Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)

Web Browsers Insecurity

News HTTP Protocol

Recommended Links

Browser Security  References Web servers
Chrome Security IE10 security       Internet Explorer keyboard shortcuts
Links Curl  wget  Lynx Humor Etc

Currently only two browsers provide decent level of Web security: Microsoft IE10 and Google  Chrome:

Browser Security Comparative Analysis: Socially Engineered Malware

The web browser is the primary vector by which malware is introduced to computers. Links in phishing emails, compromised web sites, and trojanized “free” software downloads all deliver malware via web browser downloads.  The web browser is also the first line of defense against malware infection. Browsers must provide a strong layer of defense from malware, rather than defer to antimalware solutions and operating system protections. This test examines the effectiveness of the leading web browsers in blocking malware.

Overall Malware Block Rate by Browser

Overall Malware Block Rate by Browser (higher % is better)

During the testing period, Internet Explorer 10 with App Rep had a mean malware block rate of 99.1%, with App Rep adding 10.6% percent to the 88.5% URL reputation blocking achieved by the browser. Chrome with Google’s Malicious Download Protection had a mean block rate of 70.4%.  However, only 4.5% of the blocked malware was based upon URL reputation; Google’s Malicious Download Protection provided 65.8% additional protection. Firefox and Safari, which have no download protection, were only able to block 4.2% and 4.3% of the malware respectively. 

The four leading browsers were tested against over ninety-one thousand samples of real world malicious software. Major differences in the ability to block malware were observed. Data represented in this report was captured over twenty (20) days through NSS Labs’ unique live testing harness, and provides insight into the built-in protection capabilities of modern browsers, including Chrome, Firefox, Internet Explorer, and Safari.

To put the numbers in perspective, for every twenty encounters with socially engineered malware, Firefox and Safari users will be protected from approximately one attack. That means nineteen out of twenty socially engineered malware attacks against Firefox and Safari users will end up testing the user’s antivirus and/or operating system defenses. Chrome users will be protected from about fourteen of the twenty attacks, leaving their antivirus and operating systems responsible for protecting against six attacks, and IE10 users will generally be protected from all twenty attacks.

Introduction is now converted to a separate article For the pluralism in WEB browsers due to the size. Here is the abstract:

You can slightly improve safety of your browsing (and increase your troubles ;-) by setting IE to high security in internet zone and setting  medium level for "trusted sites" (say Amazon, Hotmail, Youtube)  and/or using Firefox for important for all other sites that does not display correctly with this arrangement (including all downloads). 

Among recommended setting:


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Sep 16, 2018] Firefox peaked at well over 30% [statcounter.com], people were leaving IE in droves taking it from 95%+ to the low 60s before Chrome even existed

Notable quotes:
"... I used the Chrome browser for about seven years. It's a great browser -- fast, snappy, good looking, responsive. Unfortunately, it's controlled by Google, an organization that can no longer be trusted. ..."
"... I went back to Firefox. I don't trust Google and their ad ecosystem. Firefox has its problems, but it doesn't have a multi-billiondollar neoliberal fascist enterprise backing it. ..."
tech.slashdot.org

Kjella ( 173770 ) #57249058 ) Homepage

Re:This is the factual inaccuracy in the summary.. ( Score: 3 )
Sep 07, 2018 | tech.slashdot.org

IE 9 was the first non sucky IE browser and MS was forced to follow webstandards all thinks to Chrome's marketshare (...) All they know is Firefox was slow, and their worksites looked funny which is why it never took more than 15% marketshare.

What a load of bullshit history revisionism being modded up by moderators sucking Google's cock. Firefox peaked at well over 30% [statcounter.com], people were leaving IE in droves taking it from 95%+ to the low 60s before Chrome even existed. Mozilla and Firefox did all the hard work of getting sites to work in something other than IE6 and the decline continued even though Microsoft much improved standards compliance in IE7 and IE8. Yes, Chrome was good but it came long after writing MS specific HTML/CSS was dead.

which is why Google left Gecko

That never happened, Google chose Webkit from the very beginning. Perhaps because they found it better in the first place, but it's not like they built something around Gecko and then abandoned it. Don't get me wrong, Chrome was a good product that took users from Firefox and sent IE from a decline into a free fall. But it was way too late to the party to get any credit for breaking IE's monopoly and forcing Microsoft into standards compliance. Except for all the money Google funneled into Mozilla in return for search results of course, but Chrome basically walked in open doors Firefox had already knocked down.

IGnatius T Foobar ( 4328 ) , Monday September 03, 2018 @02:33PM ( #57246940 ) Homepage Journal

Unfortunately, it's Google. ( Score: 5 , Insightful)

I used the Chrome browser for about seven years. It's a great browser -- fast, snappy, good looking, responsive. Unfortunately, it's controlled by Google, an organization that can no longer be trusted.

This sent me back into the welcoming arms of Firefox (and yes, my search engine is DuckDuckGo).

Luckyo ( 1726890 ) , Tuesday September 04, 2018 @08:13AM ( #57249902 )
Re: Unfortunately, it's Google. ( Score: 4 , Interesting)

We're talking about chromium, and the fact that it in fact does not use system hardware or software decoders. And with semi-recent changes Google made to chomium code, you can no longer just drop in the decoders into appropriate folder to make it work. ›

Waccoon ( 1186667 ) , Thursday September 06, 2018 @07:14AM ( #57262508 )
Re:Unfortunately, it's Google. ( Score: 2 )

I wouldn't say that what they're doing is worse, but I can't stand their ad campaigns championing their respect for privacy.

