post. That caused several of its services to go down for 47 minutes Monday morning, a rare technical misstep.

  • Windows 10 updates cause CorsairVBusDriver BSOD crash loop
  • Microsoft has delivered a partial fix for this nagging Windows 10 bug

    Microsoft has released a partial fix for a known issue affecting Windows 10 devices with certain audio drivers for Conexant and Synaptics devices. The issue has been under investigation since May this year.

  • Attackers in compromised US system at least since mid-2019: report

    Malicious attackers, who were exposed as having hit a number of government and private sector entities through software made by Texas firm SolarWinds, appear to have gained access to that firm's network as early as mid-2019, Yahoo! News claims.

  • Suspected Russian [attack]: Was it an epic cyber attack or spy operation?

    But for many current and former American officials, that’s not the right way to look at it. By [cracking] into dozens of corporations and government agencies, they say, the [crackers] have pulled off a stunning and distressing feat of espionage. But they note that it’s just the sort of cyber spying that the American National Security Agency attempts on a regular basis against Russia, China and any number of foreign adversaries.

    It might constitute an attack if the intruders destroyed data, for example, or used their access to do damage in the physical world, say, by shutting down power grids. But breaking into unclassified government and corporate networks? Reading other people’s emails? That’s spying.

  • Exploiting a stack-based buffer overflow in practice

    In my previous post, I detailed a fun method of obtaining root access on the Zyxel VMG8825-T50 router, which required physical access to the device and authenticated access to the web interface.

    In this post, I will detail the exploitation of a vulnerability that could potentially result in unauthenticated RCE as root, given LAN access only. This vulnerability was also found on the VMG8825-T50 router, but it turns out to be present in multiple other Zyxel devices.

Expanding Fuchsia's open source model

Filed under
Google
OSS

Fuchsia is a long-term project to create a general-purpose, open source operating system, and today we are expanding Fuchsia’s open source model to welcome contributions from the public.

Fuchsia is designed to prioritize security, updatability, and performance, and is currently under active development by the Fuchsia team. We have been developing Fuchsia in the open, in our git repository for the last four years. You can browse the repository history at https://fuchsia.googlesource.com to see how Fuchsia has evolved over time. We are laying this foundation from the kernel up to make it easier to create long-lasting, secure products and experiences.

Starting today, we are expanding Fuchsia's open source model to make it easier for the public to engage with the project. We have created new public mailing lists for project discussions, added a governance model to clarify how strategic decisions are made, and opened up the issue tracker for public contributors to see what’s being worked on. As an open source effort, we welcome high-quality, well-tested contributions from all. There is now a process to become a member to submit patches, or a committer with full write access.

Read more

Also: Google's Fuchsia Open-Source OS To Begin Accepting Community Contributions

WWW: WordPress, Chrome, Mozilla

Filed under
Server
Google
Moz/FF
Web
  • Half of Websites Will Be WordPress-Driven by 2025 / Digital Information World

    Based on CMS usage trends, now available for 2019 and most of the current year, several outlets have projected that WordPress will be the driving force behind half of all websites by 2025. According to the newest numbers by W3Techs, its usage is growing by 2.47% per year on average. If it continues at this rate, WordPress will surpass 50% market share, potentially within the next five years.

    [...]

    The pandemic has hastened the shift from brick-and-mortar to e-commerce by roughly five years. Today's 'online first' strategy is commonplace for many new and established businesses. However, as of 2019, less than two-thirds of small businesses had a website. For many business thought-leaders, the idea that a brand is too small or unsuitable for online trade ceases to exist. In the post-millennial marketplace, stores without an online presence give the impression that you're no longer in business.

    The trajectory of WordPress has historically depended on the demands of its users. It's continuously unfolded to cater to millions of bloggers and webmasters around the globe. Improvements such as REST API and the Gutenberg editor means WordPress is now better placed to contend with closed-source competitors Shopify, Wix, and Squarespace. Furthermore, you can anticipate developers will see WordPress as a simple solution to power the expansion of all varieties of mobile and web apps.

  • Chrome to remove HTTP/2 Push

    Chromium developers have announced that they plan to remove support for HTTP/2 server push from the market-leading browser engine. Server push lets web servers preemptively send clients resources it expects them to request later. The technique can reduce the number of network round-trips required before the client has all the resources it needs to display a page. The announcement cited high implementation complexity, low adoption among websites, and questionable performance gains as the reason for the removal.

    Server push is an optional feature introduced in the HTTP/2 standard. Chrome can remove it and remain compatible with the HTTP/2 standard. When used correctly, server push can greatly improve page-load times. It also enables use-cases like instant redirects.

  • celery-batches 0.4 released!

    Earlier today I released a version 0.4 of celery-batches with support for Celery 5.0. As part of this release support for Python < 3.6 was dropped and support for Celery < 4.4 was dropped.

