Odprtokodni pogled

Opensource view

Arstechnica

Syndicate content Open Source – Ars Technica
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Posodobljeno: 43 min 58 sec nazaj

Google partially backtracks on Chrome changes that would break ad blockers

Pon, 02/18/2019 - 18:35

Google has said that it will revise the proposed changes to Chrome's extension API that would have broken or reduced the functionality of a wide range of ad-blocking extensions, to ensure that the current variety of content-blocking extensions is preserved. The initial plans generated a wide backlash from both the developers and users of those extensions, but Google maintains that "It is not, nor has it ever been, our goal to prevent or break content blocking" [emphasis Google's] and says that it will work to update its proposal to address the capability gaps and pain points.

The advertising company is planning an overhaul of its extension interface to, among other things, increase user privacy, make it harder for extensions to perform malicious actions, and make the browser's performance more consistent. Together, this work is documented as Manifest V3.

One of these changes in particular had grave consequences for ad blockers. Currently, ad blockers make extensive use of an API named webRequest. This API allows extensions to examine every single network request made by a page and either modify it (to, for example, redirect it to a different address or add or remove cookies), block it altogether, or allow it to continue unhindered. This has both a substantial privacy impact (an extension can see and steal your cookies and hence masquerade as you) and, Google said, some performance impact, as every single network request (of which there may be dozens in a single page) has to wait for the extension to perform its analysis.

Read 7 remaining paragraphs | Comments

Opera shows off its smart new redesign that’s just like all the other browsers

Čet, 02/14/2019 - 17:46

Enlarge / Both the new dark view and light view look good. (credit: Opera)

Opera has unveiled a new look and feel for its browser. Expected to ship in version 59 and codenamed "Reborn 3" (R3), the new appearance adopts the same square edges and clean lines that we've seen in other browsers, giving the browser a passing similarity to both Firefox and Edge.

The principles of the new design? "We put Web content at center stage," the Opera team writes on its blog. The design is pared down so that you can browse "unhindered by unnecessary distractions." Borders and dividing lines have been removed, flattening out parts of the browser's interface and making them look more uniform and less eye-catching. The new design comes with the requisite dark and light modes, a welcome trend that we're glad to see is being widely adopted.

Being Web-centric is not a bad principle for an application such as a browser, where the bulk of the functionality and interest comes from the pages we're viewing rather than the browser itself. At first blush, I think that Opera has come up with something that looks good, but it does feel like an awfully familiar design rationale.

Read 3 remaining paragraphs | Comments

Mozilla to use machine learning to find code bugs before they ship

Tor, 02/12/2019 - 23:15

Ubisoft's Commit-Assistant

In a bid to cut the number of coding errors made in its Firefox browser, Mozilla is deploying Clever-Commit, a machine-learning-driven coding assistant developed in conjunction with game developer Ubisoft.

Clever-Commit analyzes code changes as developers commit them to the Firefox codebase. It compares them to all the code it has seen before to see if they look similar to code that the system knows to be buggy. If the assistant thinks that a commit looks suspicious, it warns the developer. Presuming its analysis is correct, it means that the bug can be fixed before it gets committed into the source repository. Clever-Commit can even suggest fixes for the bugs that it finds. Initially, Mozilla plans to use Clever-Commit during code reviews, and in time this will expand to other phases of development, too. It works with all three of the languages that Mozilla uses for Firefox: C++, JavaScript, and Rust.

The tool builds on work by Ubisoft La Forge, Ubisoft's research lab. Last year, Ubisoft presented the Commit-Assistant, based on research called CLEVER, a system for finding bugs and suggesting fixes. That system found some 60-70 percent of buggy commits, though it also had a false positive rate of 30 percent. Even though this false positive rate is quite high, users of this system nonetheless felt that it was worthwhile, thanks to the time saved when it did correctly identify a bug.

Read 3 remaining paragraphs | Comments

With experimental “Never slow mode,” Chrome tries to stop Web devs making it slow

Sre, 02/06/2019 - 01:10

Enlarge / Google wants less of this. (credit: Vegansoldier / Flickr)

Since Chrome's very first release, performance has been one of Google's top priorities. But Google is against a competing force: Web developers. The Web of today is a more complex, bandwidth-intensive place than it was when Chrome was first released, which means that—although Internet connections and the browser itself are faster than they've ever been—slow pages remain an everyday occurrence.