Google doesn't try to hide the fact they collect data. Mozilla has been caught borderline lying (and semi-backtracking) on too many occasions.

Billly Gates ( 198444 ) , Monday September 03, 2018 @03:02PM ( #57247050 ) Journal
Thanks KDE/Steve Jobs & Google ( Score: 4 , Interesting)

Webkit was a much needed improvement. Also IE 6 websites still dominated many many years after 2000 in 2007/2008 when the first iPhone came out.

Webkit was better and designed to be abstract and multi-platform unlike gecko which was why Chrome switched from gecko to webkit while it was still in alpha. Without Chrome and mobile app support IE 6 would still be here. I was one of those Firefox rebels but it was a geek thing 10 years ago. If I recall it had just 10 to 15% of the market and I had to keep IE around for some websites.

Grandma would see this site not render in Firefox and blame the browser and go back to IE which made webdevelopers scream in frustration.

Though webkit and it's blink cousin are default in all devices and platforms I think it's a good thing we the web returned to where it should be and is now an open standard. Thanks Google, Apple, and the Konqueror project for making this possible.

Anonymous Coward , Monday September 03, 2018 @03:27PM ( #57247148 )
Re:Thanks KDE/Steve Jobs & Google ( Score: 1 )

KHTML was chosen as the basis for WebKit due to being lightweight (140k LoC). After Apple seized control the number of lines of code quickly grew to 14 million (!) This was expected to be better than if Microsoft got control of the project (NaN LoC estimate).

DatbeDank ( 4580343 ) , Monday September 03, 2018 @03:03PM ( #57247054 )
And after 8 Years ( Score: 2 , Insightful)

I went back to Firefox. I don't trust Google and their ad ecosystem. Firefox has its problems, but it doesn't have a multi-billiondollar neoliberal fascist enterprise backing it.

Anonymous Coward , Monday September 03, 2018 @03:52PM ( #57247254 )
Re:And after 8 Years ( Score: 2 , Informative)
I went back to Firefox. I don't trust Google and their ad ecosystem.

Firefox has its problems, but it doesn't have a multi-billiondollar neoliberal fascist enterprise backing it.

LOL....LOL....LOL

Apparently you don't understand where Mozilla gets all their money.

Almost 100% of Mozilla's revenue (currently about $350 Million a year) comes from . . . . . . . GOOGLE!

And Mozilla is just as "neoliberal fascist" as Google. (Forced their CEO to resign because he gave some money to a political campaign they don't like).

AmiMoJo ( 196126 ) writes: < {mojo} {at} {world3.net} > on Monday September 03, 2018 @04:48PM ( #57247446 ) Homepage Journal
Re:And after 8 Years ( Score: 3 )

Chrome doesn't have ads and Google respects Do Not Track, which you can enable in Chrome.

Firefox secretly installed an advertising plugin for a TV show without permission.

Your trust is misplaced. Also, "neoliberal fascist enterprise" makes you sound like a crazy conspiracy theorist.

sremick ( 91371 ) , Monday September 03, 2018 @04:58PM ( #57247468 )
Chrome is the new IE ( Score: 3 , Interesting)

Dumbed down anti-user interface. Arrogant background processes that spawn countless instances and take over your computer. Drive-by unwanted trojan installs as Google greases the palms of every freeware dev to sneak a Chrome install into their app installer. But worst of all now are the "Only works in Chrome" websites:

https://www.theverge.com/2018/... [theverge.com]

Microsoft got raked over the coals for doing all the same shit that Google is now getting a pass for. What the fuck?

All you so-called geeks who champion Chrome are either just out of highschool or you are hypocrites with very short memories.

Babout 7⃣6⃣ ( 5434818 ) , Monday September 03, 2018 @05:42PM ( #57247578 )
amazing how quick ( Score: 3 , Insightful)

amazing how quick the fresh take on the browser became mundane and bloated.

Anubis IV ( 1279820 ) , Tuesday September 04, 2018 @10:11AM ( #57250414 )
Re:amazing how quick ( Score: 2 )
There's noting bloated about Chrome.

Tell that to my RAM usage monitor. I finally had enough headaches with Chrome's memory usage that I gave Firefox a fair shot for several weeks (I gave up due to a thousand small lacks of attention to detail), and now am giving Safari a fair shot for a few weeks.

At this point, I plan to stay with Safari. Though it isn't as full-featured, the current version feels snappier, uses less memory, and does enough of the stuff that I care about to have won me over from Chrome. ›

cascadingstylesheet ( 140919 ) , Monday September 03, 2018 @07:15PM ( #57247888 )
It was so much better than the competition, at the ( Score: 2 )

It was so much better than the competition, at the time.

I'm largely back to FF now. As FF seems to be regaining at least part of its sanity.

[Dec 19, 2017] Wolf Richter Where the Heck is Microsoft's "Edge" (Left Behind for Dead) naked capitalism

Notable quotes:
"... By Wolf Richter, a San Francisco based executive, entrepreneur, start up specialist, and author, with extensive international work experience. Originally published at Wolf Street ..."
Dec 19, 2017 | www.nakedcapitalism.com

By Wolf Richter, a San Francisco based executive, entrepreneur, start up specialist, and author, with extensive international work experience. Originally published at Wolf Street

When Microsoft released its super-duper Windows 10 in July 2015, it aggressively pushed people with Windows 7 and 8 to "upgrade" for free to what has turned out to be highly functional and slickly presented corporate spyware . Since then, Windows 10 has been the default system pre-installed on most desktops and laptops sold in North America. It worked: According to StatCounter, Windows 10 now runs on 49% of all PCs (desktop and laptops) in North America.

