An anonymous reader writes: An advisory from CERT warns that all web-browsers, including the latest versions of Chrome, Firefox, Safari and Opera, have 'implementation weaknesses' which facilitate attacks on secure (HTTPS) sites via the use of cookies, and that implementing HSTS will not secure the vulnerability until browsers stop accepting cookies from sub-domains of the target domain. This attack is possible because although cookies can be specified as being HTTPS-specific, there is no mechanism to determine where they were set in the first place. Without this chain of custody, attackers can 'invent' cookies during man-in-the-middle (MITM) attacks in order to gain access to confidential session data.

An anonymous reader writes: Today Mozilla announced some big changes to its extension support. Their new addon API, WebExtensions, is mostly compatible with the extension model used by Chrome and Opera. In short, this means we'll soon see cross-platform browser extensions. They say, "For some time we've heard from add-on developers that our APIs could be better documented and easier to use. In addition, we've noticed that many Firefox add-on developers also maintain a Chrome, Safari, or Opera extension with similar functionality. We would like add-on development to be more like Web development: the same code should run in multiple browsers according to behavior set by standards, with comprehensive documentation available from multiple vendors."

Reuters reports that four people have died of Legionnaire's Disease in an outbreak in the Bronx, and 65 more have exhibited symptoms of the disease. The Bronx was also home to the most recent flare-up of the disease, in December of last year. Says the article, In response to the outbreak, the city's health department has inspected 22 buildings in the Bronx, 17 of which have cooling towers. Five buildings, including the historic Opera House Hotel, Lincoln Medical Center and the Concourse Plaza mall and movie complex, tested positive for Legionella. Disinfection efforts are ongoing or have already been completed at all five sites. ... The people who died from the disease were older adults with underlying medical problems, according to a city press release. The department said the city's drinking water supply, fountains and pools have not been affected.

An anonymous reader writes: I've carried a smart phone for several years, but for much of that time it's been (and I suspect this is true for anyone for whom money is an object) kept pretty dumb — at least for anything more data-intensive than Twitter and the occasional map checking. I've been using more of the smart features lately (Google Drive and Keep are seductive.) Since the data package can be expensive, though, and even though data is cheaper than it used to be, that means I don't check Facebook often, or upload pictures to friends by email, unless I'm in Wi-Fi zone (like home, or a coffee shop, etc). Even so, it seems I'm using more data than I realized, and I'd like to keep it under the 2GB allotment I'm paying for. I used to think half a gig was generous, but now I'm getting close to that 2GB I've paid for, most months.

This makes me a little paranoid, which leads to my first question: How accurate are carriers' own internal tools for measuring use, and do you recommend any third-party apps for keeping track of data use? Ideally, I'd like a detailed breakdown by app, over time: I don't think I'm at risk for data-stealing malware on my phone (the apps I use are either built-in, or plain-vanilla ones from Google's store, like Instagram, Twitter's official client, etc.), but of course really well-crafted malware would be tough to guard against or to spot. And even if they can be defeated, more and more sites (Facebook, for one) now play video just because I've rolled over a thumbnail. Read on for second part of the question.

An anonymous reader writes: Software developer Nolan Lawson says Apple's Safari has taken the place of Microsoft's Internet Explorer as the major browser that lags behind all the others. This comes shortly after the Edge Conference, where major players in web technologies got together to discuss the state of the industry and what's ahead. Lawson says Mozilla, Google, Opera, and Microsoft were all in attendance and willing to talk — but not Apple.

"It's hard to get insight into why Apple is behaving this way. They never send anyone to web conferences, their Surfin' Safari blog is a shadow of its former self, and nobody knows what the next version of Safari will contain until that year's WWDC. In a sense, Apple is like Santa Claus, descending yearly to give us some much-anticipated presents, with no forewarning about which of our wishes he'll grant this year. And frankly, the presents have been getting smaller and smaller lately."

He argues, "At this point, we in the web community need to come to terms with the fact that Safari has become the new IE. Microsoft is repentant these days, Google is pushing the web as far as it can go, and Mozilla is still being Mozilla. Apple is really the one singer in that barbershop quartet hitting all the sour notes, and it's time we start talking about it openly instead of tiptoeing around it like we're going to hurt somebody's feelings."