Google engineers have been developing "Never Slow Mode" in a bid to counter this. Spotted at Chrome Story (via ZDNet), the new mode places tight limitations on Web content in an effort to make its performance more robust and predictable.

The exact design and rationale of Never Slow Mode aren't public—the changelog for the feature mentions a design document but says it's currently Google-internal. But taken together, that design and rationale will ensure that the browser's main thread never has to do too much work and will never get too delayed. They will also ensure that only limited amounts of data are pulled down over the network. This should make the browser more responsive to user input, lighter on the network, and a bit less of a memory hog than it would otherwise be.

Read 4 remaining paragraphs | Comments

Firefox taking a hard line against noisy video, banning it from autoplaying

Tor, 02/05/2019 - 16:45

Enlarge / No red pandas were harmed in the making of this image, I promise. (credit: Aurich / Getty)

Last year, Chrome introduced changes to try to prevent the persistent nuisance that is pages that automatically play noisy videos. Next month, Firefox will be following suit; Firefox 66, due on March 19, will prevent the automatic playback of any video that contains audio.

Mozilla's plan for Firefox is a great deal simpler and a great deal stricter than Chrome's system. In Chrome, Google has a heuristic that tries to distinguish between those sites where autoplaying is generally welcome (Netflix and YouTube, for example) and those where it isn't (those annoying sites that have autoplaying video tucked away in a corner to startle you when it starts making unexpected sounds). Firefox isn't doing anything like that; by default, any site that tries to play video with audio will have that video playback blocked.

Firefox users will be able to grant autoplay audio permission on a site-by-site basis.

Firefox users will be able to override this block on a site-by-site basis, so those sites where autoplay is inoffensive can have it re-enabled. This permission is automatically extended to sites that have previously been granted access to microphones or webcams, so that audio and video communications apps built using WebRTC will work as expected. Firefox will also allow muted video to play back automatically.

Read on Ars Technica | Comments

Emulator project aims to resurrect classic Mac apps and games without the OS

Sre, 01/23/2019 - 21:55

Want to be able to run classic Mac OS applications compiled for the Motorola 68000 series of processors on your ever-so-modern Mac OS X machine? Or maybe you'd rather run them on a Raspberry Pi, or an Android device for that matter? There's an emulation project that's trying to achieve just that: Advanced Mac Substitute (AMS).

Emulators of older computer platforms and game consoles are popular with vintage game enthusiasts. But emulators also could be attractive to others with some emotional (or economic) attachment to old binaries—like those with a sudden desire to resurrect aged Aldus PageMaker files.

Advanced Mac Substitute is an effort by long-time Mac hacker Josh Juran to make it possible to run old Mac OS software (up to Mac OS 6) without a need for an Apple ROM or system software. Other emulators out there for 68000 Mac applications such as Basilisk II require a copy of MacOS installation media—such as install CDs from Mac OS 7.5 or Mac OS 8. But AMS uses a set of software libraries that allow old Mac applications to launch right within the operating environment of the host device, without needing to have a full virtual hardware and operating system instance behind them. And it's all open source.

Read 4 remaining paragraphs | Comments

Google planning changes to Chrome that could break ad blockers

Sre, 01/23/2019 - 21:30

Google is planning to change the way extensions integrate with its Chrome browser. The company says that the changes are necessary for and motivated by a desire to crack down on malicious extensions, which undermine users' privacy and security, as part of the company's continued efforts to make extensions safer. The move also means that popular ad blocking extensions such as uBlock Origin and uMatrix will, according to their developer, no longer work.

The plans, called Manifest V3, are described in a public document. Google is proposing a number of changes to the way extensions work. The broad intent is to improve extension security, give users greater control over what extensions do and which sites they interact with, and make extension performance more robust. For example, extensions will no longer be able to load code from remote servers, so the extension that's submitted to the Chrome Web store contains exactly the code that will be run in the browser. This prevents malicious actors from submitting an extension to the store that loads benign code during the submission and approval process but then switches to something malicious once the extension is published. In a bid to discourage extensions from asking for blanket access to every site, Manifest V3 also changes the permissions system, so universal access can no longer be demanded at extension install time.

The problem for ad blockers comes with an API called webRequest. With the current webRequest API, the browser asks the extension to examine each network request that the extension is interested in. The extension can then modify the request before it's sent (for example, canceling requests to some domains, adding or removing cookies, or removing certain HTTP headers from the request). This provides an effective tool for ad blockers; they can examine each request that is made and choose to cancel those that are deemed to be for ads.

