Safari

Is Safari the New Internet Explorer? 311

An anonymous reader writes: Software developer Nolan Lawson says Apple's Safari has taken the place of Microsoft's Internet Explorer as the major browser that lags behind all the others. This comes shortly after the Edge Conference, where major players in web technologies got together to discuss the state of the industry and what's ahead. Lawson says Mozilla, Google, Opera, and Microsoft were all in attendance and willing to talk — but not Apple.

"It's hard to get insight into why Apple is behaving this way. They never send anyone to web conferences, their Surfin' Safari blog is a shadow of its former self, and nobody knows what the next version of Safari will contain until that year's WWDC. In a sense, Apple is like Santa Claus, descending yearly to give us some much-anticipated presents, with no forewarning about which of our wishes he'll grant this year. And frankly, the presents have been getting smaller and smaller lately."

He argues, "At this point, we in the web community need to come to terms with the fact that Safari has become the new IE. Microsoft is repentant these days, Google is pushing the web as far as it can go, and Mozilla is still being Mozilla. Apple is really the one singer in that barbershop quartet hitting all the sour notes, and it's time we start talking about it openly instead of tiptoeing around it like we're going to hurt somebody's feelings."
Advertising

iOS 9 To Have Ad Blocking Capabilities 161

An anonymous reader writes: iOS 9 will reportedly carry ad blocking capabilities for it's Safari browser when it is released later this year. The feature wasn't rolled out with the usual fanfare one might expect, and flew under the radar. ZDNet reports: "It's not immediately clear why the new ad-blocking privacy feature was included in iOS 9, due out later this year. After all, the iPhone and iPad maker has its own advertising network -- even if its success was limited (which is putting it nicely). What's clear is that allowing ad-blockers in iOS 9 could deliver a serious blow to Google, the biggest rival to Apple in the mobile space, because advertising remains a massive portion of the search giant's income."
IOS

WWDC 2015 Roundup 415

Here's an overview of the main announcements and new products unveiled at WWDC today.
  • The latest OS X will be named OS X El Capitan. Features include: Natural language searches and auto-arrange windows. You can make the cursor bigger by shaking the mouse and pin sites in Safari now. 1.4x faster than Yosemite. Available to developers today, public beta in July, out for free in the fall.
  • Metal, the graphics API is coming to Mac. "Metal combines the compute power of OpenCL and the graphics power of OpenGL in a high-performance API that does both." Up to 40% greater rendering efficiency.
  • iOS 9: New Siri UI. There’s an API for search. Siri and Spotlight are getting more integrated. Siri getting better at prediction with a far lower word error rate. You can make checklists, draw and sketch inside of Notes. Maps gets some love. New app called News "We think this offers the best mobile reading experience ever." Like Flipboard it pulls in news articles from your favorite sites. HomeKit now supports window shades, motion sensors, security systems, and remote access via iCloud. Public Beta for iOS 9.
  • Apple Pay: All four major credit card companies and over 1 million locations supporting Apple Pay as of next month. Apple Pay reader developed by Square, for peer-to-peer transactions. Apple Pay coming to the UK next month support in 250,000 locations including the London transportation system. Passbook is being renamed "Wallet."
  • iPad: Shortcuts for app-switching, split-screen multitasking and QuickType. Put two fingers down on the keyboard and it becomes a trackpad. Side by side apps. Picture in picture available on iPad Air and up, Mini 2 and up.
  • CarPlay: Now works wirelessly and supports apps by the automaker.
  • Swift 2,the latest version of Apple’s programing language . Swift will be open source.
  • The App Store: Over 100 billion app downloads, and $30 billion paid to developers.
  • Apple Watch: watchOS 2 with new watch faces. Developers can build their own "complications" (widgets with a terrible name that show updates and gauges on the watch face). A new feature called Time Travel lets you rotate the digital crown to zoom into the future and see what’s coming up. More new features: reply to email, bedside alarm clock, send scribbled messages in multiple colors. You can now play video on the watch. Developer beta of watchOS 2 available today, wide release in the fall for free.
  • Apple Music: “The next chapter in music. It will change the way you experience music forever,” says Cook. Live DJs broadcasting and hosting live radio streams you can listen to in 150 countries. Handpicked suggestions. 24/7 live global radio. Beats Connect lets unsigned artists connect with fans. Beats Music has all of iTunes’ music, to buy or stream. With curated recommendations. Launching June 30th in 100 countries with Android this fall, with Windows and Android versions. First three months free, $9.99 a month or $14.99 a month for family plan for up to six.
Encryption