  • This Week in Glean: Glean is Frictionless Data Collection

    So you want to collect data in your project? Okay, it’s pretty straightforward.

Google Publishes Latest Linux Core Scheduling Patches So Only Trusted Tasks Share A Core

Filed under
Linux
Google

Google engineer Joel Fernandes sent out the ninth version of their "core scheduling" patches for the Linux kernel that allows for allowing only trusted tasks to run concurrently on the same CPU core -- in cases where Hyper Threading is involved to safeguard the system against the possible security exploits.

Core Scheduling has been a popular topic since vulnerabilities like MDS and L1TF have come to light. Core Scheduling aims to make Hyper Threading safer and by only letting trusted tasks share a CPU core is a reasonable safeguard for still leaving Hyper Threading active on servers rather than disabling it in the name of security. DigitalOcean, Oracle, Google, and other major x86_64 players have all been interested in core scheduling and working on different solutions in order to keep HT/SMT active. Particularly for the major cloud server providers having to disable HT/SMT would be a big blow to their models.

Read more

FydeOS beta brings Chromium OS to the PineBook Pro (Android app support too)

Filed under
GNU
Linux
Google

The PineBook Pro is a $200 laptop with a 14 inch full HD display, a Rockchip RK3399 processor, 4GB of RAM, 64GB of storage, and support for a bunch of different operating systems… most of which are GNU/Linux distributions.

But you can also turn the laptop into a Chromebook-like device by installing a new beta release of FydeOS 11.2 for the PineBook Pro.

Read more

Noscript cures font vulnerabilities

Filed under
Google
Moz/FF
Security
Web

In the past month, I've read about a dozen security bulletins involving remote execution exploits due to font parsing vulnerabilities in a range of operating systems, from desktop to mobile. In all these cases, there was a detailed mention of problems, but very little if any mention of possible solutions, other than vendor updates, that is.

Which is rather intriguing, because there is a tool that can help you with fonts. It's called Noscript, it's a supreme browser extension available in Firefox and more recently in Chrome, and it allows you to govern the loading of fonts in your webpages. A simple and elegant tool that can save - or at the very least, significantly minimize, headache with fonts. But does it get the spotlight it deserves? Of course not, drama and fear are far more interesting. Let's see what gives.

Read more

Uncovering the Best Open Source Google Analytics Alternatives

Filed under
Google
OSS
Web

Web analytics is the measurement, collection, analysis and reporting of internet data. In a nutshell, it is the study of website visitor behavior. It is the process of using online data to transform a organization from faith-based to data driven.

This type of software helps you generate a holistic view of your business by turning customer interactions into actionable insights. Using reports and dashboards, web analytics software lets you sort, sift and share real-time information to help identify opportunities and issues. Keeping track of web visitors, analyzing traffic sources, measuring sales and conversions are just some of the possibilities.

Google Analytics is an excellent well known free service that lets webmasters and site owners access web analytics data. The web service generates detailed statistics about a website’s traffic and sources. It helps marketers and is the most widely used website statistics service. But the biggest downside with Google Analytics is that your data is controlled and used for Google’s own purposes, not just by you. It is also not an open source solution, with a webmaster or site owner being denied access to the raw data.

There are also many other remote-hosted web analytics services that are well-designed and comprehensive. However, if you want an open source solution where the software is hosted on your own server, there are some good alternatives. Having the software installed on your server means that you retain full control over your data, with the possibility of integrating that data into your own system. This solution might, for example, be important to people who do not want to give Google (or another organization) the invitation to control a large portion of their online activity, or who want to be fully in control of visitor privacy.

To provide an insight into the quality of software that is available, we have compiled the following list of open source web analytics software.

Read more

Also: ITFirms Lists Top Free, Open-Source Statistical Analysis Software

USDOJ Takes on Google, Mozilla Responds

Filed under
Google
Moz/FF
Web
Legal
  • Justice Department Sues Monopolist Google For Violating Antitrust Laws

    oday, the Department of Justice — along with eleven state Attorneys General — filed a civil antitrust lawsuit in the U.S. District Court for the District of Columbia to stop Google from unlawfully maintaining monopolies through anticompetitive and exclusionary practices in the search and search advertising markets and to remedy the competitive harms. The participating state Attorneys General offices represent Arkansas, Florida, Georgia, Indiana, Kentucky, Louisiana, Mississippi, Missouri, Montana, South Carolina, and Texas.

    “Today, millions of Americans rely on the Internet and online platforms for their daily lives. Competition in this industry is vitally important, which is why today’s challenge against Google — the gatekeeper of the Internet — for violating antitrust laws is a monumental case both for the Department of Justice and for the American people,” said Attorney General William Barr. “Since my confirmation, I have prioritized the Department’s review of online market-leading platforms to ensure that our technology industries remain competitive. This lawsuit strikes at the heart of Google’s grip over the internet for millions of American consumers, advertisers, small businesses and entrepreneurs beholden to an unlawful monopolist.”