Read 8 remaining paragraphs | Comments

Unlimited private repositories now available to free GitHub users

Tor, 01/08/2019 - 01:03

Octocat, the GitHub mascot. (credit: Github)

The significant change to GitHub announced today by CEO Nat Friedman might be the first major change since Microsoft bought the company last year: free accounts can now create private repositories.

GitHub has become the home for a huge number of open-source projects. Some of these are major, widely used projects such as the Node.js server-side JavaScript platform, but many of them are small, personal projects, half-written programs, and experiments. These projects are typically open-source not because their authors have any particular desire to share them with the world but because GitHub gave them no choice: free GitHub accounts could only create public repositories.

As such, GitHub represented a trade-off: you could use GitHub's services for free, but you had to share. If you didn't want to share, you had to pay.

Read 4 remaining paragraphs | Comments

TIL: Firefox has a little-known feature to spare your blushes on the new-tab page

Pon, 01/07/2019 - 20:48

Enlarge / That "Top Sites" section should never contain anything too embarrassing.

For many of us, our browsers' new-tab pages are something of a liability. Whichever browser you use, they all follow a fairly similar style: a bunch of boxes linking to the sites that we use and visit regularly. This is great when your regular sites are Ars, Gmail, and Twitter. But all too often, sites of a less salubrious nature find their way onto our new-tab pages, disclosing to the world our dirty habits when nobody's watching. While we can, of course, clean up our new-tab pages by Xing out the buttons for the offending sites, a moment of inattention can all too easily expose our pornographic predilections to the world.

But one browser is working to protect our secrets: Firefox. A redditor spotted (via ZDNet, Techdows) that Firefox contains code to spare your blushes. The browser contains a hard-coded list of adult site domains, and if one of your most-visited sites is one of those domains, it will automatically be hidden from the new-tab page. As long as your porn viewing is reasonably mainstream, you never need to worry about Firefox spilling the beans.

It turns out that this isn't actually a new feature. Much like Chrome's advanced tab management capabilities, it's an old feature that's been newly spotted. Mozilla added the code to the browser about four years ago. It wasn't actually created to prevent potential new-tab page embarrassment; rather, it was to aid Firefox's commercialization efforts. Mozilla experimented with having sponsored content on the new-tab page, allowing companies to pay to have their sites promoted in those buttons. Many advertisers don't relish the thought of having their precious brands juxtaposed with Internet filth, so the Firefox developers added the blacklisting capability to try to prevent porn from appearing alongside sponsored content.

Read 3 remaining paragraphs | Comments

Chrome is getting a dark mode on Windows to match the one for macOS

Čet, 01/03/2019 - 21:35

Enlarge / Chrome's dark mode.

Chrome 73 is going to include support for macOS 10.14's dark mode, with an alternative color scheme for its user interface that cuts the brightness. It's now clear that a Windows version of the same is in development, though it seems it will trail the macOS version.

A bug report was spotted by Techdows, and preliminary work has been started to bring Windows its dark mode. Unlike its macOS counterpart, which should track the operating-system mode, the Windows dark mode currently has to be forcibly turned on with a command-line switch. Adding "--force-dark-mode" to the command line of current builds of Chrome 73 makes everything dark.

The dark theme is still unfinished, hence this menu with almost illegible black text on a dark grey background.

The macOS work has top priority (P1). The Windows work is only P2 (originally P3), surprisingly suggesting that it's less important, even though Chrome has far more Windows 10 users than it does macOS users. Development of the Windows theme was at least, for a time, hindered by one of the developers not having a Windows laptop to use.

Read 2 remaining paragraphs | Comments

Google isn’t the company that we should have handed the Web over to

Pon, 12/17/2018 - 23:19

Enlarge (credit: Aurich Lawson / Getty Images)

With Microsoft's decision to end development of its own Web rendering engine and switch to Chromium, control over the Web has functionally been ceded to Google. That's a worrying turn of events, given the company's past behavior.

Chrome itself has about 72 percent of the desktop-browser market share. Edge has about 4 percent. Opera, based on Chromium, has another 2 percent. The abandoned, no-longer-updated Internet Explorer has 5 percent, and Safari—only available on macOS—about 5 percent. When Microsoft's transition is complete, we're looking at a world where Chrome and Chrome-derivatives take about 80 percent of the market, with only Firefox, at 9 percent, actively maintained and available cross-platform.