'Logjam' Vulnerability Threatens Encrypted Connections 71

An anonymous reader writes: A team of security researchers has revealed a new encryption vulnerability called 'Logjam,' which is the result of a flaw in the TLS protocol used to create encrypted connections. It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties."

Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).
Internet Explorer

New Screenshots Detail Spartan Web Browser For Windows 10 Smartphones 62

MojoKid writes One of the most anticipated new features in Windows 10 is the Spartan web browser, which will replace the long-serving Internet Explorer. We've seen Spartan in action on the desktop/notebook front, but we're now getting a closer look at Spartan in action on the mobile side thanks to some newly leaked screenshots. Perhaps the biggest change with Spartan is the repositioning of the address bar from the bottom of the screen to the top (which is also in line with other mobile browsers like Safari and Chrome). The refresh button has also been moved from its right-hand position within the address bar to a new location to the left of the address bar. Reading Lists also make an appearance in this latest build of Spartan along with Microsoft's implementation of "Hubs" on Windows 10 for mobile devices.
The Courts

Google Loses Ruling In Safari Tracking Case 56

mpicpp sends this report from CNET: The floodgates are now open for UK users to sue Google over privacy violations tied to tracking cookies. In a landmark ruling, the UK's Court of Appeal has dismissed Google's request to prevent British Web users from suing the company over tracking cookies and privacy violations. The decision was announced Friday, according to the BBC. In spite of default privacy settings and user preferences — including an opt-out of consent to be tracked by cookies — Google's tracking cookies gathered information on Safari browser users for nine months in 2011 and 2012.
Chrome

Every Browser Hacked At Pwn2own 2015, HP Pays Out $557,500 In Awards 237

darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.
Firefox

Analysis: People Who Use Firefox Or Chrome Make Better Employees 127

HughPickens.com writes: In the world of Big Data, everything means something. Now Joe Pinsker reports that Cornerstone OnDemand, a company that sells software that helps employers recruit and retain workers, has found after analyzing data on about 50,000 people who took its 45-minute online job assessment, that people who took the test on a non-default browser, such as Firefox or Chrome, ended up staying at their jobs about 15 percent longer than those who stuck with Safari or Internet Explorer. They also tended to perform better on the job as well. Chief Analytics Officer Michael Housman offered an explanation for the results in an interview with Freakonomics Radio: "I think that the fact that you took the time to install Firefox on your computer shows us something about you. It shows that you're someone who is an informed consumer," says Housman. "You've made an active choice to do something that wasn't default." But why would a company care about something as seemingly trivial as the browser a candidate chooses to use? "Call centers are estimated to suffer from a turnover rate of about 45 percent annually (PDF), and it can cost thousands of dollars to hire new employees," says Pinsker. "Because of that, companies are eager to find any proxy for talent and dedication that they can."
Encryption

FREAK Attack Threatens SSL Clients 89

msm1267 writes: For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL clients, including OpenSSL, will accept weak RSA keys–known as export-grade keys–without asking for those keys. Export-grade refers to 512-bit RSA keys, the key strength that was approved by the United States government for export overseas. This was an artifact from decades ago and it was thought that most servers and clients had long ago abandoned such weak ciphers. The vulnerability affects a variety of clients, most notably Apple's Safari browser.
Advertising

Ask Slashdot: Gaining Control of My Mobile Browser? 223

An anonymous reader writes: I run Firefox with NoScript and FlashBlock at home. Browsing is easy, and I only have to enable scripts on a few sites. If they have 20+ scripts, I just surf somewhere else. Fast forward to the mobile experience. I had an Android device, but now I have an iPhone. In addition to the popup problem, and the fake "X" on ads, the iPhone browsers (Safari, Chrome, Opera) will start to show a site, then they will lock up for 10-30 seconds before finally becoming responsive. If I switch back to another app and then return to the browser, Safari and Chrome have a little delay, but Opera delays 20+ seconds before becoming responsive again.