All Windows versions combined, including Windows 10, run on 74% of PCs in North America, with Apple's operating systems running on 21%, Chrome OS on 3%, and Linux on 1.6%.

Part of the goal of Microsoft's push to get people to install Windows 10 was to get them to use Edge, the browser that comes with Windows 10, so that Microsoft could more seamlessly track what these people are doing on the Internet. But people are spurning Edge.

This is clear on my own site , where 42% of all sessions currently take place on mobile devices (smartphones 28% and tablets 14%). Laptops and desktops garner 58%. Edge doesn't play a visible role on mobile devices. But given how widespread Windows 10 has become, Edge should be a dominant browser on PCs.

Microsoft lost the Browser War a long time ago – against Google. Edge was supposed to reverse that fate. But Microsoft is now getting totally crushed, despite all its efforts with Windows 10 and Edge.

This is confirmed more broadly by StatCounter: Edge has a share of just 3.8% on PCs, smartphones, and tablets in North America, despite the aggressive methods with which it has been pushed since July 2015.

Even Internet Explorer (IE) – which Microsoft stopped supporting and updating, and which by now has so deteriorated that it crashes constantly and thus has become essentially useless – still has a share of 6.1%.

So for PCs, smartphones, and tablets in North America, these are the current results of the Browser War, according to StatCounter:

Chrome (Google): 49.8% Safari (Apple): 29.2% Internet Explorer 6.1% Firefox (Mozilla): 5.9% Edge 3.8%.

All other browsers combined make up the remaining 5.2%.

After Edge hit the market, its share inched up to 1% by September 2015, to 2% by March 2016, and to 3.8% by September 2017. It has remained stuck at this inconsequential level at the bottom of the heap, far below the major browsers.

Since July 2015:

This chart shows the developments in the Browser War in North America since January 2014 (data from StatCounter). Edge is the red line at the very bottom that is going nowhere:

... ... ...

Ironically, the big winner in all this is Chrome – and the corporation behind it, Alphabet. "Ironically" because Alphabet considers browsing and personal data that it can obtain via Chrome a valuable asset to be horded and monetized endlessly via its advertising empire. And it designed Chrome specifically to facilitate this. So switching from Edge to Chrome isn't doing much to protect your data. It just changes the location where it is stored, analyzed, and monetized. But so be it. People have gotten used to the simple fact that they have become the product.

Bugs Bunny , December 19, 2017 at 9:23 am

Thing about Chrome is that you can adjust settings and set up extensions – both official and those outside Chrome Web Store – to essentially neuter the browser in regards to both data gathering and advertising.

Firefox as well but it is not as fast as Chrome. I think a lot of users are hip to this.

vlade , December 19, 2017 at 9:55 am

The latest version of FFX is pretty swidtsh for me. When I used Chrome for a while, I didn't find it much faster, and the annoyance it brought with google interaction was just not worth it.

Other JL , December 19, 2017 at 8:16 pm

Agreed. If you go to e.g. https://myaccount.google.com/privacycheckup you can see the data that Google collects on you, and it turns out there's quite a lot.

Fortunately that link also lets you disable items. I've certainly customized my settings.

Unrelated, I'm really surprised that FF share is so low. I would have guessed 20%. It's a good browser.

Disclaimer: I am a Google employee, although I don't work on anything related to Chrome or user data.

The Rev Kev , December 19, 2017 at 9:45 am

I've never used Edge as I refused to 'upgrade' to Windows 10 so a question of other commentators here – anybody used this browser that can account for these abysmal figures? It must be a bit of a shocker if it cannot even beat a browser so old that it probably has code for the Mosaic browser buried in it.

Bugs Bunny , December 19, 2017 at 9:52 am

It's slightly faster than IE and has got a very minimalist "digital" interface because MSFT moved the functionalities to hidden menus -- which make it harder to set up to avoid data gathering, etc. What is does have is a native "share" function built in for social networks, which is something that Chrome could use but is just a data gathering tool for MSFT. Have a look at the Wikipedia for more:

https://en.wikipedia.org/wiki/Microsoft_Edge

Louis Fyne , December 19, 2017 at 9:59 am

too bad firefox's share is slowly eroding

If you're on a desktop and use Chrome or MS, try Firefox + "NoScript" or quickjava

your mileage may vary.

Lord Koos , December 19, 2017 at 11:52 am

I was surprised to see Firefox not doing better, I've been using it for years. Very occasionally I will use Chrome if FF can't display a certain page.

I don't get why anyone would use either of the top two, but then I also don't get why so many intelligent people still bank with Chase, BoA, Wells Fargo, etc.

Lord Koos , December 19, 2017 at 11:57 am

On the other hand, I do use Windows 10, but only after going thru some contortions to protect my privacy. It can be done but MS is not making it easy. You have to do some research to get rid of the spyware, and there are some third-party apps that can help.

Dan Lynch , December 19, 2017 at 10:31 am

As Vlade said, Firefox 57 makes it competitive for speed. If you left FF somewhere along the way because it had gotten too slow, consider giving 57 a chance.

Jason Boxman , December 19, 2017 at 11:51 am

It's a shame so many people are stuck using Chrome, a browser with a UI that makes browsing awful if you have more than a few tabs open. It also ships with a built-in ad-blocker, although many sites detect these now and refuse to load if you don't disable it. (Was nice while it lasted.)

I've been using Opera for a decade now. Recent versions are based on Chromium, just like Chrome, so Opera works everywhere Chrome does. (Some sites still stupidly use user-agent strings to check for compatibility, but you can launch Firefox or Chrome for those rare cases.)