The mobile story has stronger representation from Safari, thanks to the iPhone, but overall tells a similar story. Chrome has 53 percent directly, plus another 6 percent from Samsung Internet, another 5 percent from Opera, and another 2 percent from Android browser. Safari has about 22 percent, with the Chinese UC Browser sitting at about 9 percent. That's two-thirds of the mobile market going to Chrome and Chrome derivatives.

Read 21 remaining paragraphs | Comments

Edge dies a death of a thousand cuts as Microsoft switches to Chromium

Čet, 12/06/2018 - 19:10

Enlarge (credit: @AndreTelevise)

As reported earlier this week, Microsoft is going to use Google's Blink rendering engine and V8 JavaScript engine in its Edge browser, largely ending development of its own EdgeHTML rendering engine and Chakra JavaScript engine. This means that Microsoft will be using code from—and making contributions to—the Chromium open source project.

The company's browser will still be named Edge and should retain the current look and feel. The decision to switch was motivated primarily by compatibility problems: Web developers increasingly test their pages exclusively in Chrome, which has put Edge at a significant disadvantage. Microsoft's engineers have found that problematic pages could often be made Edge compatible with only very minor alterations, but because Web devs aren't using Edge at all, they don't even know that they need to change anything.

The story is, however, a little more complex. The initial version of Edge that shipped with the first version of Windows 10 was rudimentary, to say the least. It was the bare bones of a browser, but with extremely limited capabilities around things like tab management and password management, no extension model, and generally lacking in the creature comforts that represent the difference between a bare rendering engine and an actual usable browser. It also had stability issues; crashes and hangs were not uncommon.

Read 12 remaining paragraphs | Comments

Report: Microsoft is scrapping Edge, switching to just another Chrome clone

Tor, 12/04/2018 - 18:25

Enlarge (credit: Getty / Aurich)

Windows Central reports that Microsoft is planning to replace its Edge browser, which uses Microsoft's own EdgeHTML rendering engine and Chakra JavaScript engine, with a new browser built on Chromium, the open source counterpart to Google's Chrome. The new browser has the codename Anaheim.

The report is short on details. The easiest thing for Microsoft to do would be to use Chromium's code wholesale—the Blink rendering engine, the V8 JavaScript engine, and the Chrome user interface with the Google Account parts omitted—to produce something that looks, works, and feels almost identical to Chrome. Alternatively, Redmond could use Blink and V8 but wrap them in Edge's user interface (or some derivative thereof), to retain its own appearance. It might even be possible to do something weird, such as use Blink with the Chakra JavaScript engine. We'll have to wait and see.

Since its launch with Windows 10, Edge has failed to gain much market share. The first iterations of Edge were extremely barebones, offering little more than a basic tabbed browser—no extensions, little control over behavior. Early releases of Edge were also not as stable as one might have liked, making the browser hard to recommend. Three years later on and Edge is greatly—but unevenly—improved. The browser engine's stability seems to be much better than it was, and performance and compatibility remain solid (though with the exception of a few corner cases, these were never a real concern).

Read 7 remaining paragraphs | Comments

The next version of HTTP won’t be using TCP

Pon, 11/12/2018 - 23:41

Enlarge (credit: Andy Maguire / Flickr)

The next version of the Hypertext Transfer Protocol (HTTP)—the network protocol that defines how browsers talk to Web servers—is going to make a major break from the versions in use today.

Today's HTTP (versions 1.0, 1.1, and 2) are all layered on top of TCP (Transmission Control Protocol). TCP, defined as part of the core set of IP (Internet Protocol) layers, provides reliable, ordered, and error-checked delivery of data over an IP network. "Reliable" means that if some data goes missing during transfer (due to a hardware failure, congestion, or a timeout), the receiving end can detect this and demand that the sending end re-send the missing data; "ordered" means that data is received in the order that it was transmitted in; "error-checked" means that any corruption during transmission can be detected.

These are all desirable properties and necessary for a protocol such as HTTP, but TCP is designed as a kind of one-size-fits-all solution, suitable for any application that needs this kind of reliability. It isn't particularly tuned for the kinds of scenarios that HTTP is used for. TCP requires a number of round trips between client and server to establish a connection, for example; using SSL over TCP requires subsequent round trips to establish the encrypted connection. A protocol purpose-built for HTTP could combine these negotiations and reduce the number of round trips, thereby improving network latency.

Read 4 remaining paragraphs | Comments

sfy39587f05