An anonymous reader points out that Stephen Hawking recently gave some advice for One Direction fans. What is the cosmological effect of singer Zayn Malik leaving the best-selling boy band One Direction and consequently disappointing millions of teenage girls around the world? The advice of British cosmologist Stephen Hawking to heartbroken fans is to follow theoretical physics, because Malik may well still be a member of the pop group in another universe. The physicist took a break from speaking about his work as one of the world's leading scientists to answer the question from one upset fan during a talk at Sydney Opera House at the weekend. 'Finally a question about something important,' Hawking, who appeared via hologram, said to loud laughs from the audience. 'My advice to any heartbroken young girl is to pay attention to the study of theoretical physics because, one day, there may well be proof of multiple universes. It would not be beyond the realms of possibility that somewhere outside of our own universe lies another, different universe and, in that universe, Zayn is still in One Direction.'"

justthinkit writes: Vivaldi is billing itself as the power user's browser, and Ars went hands-on with it today. They say, "Vivaldi has so many great features, but it can be a little frustrating because it is still very much a technical preview. It's been largely stable during testing (most of the bugs we encountered using the first release are gone in the second), but it's still missing some key features." It appears to have the cred, with Vivaldi's CEO being Jon S. von Tetzchner, the co-founder and former CEO of Opera. Does the thinking behind Vivaldi appeal to you? Do you plan to switch when it's more feature-complete?

An anonymous reader writes: I run Firefox with NoScript and FlashBlock at home. Browsing is easy, and I only have to enable scripts on a few sites. If they have 20+ scripts, I just surf somewhere else. Fast forward to the mobile experience. I had an Android device, but now I have an iPhone. In addition to the popup problem, and the fake "X" on ads, the iPhone browsers (Safari, Chrome, Opera) will start to show a site, then they will lock up for 10-30 seconds before finally becoming responsive. If I switch back to another app and then return to the browser, Safari and Chrome have a little delay, but Opera delays 20+ seconds before becoming responsive again.

Firefox is not available on the iPhone, so I can't simply run NoScript. Chrome does not appear to have a NoScript equivalent for mobile. What solutions are you using to make mobile browsing work?

New submitter cdysthe writes Almost two years ago, the Norwegian browser firm Opera ripped out the guts of its product and adopted the more standard WebKit and Chromium technologies, essentially making it more like rivals Chrome and Safari. But it wasn't just Opera's innards that changed; the browser also became more streamlined and perhaps less geeky. Many Opera fans were deeply displeased at the loss of what they saw as key differentiating functionality. So now Jon von Tetzchner, the man who founded Opera and who would probably never have allowed those drastic feature changes, is back to serve this hard core with a new browser called Vivaldi. The project's front page links to downloads of a technical preview, available for Linux, Mac OS X, and Windows. Firefox users who likewise prefer a browser with more rather than fewer features (but otherwise want to stick with Firefox) might also consider SeaMonkey, which bundles not just a browser but email, newsgroup client and feed reader, HTML editor, IRC chat and web development tools.

An anonymous reader writes: Ars Technica's Peter Bright argues that it's time for Microsoft to make Internet Explorer open source. He points out that IE's major competitors are all either fully open source (Firefox), or partially open source (Chrome, Safari, and Opera), and this puts Microsoft at a huge disadvantage. Bright says, "It's time for Microsoft to fit in with the rest of the browser industry and open up Trident. One might argue that this argument could be made of any software, and that Microsoft should by this logic open source everything. But I think that the browser is special. The community that exists around Web standards does not exist in the same way around, say, desktop software development, or file system drivers, or user interfaces. Development in the open is integral to the Web in an almost unique way. ... Although Microsoft has endeavored to be more open about how it's developing its browser, and which features it is prioritizing, that development nonetheless takes place in private. Developing in the open, with a public bug tracker, source code repositories, and public discussion of the browser's future direction is the next logical step."