RMO , December 19, 2017 at 4:22 pm

I've tried Chrome out on a desktop computer and a few times when I've needed internet access on my Android phone – neither experience impressed me in the least. The generic browser that came with my phone works considerably better than Chrome (not least because it lets me simply look at a damn map rather than trying to get me to install the Google application!) and the desktop version (on a Windows 10 machine) seemed definitely worse than Firefox and no better functionally than IE. I still use IE on my Windows 7 desktop but I do very little online work with it. That computer exists for the purpose of gaming, word processing, spreadsheets and rudimentary photo+video editing. 99% of my internet browsing is done on a Macbook (OS 10.12) using Firefox. The only problem I have with that is that it always crashes when I attempt to quit the program. It doesn't really interfere with work, it's just weird. Incidentally the crash happens even if I reboot the computer, start Firefox, open any webpage (even the most basic) and then try to quit so it's not a case of overloading the computer.

Joel , December 19, 2017 at 12:38 pm

A big issue for browser adoption that you don't know about unless you make websites:

Browser testing. Designers won't test on a browser with low market share, so there's a chance websites won't look as good or work as well on them.

At this point, most designers will test first on Chrome, then on Safari, and then on Firefox. Then maybe maybe they'll test on IE, though there is so much hatred for Microsoft because of the horrors of IE 6 (don't ask, but I'd guess that billions of dollars worth of productivity hours were lost worldwide designing around its flaws) that many will refuse. That's FOUR browsers to have to test on. Now you say I have to test on a fifth? And why shouldn't that fifth browser be the default Android browser that many mobile users are still on?

Michael Fiorillo , December 19, 2017 at 2:57 pm

Nothing dulls faster than The Cutting Edge.

pete , December 19, 2017 at 3:11 pm

I remember refusing to upgrade to windows 10 for a very long time then I got concerned about security and I actually paid to upgrade I really regret it and cant decide if i should try to go back to 8.

Steve , December 19, 2017 at 6:13 pm

Microsoft catches a lot of flak for being insecure but in reality it is 3rd parties that create the security holes. Edge makes your browsing more secure by only supporting HTML5 and blocking other technologies like ActiveX and VBScript. It also sandboxes your browser so that a web page doesn't have direct control or access to the rest of the computer. Unfortunately, this means that many websites "don't work" on Edge but people blame the browser rather than the website.

[Dec 07, 2017] Firefox browser, which nowadays has its built-in feature called Reader View. This strips extraneous sidebars, fancy formatting and ads etc out of a web page and presents the text and its inline photographs in a comfortably narrow column

Dec 07, 2017 | www.moonofalabama.org

Grieved | Dec 6, 2017 7:26:32 PM | 67

Anyone having problems with the margins being broken by the long link may want to download the free and standards-compliant Firefox browser, which nowadays has its built-in feature called Reader View. This strips extraneous sidebars, fancy formatting and ads etc out of a web page and presents the text and its inline photographs in a comfortably narrow column with comfortably large size font - unaffected by the weirdness of long links that don't wrap. It's a beautiful way to read a long article and it works great on MoA, including the comments.

The thought here is that one could gripe all through the thread or one could fix it for one's own comfort, and tolerate the fact that it happens sometimes.

There is that ancient teaching that says we could cover the entire world surface with leather to make it comfortable to walk on, or we could line the soles of our feet instead. And not blame the world for its ups and downs.

~~

Just to bring it all back on topic, in a way trying to cover the world with leather is what the Israelis are doing, blaming others for the fact that they don't own the land they covet, and deciding that, rather than go find somewhere of their own, they would just take some from someone else.

[Dec 26, 2016] Googler A Command Line Tool to Do Google Search from Linux Terminal

Dec 26, 2016 | www.tecmint.com
Features of Googler
  1. Offers access to Google Search, Google Site Search, Google News.
  2. It is fast and clean with custom colors and no ads, stray URLs or clutter included.
  3. Allows navigation of search result pages from omniprompt.
  4. Supports fetching of number of results in a go, users can start at the nth result.
  5. Users can disable automatic spelling correction and search exact keywords.
  6. Supports limiting of search by attributes such as duration, country/domain specific search (default: .com ), language preference.
  7. Supports Google search keywords in the form filetype:mime , site:somesite.com and many others.
  8. Permits non-stop searches: start new searches at omniprompt without exiting.
  9. Supports HTTPS proxy services.
  10. Ships in with a man page which includes examples, shell completion scripts for Bash, Zsh and Fish.
  11. Users can optionally open first search result in a web browser.
How To Install Googler in Linux

Users of Ubuntu Linux and its derivatives such as Linux Mint , Xubuntu can install it via this PPA by executing the commands below:

Important: If in case above installation instructions fails to install Googler, then you need to install it from source using latest version as shown.

Other distributions can install Googler from source using following instructions.

First download the latest version of Googler (at the time writing the latest version is v2.9).
$ cd Downloads
$ wget -c https://github.com/jarun/googler/archive/v2.9.tar.gz
$ tar -xvf v2.9.tar.gz
$ cd googler-2.9
$ sudo make install
$ cd auto-completion/bash/
$ sudo cp googler-completion.bash /etc/bash_completion.d/


How to Use Googler in Linux Terminal

The following are some examples showing how Googler works in Linux, the basic command below will show information about tecmint.com:
$ googler tecmint.com

[Dec 26, 2016] 3 open source command-line web browsers Opensource.com

Dec 26, 2016 | opensource.com
Let's take a trip back in time to the early, simpler days of the web. A time when most of us used low-powered PCs or dumb terminals, often over slow dial-up connections. We generally visited web pages using command-line, text-only browsers like the venerable Lynx .