  • Mozilla Reaction to U.S. v. Google

    Like millions of everyday internet users, we share concerns about how Big Tech’s growing power can deter innovation and reduce consumer choice. We believe that scrutiny of these issues is healthy, and critical if we’re going to build a better internet. We also know from firsthand experience there is no overnight solution to these complex issues. Mozilla’s origins are closely tied to the last major antitrust case against Microsoft in the nineties.

    In this new lawsuit, the DOJ referenced Google’s search agreement with Mozilla as one example of Google’s monopolization of the search engine market in the United States. Small and independent companies such as Mozilla thrive by innovating, disrupting and providing users with industry leading features and services in areas like search. The ultimate outcomes of an antitrust lawsuit should not cause collateral damage to the very organizations – like Mozilla – best positioned to drive competition and protect the interests of consumers on the web.

  • DOJ May Force Google To Sell Chrome To Settle Antitrust Case: Report

    he U.S. Department of Justice may force Google to sell its Chrome browser. The development came after the US Congress’ antitrust report on big tech companies.

    It is also told that the DOJ is targeting Google’s advertising business as well. The prosecutors aim at breaking Google’s monopoly on the $162 billion digital advertising market. Politico reported the development via anonymous sources.

Syndicate content

More in Tux Machines

Free, Libre, and Open Source Software Leftovers

  • Raptor Announces Kestrel Open-Source, Open HDL/Firmware Soft BMC

    Raptor Engineering known for their work on open-source POWER9 systems has announced Kestrel, an open-source baseboard management controller (BMC) design that is open down to the HDL design and firmware. Raptor describes Kestrel as "the world's first open HDL / open firmware soft BMC, built on POWER and capable of IPLing existing OpenPOWER systems!" This isn't a physical BMC chip but a "soft" BMC that is currently designed and tested on Lattice ECP-5 FPGAs. It can currently handle an initial program load (IPL) for a POWER9 host like the Blackbird and Talos II systems of Raptor Computing Systems after deactivating the existing ASpeed hardware BMC found on those systems.

  • Apache Superset Reaches Top-Level Status For Big Data Visualizations

    The Apache Software Foundation announced on Thursday that Apache Superset reached "top-level" status. Apache Superset is the project's big data visualization and business intelligence web solution. Apache Superset allows for big data exploration and visualization with data from a variety of databases ranging from SQLite and MySQL to Amazon Redshift, Google BigQuery, Snowflake, Oracle Database, IBM DB2, and a variety of other compatible data sources.

  • Intel oneAPI Level Zero 1.1 Headers/Loader Released

    The oneAPI Level Zero repository consisting of the Level Zero API headers, Level Zero loader, and validation layer have reached version 1.1. Following last year's big oneAPI 1.0 "Gold" status, Intel's open-source oneAPI effort continues moving along with the Level Zero focus as their low-level, direct-to-metal interface for offload accelerators like GPUs and other "XPU" devices.

  • [Older] A short journey to x86 long mode in coreboot on recent Intel platforms

    While it was difficult to add initial x86_64 support in coreboot, as described in my last blog article how-to-not-add-x86_64-support-to-coreboot it was way easier on real hardware. During the OSFC we did a small hackathon at 9elements and got x86_64 working in coreboot on recent Intel platforms. If you want to test new code that deals with low level stuff like enabling x86_64 mode in assembly, it's always good to test it on qemu using KVM. It runs the code in ring 0 instead of emulating every single instruction and thus is very close to bare metal machines.

Python Programming

  • How to Create a Database in MongoDB Using Python

    There’s no doubt that Python is a powerful—and popular—programming language capable of handling any project we throw its way. It is very flexible and can adjust to suit various development environments like penetration testing to web development and machine learning. When coupled to large applications such as those that require databases, Python adds more functionality and can be hard to work with, especially for beginners. Python knows this add provides us with better ways to add databases to our projects without compromising our workflow using a simple and intuitive NoSQL database. Using Python and a popular NoSQL database, MongoDB, development becomes more comfortable and, all in all, fun. This article will go over various MongoDB database concepts to give you a firm understanding of what it entails. After that, we will cover how to install MongoDB on Linux and show you how to use Python to interact with MongoDB.