Firefox is not available on the iPhone, so I can't simply run NoScript. Chrome does not appear to have a NoScript equivalent for mobile. What solutions are you using to make mobile browsing work?
Youtube

YouTube Ditches Flash For HTML5 Video By Default 225

An anonymous reader writes: YouTube today announced it has finally stopped using Adobe Flash by default. The site now uses its HTML5 video player by default in Google's Chrome, Microsoft's IE11, Apple's Safari 8, and in beta versions of Mozilla's Firefox browser. At the same time, YouTube is now also defaulting to its HTML5 player on the web. In fact, the company is deprecating the "old style" Flash object embeds and its Flash API, pointing users to the iFrame API instead, since the latter can adapt depending on the device and browser you're using.
Opera

Opera Founder Is Back, WIth a Feature-Heavy, Chromium-Based Browser 158

New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.
Internet Explorer

Time For Microsoft To Open Source Internet Explorer? 165

An anonymous reader writes: Ars Technica's Peter Bright argues that it's time for Microsoft to make Internet Explorer open source. He points out that IE's major competitors are all either fully open source (Firefox), or partially open source (Chrome, Safari, and Opera), and this puts Microsoft at a huge disadvantage. Bright says, "It's time for Microsoft to fit in with the rest of the browser industry and open up Trident. One might argue that this argument could be made of any software, and that Microsoft should by this logic open source everything. But I think that the browser is special. The community that exists around Web standards does not exist in the same way around, say, desktop software development, or file system drivers, or user interfaces. Development in the open is integral to the Web in an almost unique way. ... Although Microsoft has endeavored to be more open about how it's developing its browser, and which features it is prioritizing, that development nonetheless takes place in private. Developing in the open, with a public bug tracker, source code repositories, and public discussion of the browser's future direction is the next logical step."
Chrome

Chrome For OS X Catches Up With Safari's Emoji Support 104

According to The Next Web, Emoji support has landed in the latest developer builds of Chrome for OS X, meaning that emoji can be seen on websites and be entered into text fields for the first time without issues. ... Users on Safari on OS X could already see emoji on the Web without issue, since Apple built that in. The bug in Chrome was fixed on December 11, which went into testing on Chrome’s Canary track recently. From there, we can expect it to move to the consumer version of Chrome in coming weeks.
The Almighty Buck

The Billionaires' Space Club 235

theodp writes Silicon sultans are the new robber barons, writes The Economist, adding that "they have been diversifying into businesses that have little to do with computers, while egotistically proclaiming that they alone can solve mankind's problems, from aging to space travel." Over at Slate, NYU journalism prof Charles Seife is less-than impressed with The Billionaires' Space Club. "It's an old trick," begins Seife. "Multimillionaires regularly try to spin acts of crass ego gratification as selfless philanthropy, no matter how obviously self-serving. They jump out of balloons at the edge of the atmosphere, take submarines to the bottom of the ocean, or shoot endangered animals on safari, all in the name of science and exploration. The more recent trend is billionaires making fleets of rocket ships for private space exploration. What makes this one different is that the public actually seems to buy the farce." Seife goes on to argue that "neither [Elon] Musk's nor [Richard] Branson's goals really seem to break new ground, despite all the talk of exploration."
Hardware Hacking

Many DDR3 Modules Vulnerable To Bit Rot By a Simple Program 138

New submitter Pelam writes: Researchers from Carnegie Mellon and Intel report that a large percentage of tested regular DDR3 modules flip bits in adjacent rows (PDF) when a voltage in a certain control line is forced to fluctuate. The program that triggers this is dead simple — just two memory reads with special relative offset and some cache control instructions in a tight loop. The researchers don't delve deeply into applications of this, but hint at possible security exploits. For example a rather theoretical attack on JVM sandbox using random bit flips (PDF) has been demonstrated before.
Media