Jump forward to these days of web browsers like Firefox, Chrome, and Safari. You'd think that browsing the web at the command line would have gone the way of the <blink> tag. You'd be wrong. Web browsers that run in a terminal window are alive and kicking. They're niche, but still get the job done.

Why browse the web from the command line?

There are any number of reasons for browsing the web from the command line. You might be a command line junkie who wants to do everything from the terminal or you might have a slow internet connection. You might want to test a website's accessibility, avoid tracking scripts and annoying advertising. Or, you might just want to read an article or blog post without distractions.

With that out of the way, let's take a look at three browsers for the command line.

Links2

Links2 bills itself as the graphical version of the venerable Links . It's a lot like its predecessor in that it gives you the option to run either in text-only mode or graphical mode.

When you start it by typing links2 at the command line and go to a website, the result is something like this:

links2.png

Reading an Opensource.com article with Links2.

But when you run links2 -g then visit a site, the result is something like this:

links2-graphical.png

Reading an Opensource.com article with Links2 in graphical mode.

That's not the only trick that Links2 can do. The browser can display frames and tables, and supports basic JavaScript. You can also use your mouse to follow hyperlinks whether you're in text or graphical mode.

ELinks

Like Links2, ELinks is a fork of the Links browser. And like Links2, ELinks can display tables and frames. While it supports using a mouse to follow hyperlinks, ELinks lacks support for Javascript.

One feature that makes ELinks stand out from other command line browsers is its menu system. Press ESC on your keyboard display a set of menus that let you enter and save URLs, add bookmarks, set up the browser, and more.

elinks-menus.png

Using the menus in ELinks.

ELinks lacks a graphical mode, but it does have a nifty feature that lets you view images on a web page. Either click the placeholder for the image or highlight it and press v on your keyboard. ELinks opens the image with an application like ImageMagick or GraphicsMagick.

elinks-view-image.png

Displaying an image from a web page.

w3m

When I first fired up w3m , it reminded me of a cross between the classic text-based browser Lynx and the UNIX/Linux text viewer more . While it might not have as many features as the other browsers I discuss in this article, w3m gets the job done.

You can navigate web pages using a mouse, and the browser will render tables and even accept cookies. Like ELinks2, w3m lets you view images on a page using an external program. The browser doesn't do JavaScript, though.

As far as the important job of rendering web pages, w3m does a better job than Links2 or ELinks even with complex pages. The rendering is clean and colorful.

w3m.png

Viewing a web page with w3m.

w3m doesn't use the same keyboard shortcuts as other command line browsers, so get ready to learn some new ones. You can do that by pressing H while running w3m.


Have a favorite command line web browser? Feel free to share it with our community by leaving a comment.

[Dec 26, 2016] Opera Developer Comes With Address Bar Speculative Prerenderer Feature

Dec 26, 2016 | tech.slashdot.org
(opera.com) 59 Posted by msmash on Monday December 05, 2016 @09:40AM from the strange-features dept. Earlier this month, Opera announced a new interesting feature with Opera 43 developer that predicts the website you're about to go to. The company explains: There are two ways we can predict what page the user will soon load. When the current page tells us so, and when we can determine from the users actions that they are about to load something. Pages can use the tag, and for instance Google uses that for search results if they are pretty sure of what you will load next. When someone writes in the address bar they are humanly slow. Sometimes it is obvious what they will write after just 1-2 characters but they will just keep writing or arrowing through suggestions for millions or billions of wasted clock cycles. We expect this feature to results in an average of 1 second faster loads from the address bar . The company insists that this feature saves time and energy without compromising the security. What's your thought?

[Dec 26, 2016] Most Firefox Users Still Running Windows 7

Dec 26, 2016 | news.slashdot.org
(softpedia.com) 207 Posted by msmash on Monday December 19, 2016 @12:25PM from the expectations-vs-reality dept. Microsoft is pushing hard for Windows 10 to become the operating system of choice for everyone across the world, but this isn't happening just yet, as Windows 7 keeps dominating the desktop market. From a report on Softpedia: The Firefox Hardware Report published recently by Mozilla shows that Windows 7 is the number one browser for users running the company's browser, with a share of 44.86 percent , followed by Windows 10 with 25.67 percent. Seeing Windows 7 dominating the desktop OS charts is not surprising, but on the other hand, it's living proof that Microsoft will really have a hard time moving users to Windows 10 before 2020 when it reaches end of support. Microsoft's Windows 10, however, already improved substantially since its launch in 2015, mostly thanks to the free upgrade offer targeting Windows 7 and 8.1 users, but this still isn't enough to become the number one choice for PC users.