  • Python Script to Monitor Network Connection

    The need to have our devices always connected to the internet is becoming more of a basic need than an added privilege. Having applications and devices that need to log, send, and receive data to the outside world is critical. Thus, having a tool that allows you to monitor when your network goes down can help you troubleshoot the network or stop the applications before sending a bunch of log errors. In today’s tutorial, we will build a simple network monitor that continually monitors your internet connectivity by sending ping requests to an external resource. The script we shall create shall also keep logs of when the internet is down and the duration of the downtime:

  • How to Build a Web Traffic Monitor with Python, Flask, SQLite, and Pusher

    If you have a web application running out there on the internet, you will need to know where your visitors are coming from, the systems they’re using, and other such things. Although you can use services such as Google Analytics, Monster Insights, etc., it’s more fun to build a monitoring system using Python, SQL database, and Pusher for real-time data updates. In today’s tutorial, we’ll go over how to create such a tool using Python, Flask, and Pusher. The tutorial is a highly-customized spin-off from a tutorial published on Pusher’s official page.

today's howtos

  • Linux 101: How to copy files and directories from the command line

    Are you new to Linux? If so, you've probably found the command line can be a bit intimidating. Don't worry--it is for everyone at the beginning. That's why I'm here to guide you through the process, and today I'm going to show you how to copy files and folders from the command line. Why would you need to copy files and folders this way? You might find yourself on a GUI-less Linux server and need to make a backup of a configuration file or copy a data directory. Trust me, at some point you're going to need to be able to do this. Let's find out how.

  • How to install Headless Dropbox on Ubuntu Server

    Dropbox can be termed as cloud-based file storage that makes your files available at any given time as long as you are connected to the internet. A local user accesses files by syncing to Dropbox. This aids to automatically update all removed and added files to your cloud-based storage. Most people are curious to know how the headless Dropbox can be installed on an Ubuntu Server. To learn more, follow the article below for detailed information, including screenshots of how the installation process is done.

  • Masterby Books by Michael W Lucas

    Look what was delievered a few days ago! Can’t wait to skill up in both SUDO and PAM modules. Michael W Lucas has written dozens of technical books on some of the most fascinating aspects of systems administration - I’ve read SSH Mastery book in the past and will someday try using FreeBSD for real just because Michael wrote so many books about this wonderful OS.

  • Cloud Native Patterns: a free ebook for developers

    Building cloud native applications is a challenging undertaking, especially considering the rapid evolution of cloud native computing. But it’s also very liberating and rewarding. You can develop new patterns and practices where the limitations of hardware dependent models, geography, and size no longer exist. This approach to technology can make cloud application developers more agile and efficient, even as it reduces deployment costs and increases independence from cloud service providers.

  • I am TheeMahn

    Let’s say you screw up your sources, Keysnatcher will fix them automatically. Nasup, dont have a NAS No Problemo I just told you use 0 memory. I can make it disable the service, I would not want it adding 6 seconds to your boot time. I have 20 Gigabit Networking and really understand. If you do have a NAS I want that picked up off the rip.

  • How to Install and Use the Etcher Tool on Ubuntu

    In most cases, when we’re trying out a new OS, we choose to install it on the main machine, a virtual machine, or to boot alongside another operating system. One of the upsides to using a Linux system is that we can boot using Live media, which makes it possible to test a specific distribution without altering the primary structure. Using bootable media such as USB drives, we can burn an iso image and boot from it or even use it to install the OS. Although there are various ways to create bootable media—UnetBootIn, dd (Unix), Rufus, Disk Utility, etcetera, —having a simple and cross-platform tool can be massively advantageous.

  • What is the difference between Paramiko and Netmiko?

    When it comes to networking, there is a wide range of perspectives, and one cannot master how to interact with all the devices in the real world. However, all networking devices share similar functionality that, when mastered, are automatable. As mentioned in my other tutorials, programmers are lazy and always looking to improve efficiency—thus doing the least work —, and when it comes to automating network-related issues, many often jump at the chance. In today’s quick guide, I’ll introduce you to automating SSH using two popular Python libraries: Paramiko and Netmiko. We will create simple python scripts using the two libraries to automate SSH and interact with network devices. I choose this approach because a guide primarily focused on the differences between Paramiko and Netmiko would be too short—a simple table would suffice—and no-concrete. By taking this approach, you’ll be better able to experiment with them and see which does what and how.

  • How to Use Unison to Synchronize Files Between Servers

    This tutorial will show you how to set up and use the Unison File synchronization tool on Debian systems. Using Unison, you can sync files between two different disks or directories in the same system or two other systems over the network.

  • How to detect the file system type of an unmounted device on Linux

    If you want to store data on a new hard drive or a USB memory stick, what you first need to do is to create a "filesystem" on it. This step is also known as "formating" the drive or the USB stick. A filesystem determines in exactly what format data is organized, stored and accessed on a physical device. It is often necessary to know the type of filesystem created on a hard disk or a USB thumb drive even before mounting it. For example, you may need to explicitly specify filesystem type when mounting a disk device, or have to use a filesystem-specific mount command (e.g., mount.aufs, mount.ntfs).

How to Install yay AUR Helper in Arch Linux [Beginner’s Guide]

This beginner’s guide explains the steps to install the Yay AUR helper in Arch Linux. Read more