Valve Rolls Out Game Broadcasting Service For Steam 92

An anonymous reader writes: Streaming live video game footage has become increasingly popular over the past several years — popular enough that Amazon was willing to shell out $970 million for Twitch.tv. Now, Valve has announced a rival: Steam Broadcasting. Users signing up for the beta test have the option to broadcast the game they're playing. They have several options about who can see their stream: invite-only, friends only, and publicly visible. Viewing a stream is currently supported by the Steam client itself, Google Chrome, and Apple Safari. It only works on Windows 7 and 8 at this point, but Valve promises support on Linux, OS X, and Windows Vista in the future.
Communications

New Trial Brings Skype to (Some) Browsers 55

Ars Technica reports that Microsoft has begun giving some users a taste of a new version of Skype, with a big difference compared to previous ones: the new one (tested by users on an invitation basis) is browser based. Rather than using the existing WebRTC standard, though (eschewed as too complex), Microsoft has developed a separate spec called ORTC (Object RTC), which is designed to offer similar capabilities but without mandating this same call setup system. Both Microsoft and Google are contributing to this spec, as are representatives from companies with video conferencing, telephony, and related products. ORTC isn't currently blessed as a W3C project, though the ORTC group has proposed integrating ORTC into WebRTC to create WebRTC 1.1 and including parts of ORTC into WebRTC 1.0. For now at least, video or audio chat therefore requires a plug-in, and requires Internet Explorer 10, or recent Firefox or Chrome browsers, and a current Safari on Mac OS X. Also at TechCrunch, among others, which notes that text chat (though as mentioned, not video or audio) will work with the new Skype under ChromeOS, too.
Android

Popular Smartphones Hacked At Mobile Pwn2Own 2014 52

wiredmikey writes Researchers have hacked several popular smartphones during the Mobile Pwn2Own 2014 competition that took place alongside the PacSec Applied Security Conference in Tokyo this week. The competition, organized by HP's Zero Day Initiative (ZDI) targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5. Using various attacks, some Mobile Pwn2Own 2014 Pwnage included: Apple's iPhone 5s (hacked via the Safari Web browser, achieving a full sandbox escape); Samsung's Galaxy S5 (hacked multiple times using near-field communications attacks); Amazon's Fire Phone (Web browser exploited); Windows Phone (partial hacks using a browser attack), andthe Nexus 5 (a Wi-Fi attack, which failed to elevate privileges). All the exploits were disclosed privately to the affected companies. HP promised to reveal details in the upcoming weeks.
Mozilla

Mozilla Launches Browser Built For Developers 74

HughPickens.com writes "Mozilla announced that they are excited to unveil Firefox Developer Edition, the first browser created specifically for developers that integrates two powerful new features, Valence and WebIDE that improve workflow and help you debug other browsers and apps directly from within Firefox Developer Edition. Valence (previously called Firefox Tools Adapter) lets you develop and debug your app across multiple browsers and devices by connecting the Firefox dev tools to other major browser engines. WebIDE allows you to develop, deploy and debug Web apps directly in your browser, or on a Firefox OS device. "It lets you create a new Firefox OS app (which is just a web app) from a template, or open up the code of an existing app. From there you can edit the app's files. It's one click to run the app in a simulator and one more to debug it with the developer tools."

Firefox Developer Edition also includes all the tools experienced Web developers are familiar with including: Responsive Design Mod, Page Inspector, Web Console, JavaScript Debugger, Network Monitor, Style Editor, and Web Audio Editor. At launch, Mozilla is starting off with Chrome for Android and Safari for iOS. and the eventual goal is to support more browsers, depending on what developers tell Mozilla they want, but the primary focus is on the mobile Web. "One of the biggest pain points for developers is having to use numerous siloed development environments in order to create engaging content or for targeting different app stores. For these reasons, developers often end up having to bounce between different platforms and browsers, which decreases productivity and causes frustration," says the press release. "If you're a new Web developer, the streamlined workflow and the fact that everything is already set up and ready to go makes it easier to get started building sophisticated applications."
Mozilla released a teaser trailer for the browser last week.