[Dec 26, 2016] Firefox Takes the Next Step Towards Rolling Out Multi-Process To Everyone

Dec 26, 2016 | news.slashdot.org
(arstechnica.com) 152 Posted by BeauHD on Wednesday December 21, 2016 @09:45PM from the play-catch-up dept. An anonymous reader quotes a report from Ars Technica: With Firefox 50, Mozilla has rolled out the first major piece of its new multi-process architecture. Edge, Internet Explorer, Chrome, and Safari all have a multiple process design that separates their rendering engine -- the part of the browser that reads and interprets HTML, CSS, and JavaScript -- from the browser frame. They do this for stability reasons (if the rendering process crashes, it doesn't kill the entire browser) and security reasons (the rendering process can be run in a low-privilege sandbox, so exploitable flaws in the rendering engine are harder to take advantage of). Moreover, these browsers can all create multiple rendering engine processes and use different processes for different tabs. This means that the scope of a crash is narrowed even further, typically to a single tab. Internet Explorer and Chrome both implemented this long ago, in 2009. Firefox, however, has not offered a similar design. Although work on a multi-process browser was started in 2009, under the codename Electrolysis , that work was suspended between 2011 and 2013 as priorities within the organization shifted. In response, Mozilla started switching to a new extension system in 2015 that opened the door to a multi-process design. The first stage of Firefox's move to multi-process involves separating the browser shell from a single rendering process that's used by every tab. In Firefox 48 , that feature was enabled for a small number of users who used no extensions. Firefox 49 was rolled out to include users running a limited selection of extensions. Now, in Firefox 50, a separate renderer process is used for most users and most extensions . Developers are now able to mark their extensions as explicitly multi-process compatible. Firefox 51 will extend this even further to cover all extensions, except those that are explicitly marked as incompatible. Mozilla says that, even with the limited changes made in Firefox 50, responsiveness of the browser has improved by 400 percent due to the separation between the renderer and the browser shell. During page loads, responsiveness will increase to 700 percent.

[Dec 26, 2016] Chrome 55 Now Blocks Flash, Uses HTML5 By Default

Dec 26, 2016 | news.slashdot.org
(bleepingcomputer.com) 98 Posted by EditorDavid on Saturday December 03, 2016 @12:39PM from the Flash-in-the-can dept. An anonymous reader quotes Bleeping Computer: Chrome 55, released earlier this week, now blocks all Adobe Flash content by default , according to a plan set in motion by Google engineers earlier this year ... While some of the initial implementation details of the "HTML5 By Default" plan changed since then, Flash has been phased out in favor of HTML5 as the primary technology for playing multimedia content in Chrome.

Google's plan is to turn off Flash and use HTML5 for all sites . Where HTML5 isn't supported, Chrome will prompt users and ask them if they want to run Flash to view multimedia content. The user's option would be remembered for subsequent visits, but there's also an option in the browser's settings section, under Settings > Content Settings > Flash > Manage Exceptions, where users can add the websites they want to allow Flash to run by default.
Exceptions will also be made automatically for your more frequently-visited sites -- which, for many users, will include YouTube. And Chrome will continue to ship with Flash -- as well as an option to re-enable Flash on all sites.

[Sep 12, 2016] Sean Michael Kerner

Sep 12, 2016 | www.internetnews.com

BitTorrent is one of the most popular mechanisms for peer-to-peer (P2P) file sharing. For the most part BitTorrent client applications have been standalone tools, but now, thanks to open source startup AllPeers, Firefox users can take advantage of BitTorrent inside of their browsers.

"With AllPeers you just click on a link for a torrent and it's just like downloading a normal file; you can download it right in the browser," Matthew Gertner, Allpeer CTO, told InternetNews.com . "With a feature called Social BitTorrent, which is totally unique to AllPeers, when I start to download files from a Torrent, I can use the same drag and share feature to share with others. It's the path of least resistance for sharing files."

AllPeers has been providing P2P file sharing for over two years already, though until now the company was limited to its own private network for peers. With the BitTorrent capability, the technology has now expanded the number of files available to its users.

The BitTorrent capabilities are not, however, as full or complete as many standalone BitTorrent clients. AllPeers does not allow its users to create their own torrent trackers, instead making them rely on existing torrent tracker files.

Instead of one file download, the BitTorrent protocol separates the file into multiple chunks, which are then shared and downloaded via multiple sources. The system is also set up so that while users are downloading a file, they are sharing it at the same time by uploading chunks they've already downloaded to others in the torrent swarm. In order to share the files through a torrent, a "tracker" file is needed.

The reason AllPeers doesn't allow for the torrent tracker creation, Gertner said, has to do with both legal and technical reasons. Essentially AllPeers is afraid of the potential legal risk it might be exposed to if one of its users created a torrent tracker for a file they were not legally allowed to share.

It's the same reason AllPeers doesn't include a torrent search capability.

"We didn't want that [search], either, because they might not be authorized and we didn't want to be a source for that," Gertner said.

That being the case, AllPeers users do have their own friend networks that Gertner expects will also become discovery networks for torrents. It is the social aspect that Gertner expects will set AllPeers apart from its peers.

Among those peers is the Opera browser which has integrated BitTorrent capability for two years. Gertner noted that, while the AllPeers client is free like Opera is, it's open source, which Opera is not.

He added that when they began development of AllPeers, they had no contact with Mozilla whatsoever. That's turned into a partnership of sorts, that has AllPeers distributing a customized version of Firefox that includes the AllPeers extension that users can load themselves.

"We're doing some new things that have a potentially positive effect on Firefox's market share," Gertner said. "As AllPeers grows its user base, people will want their friends to use Firefox so they can connect."

Though AllPeers is all about Mozilla, it does recognize the fact there are other browsers out there, namely Microsoft's Internet Explorer.

"We still see a lot of potential to grow in the Firefox community," Gertner said. "But I'm sure one day we'll have an IE version." Gertner said he even knows how he would build one.

An AllPeers for IE extension would be based on Mozilla's XULrunner, which is a standalone version of the Mozilla Framework, which could then interface with IE.

Though AllPeers is open source it isn't run as a non-profit. The goal is to make money eventually. "Right now we're venture financed," Gertner said. "The goal is to build the business model after we build our user base. We're not immediately trying to monetize."

[Sep 26, 2015] Intelligent System Hunts Out Malware Hidden In Shortened URLs

Sep 26, 2015 | tech.slashdot.org
Posted by timothy
An anonymous reader writes: Computer scientists at a group of UK universities are developing a system to detect malicious code in shortened URLs on Twitter. The intelligent system will be stress-tested during the European Football Championships next summer, on the basis that attackers typically disguise links to malicious servers in a tweet about an exciting part of an event to take advantage of the hype.

Anonymous Coward

Shouldn't browsers be changed to not simply follow the redirect, but ask the user first?

Zontar The Mindless

For TinyURL, you can enable preview of the full URL here [tinyurl.com]. Uses a cookie, though.

Anonymous Coward on Saturday September 26, 2015 @06:37AM (#50603143)

I can connect to the server and retrieve the redirect information manually. Works for all of them. But it's a) inconvenient, and b) not something everyone is able to do. Some addons seem to be available, but they don't do things nicely.

1) Patch the page directly (not just retrieve the data on mouse over), making it less original

2) Even retrieve the title of the redirection target (just that connection is enough to validate the existence of an email address)

My requirements are:

- shall not connect to the host of the shortened url (or any other -- no distinction between "normal" and shorted urls) unless clicked

- shall not connect to the the redirect target unless confirmed by the user, or the target is on the same host

Zontar The Mindless

Whatever. I despise shorteners, don't use them myself, and generally refuse to follow shortened URLs. Just bored and trying to be helpful.

[Feb 26, 2013] Microsoft ships IE10 for Windows 7 by Gregg Keizer

February 26, 2013 | Computerworld
Microsoft today released a final version of Internet Explorer 10 (IE10) for Windows 7, nearly two years after it introduced the browser at a company conference.

Customers who had earlier installed the IE10 preview will be the first to receive the upgrade through Windows Update. Others running IE9 on Windows 7 will be automatically upgraded "in the weeks ahead,"

[Feb 26, 2013] Google fixes 22 flaws in Chrome, slams silent add-ons by Gregg Keizer

Google has created a dictation demonstration of the Web Speech API that users can try out with Chrome 25.

February 22, 2013 | Computerworld

Google has created a dictation demonstration of the Web Speech API that users can try out with Chrome 25.

Google yesterday released Chrome 25, patching 22 vulnerabilities and debuting a new security feature that blocks silent installations of add-ons.

Chrome 25 also patched 22 vulnerabilities, two fewer than January's Chrome 24. Google labeled nine of the flaws as "high," the company's second-most-serious threat rating, eight as "medium," and five as "low."

Five of the vulnerabilities were reported to Google by three outside researchers, who received $3,500 for their work. So far this year, Google has paid out $10,500 from its bug bounty program

[Nov 25, 2012] Browser Guard 2011

We really need something for IT that blocks sites which has DNS just registered.

Trend Micro USA

Proactively protect your browser against new web threats. Browser Guard 2011 has zero-day vulnerability prevention and protects against malicious JavaScript using advanced heuristics and emulation technologies.

Browser Guard is quickly and continuously updated to deliver the most secure and up-to-date technology. The latest version includes detection enhancement for Web Trojans, and for tracing infection chains

[Nov 25, 2012] Trend Micro Browser Guard v2.0

Trend Micro Browser Guard 2010 is an Internet Explorer plug-in that monitors the pages you visit to protect you from malicious JavaScript.

The program works entirely automatically, so there are no complex settings to consider, no configuration worries at all. Just install it and Browser Guard will analyse any JavaScript on the pages you visit, detecting buffer overflow and heap spray attacks, blocking attempts to execute shell code, and generally keeping you just a little safer online.

While you might expect this extra layer of protection would slow down your browsing a little, there was no noticeable change on our test PC (and IE told us the add-on took a mere 0.03 seconds to launch). If you're running an old underpowered laptop then maybe you'll see a performance impact, but otherwise there are unlikely to be any problems.

Otherwise the program seems very compatible, running on 32 or 64-bit Windows XP, Vista or 7, and all versions of Internet Explorer from 6 to 9.0, and is most unlikely to conflict with any other security software. So if you use IE, even only occasionally, then Browser Guard 2010 offers an easy way to gain a little extra protection from malicious websites.

[Nov 25, 2012] Plain Old Favorites Firefox plugin for Synchronization of IE and Firefox bookmarks

Plain Old Favorites – Creates a Favorites link on your Firefox menu bar and displays your IE favorites from there.

https://addons.mozilla.org/en-US/firefox/addon/plainoldfavorites/

BrowserWatch is the leading site for information about browsers and plug-ins.

Integrating a Command Shell Into a Web Browser

The Browser-Shell

In order to create scripts of commands, we embedded Tcl [18] into LAPIS. Tcl was chosen partly because of its syntactic simplicity, and partly because a good Java implementation was available [5]. Tcl is also well-suited to interactive command execution.

Instead of presenting a Tcl interpreter in a separate window, LAPIS integrates the interpreter directly into the browser window. Tcl commands may be typed into the Location box. The typed command is applied to the current page, and its output is displayed in the browser as a new page that is added to the browsing history.

Using the Location box as a command line has several advantages. The page generated by a command can be browsed like a page generated by a URL. The browsing interface - Back, Forward, Stop, and Reload - also applies to command outputs. The Back button returns the browser to the previous page, Stop aborts a long-running command, and Reload runs the command again.

Since either a URL or a command can be typed into the Location box, LAPIS must be able to distinguish between them. The problem is trivial if the typed entry begins with a protocol prefix, such as http: or file:, and LAPIS also recognizes the protocol cmd: for invoking a command unambiguously. If the typed entry does not begin with a prefix, LAPIS tries every possible interpretation: first as a command to execute, then as a filename to display, then as a domain name for a web server. This is an extension of the heuristics already used by the Location box of most web browsers.

For security reasons, LAPIS only executes a cmd: URL if it originates locally - e.g., if it is typed into the Location box or found in a page loaded from the local filesystem. A link in a remote web page cannot invoke a Tcl command.

Browsers for Command Line Warriors.

Links.

As it turned out, I already had a copy of the links browser. It had been installed with the initial Mandrake distribution.

As I said above, I believe the best way to experience the new software is to use the native key-map, if there are alternatives offered. In the case of links, the keystrokes are (mostly) lynx compatible, so I did not have much to re-learn. In any case there did not seem to be alternative maps.

For someone who has grown used to the rude and grungy output from lynx, the layout in links is much slicker. The support for tables looks good. The screen also feels fast. I would have thought that both links and lynx would be using raw rather than cooked termio calls. Nevertheless the links programmers seem to have got a little closer to the metal. Now I probably shouldn't speculate without looking at the source. However, it certainly feels smoother. Sometimes getting closer to the hardware can be a disadvantage, although I did not find any obvious problems.

Initially I thought I did have a problem. I had some difficulty using the mouse. I pressed "g" to go to a new URL, and a high-lighted box popped up. Very flash, I thought (well, Ok we are talking system console here, I'm sure that all you GUI snobs would be underwhelmed by this eighties' technology). However, I could not paste text into this box from another virtual console. Also I couldn't cut text from the links screen. This will be a be a major nuisance, I thought. It turned out that links had been too smart for me. The reason the mouse behaved strangely was that links had detected the mouse and was actually working with mouse support. Unfortunately it was configured for a three button mouse, and my two-button mouse does not emulate three-button support. I did not pursue it further. This would be a giant leap forward! Finally in the 21st Century, I might start using a mouse with my console browser. Ok let's not get too excited.

Like its' older brother, links boasts the ability of passing image files to a viewer such as zgv. This looks like a handy feature, since it would enable previewing graphics files without starting up an X session. Unfortunately I do not have svga installed, so I will have to install it when I get a chance. I will update this review with any information when I do. In fact this feature can be used to pass the file to any application. Also like lynx, the other possibility mentioned in the documentation is Xloadimage, an X-based image viewer. This seems less useful. If I was already in an X session, I would use a GUI browser like Mozilla or Konqueror.

Also I could not get links to work with the oracle Metalink site. Let me first recap on the way that lynx behaves when I visit Metalink. I get an error message that appears as follows:

Alert!: Access without authorization denied -- retrying
Next, after a brief interval, a prompt appears at the bottom of the screen and asks me for my login. And I can login as normal. Furthermore, I could add that when using GUI browsers like Mozilla, a dialog box opens when I click login. Such dialog boxes are typical of Javascript.

Links, however does not work at all. Instead I get the following error message:

                                    401 Authorization Required

                    Authorization Required

    This server could not verify that you are authorized to access the
    document requested. Either you supplied the wrong credentials (e.g., bad
    password), or your browser doesn't understand how to supply the
    credentials required.
And I cannot seem to get any further. I have not investigated the problem in detail. However, I thought it might be a user agent string problem. I am not sure if the Oracle site indulges in Browser Sniffing (see Agent Strings in Popular Browsers), but if they do, it might explain this behaviour. Or it could be a bug in the links software. I was testing version 0.96 which is just a BETA release. I would need to do further testing to determine what the actual problem is.

Nevertheless I thought I would try cloaking the browser to see if this would help my problem. I spent nearly half an hour searching for where links specifies the user agent string, and I could not find it. In lynx, you can find this in the option screen (by pressing "o"). I tried a web-search to see if I could discover where links might keep this information. Unfortunately the keyword links is not a very distinctive keyword to base a search on. Still if anyone knows how to specify the user agent string, can you drop me a line?

I spent some time trying to figure how links calls an editor to edit a local file. Eventually I resorted to RTFM and found that links is designed to be called by the editor, rather than call the editor. Actually when I think about it, this approach has its' good points.

Complaints:

I would like to find where I can change the user agent string. Not that I want to do this often. But if I ever did, I would like to know where it is. I am sure I could find it with a bit more research, but it should have been a little more obvious.

I may be just grizzling, but I could not find an option to scroll up or down by a half screen. Some equivalent of the "(" and ")" keys in lynx would be handy. Ok, I am just grizzling. After a while I found that Ctrl-N and Ctrl-P move up and down by one line.

Also I found it tedious that I had to type "http://" in front of some URLs (e.g. localhost). There is probably some way to alter this behaviour. But most browsers automatically add an "http://" when the first GET fails.

Pressing "/" takes me into the search mode. This is almost a standard key for searching on unix systems. One annoying feature is that the search does not immediately take me to the first occurrence. It only goes there when the "n" (next) key is pressed. Ok, it's just a niggle. I would get used to it if I was using the software regularly.

Summary:
Links is a good plain text browser. For lynx users, the transition should be fairly painless. The rendering and mouse support is very good. However, I would be reluctant to cite table and mouse support as a reason for changing to a different text browser. Anyone who feels strongly about rendering tables would stick to a GUI browser.

I liked the layout and the default colours. I also appreciated that links shows italicised text in a different colour. It was the only one of these three browsers which had this capability.



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

 

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: December, 26, 2017