HughPickens.com writes Phys.org reports that in a new paper accepted by the journal Astroparticle Physics, Robert Ehrlich, a recently retired physicist from George Mason University, claims that the neutrino is very likely a tachyon or faster-than-light particle. Ehrlich's new claim of faster-than-light neutrinos is based on a much more sensitive method than measuring their speed, namely by finding their mass. The result relies on tachyons having an imaginary mass, or a negative mass squared. Imaginary mass particles have the weird property that they speed up as they lose energy – the value of their imaginary mass being defined by the rate at which this occurs. According to Ehrlich, the magnitude of the neutrino's imaginary mass is 0.33 electronvolts, or 2/3 of a millionth that of an electron. He deduces this value by showing that six different observations from cosmic rays, cosmology, and particle physics all yield this same value within their margin of error. One check on Ehrlich's claim could come from the experiment known as KATRIN, which should start taking data in 2015. In this experiment the mass of the neutrino could be revealed by looking at the shape of the spectrum in the beta decay of tritium, the heaviest isotope of hydrogen.

But be careful. There have been many such claims, the last being in 2011 when the "OPERA" experiment measured the speed of neutrinos and claimed they travelled a tiny amount faster than light. When their speed was measured again the original result was found to be in error – the result of a loose cable no less. "Before you try designing a "tachyon telephone" to send messages back in time to your earlier self it might be prudent to see if Ehrlich's claim is corroborated by others."

An anonymous reader send this link to a developing situation in Sydney, Australia, being reported on via live feed at the Guardian, and covered by various other news outlets as well. According to CNN's coverage, "CNN affiliate Seven Network said that at least 13 people are being held at the Lindt Chocolate Cafe. It published a photograph of people inside the cafe holding a black flag with Arabic writing on it. The flag reads: "There is no God but God and Mohammed is the prophet of God." From The New York Times' coverage: The police have shut down parts of the city’s transport system, and closed off the mall area. They would not confirm how many people were being held hostage inside the cafe, nor whether those inside are armed. Local media reports said that the airspace over Sydney had been closed and the famed Sydney Opera House evacuated. Television images showed heavily armed officers with their weapons trained on the cafe.

An anonymous reader writes: On 10 October 1994, Opera CTO Hakon Lie posted a proposal for Cascading HTML style sheets. Now, two decades on, CSS has become one of the modern web's most important building blocks. The Opera dev blog just posted an interview with Lie about how CSS came to be, and what he thinks of it now. He says that if these standards were not made, "the web would have become a giant fax machine where pictures of text would be passed along." He also talks about competing proposals around the same time period, and mentions his biggest mistake: not producing a test suite along with the CSS1 spec. He thinks this would have gotten the early browsers to support it more quickly and more accurately. Lie also thinks CSS has a strong future: "New ideas will come along, but they will extend CSS rather than replace it. I believe that the CSS code we write today will be readable by computers 500 years from now."

An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."

pbahra writes One of the greatest emotional triggers at any auto-racing event is the noise. In Nascar, it is the earthshaking growl of V8 American muscle. In Formula One, it is the chest-rattling wail of 15,000 rpm. To some the sound is repellent. To others it is like an opera. But what if there is no sound at all? Welcome to the quiet world of Formula E, a global racing series for electric cars, which debuts this month in Beijing.

motang (1266566) writes "Opera released Opera 24 for Linux. Currently it is in testing (developer) mode, and only for 64-bit Ubuntu, but hey it's a start since everyone thought Linux support was abandoned. In my test it is pretty rough around the edges, only has ambiance theme as it has been hard coded, and all the window controls are on the right and not on the left like what Unity has. But it is a start."

An anonymous reader writes This article in The New York Times shows the clash of purists and people who desire to experiment with "new technology" available to them. The geek in me is really curious about this concept of a digital orchestra (with the ability to change tempos, placement of speakers in an orchestra pit, possibly delaying some to line them up ...). I understand that instrumentalists feel threatened, but why not let free enterprise decide the fate of this endeavor instead of trying to kill it by using blackmail and misrepresentation? Isn't there a place for this, even if maybe it is not called opera ... maybe iOpera?

An anonymous reader writes: "It doesn't take a Columbo to figure out that the 'previous employer, a small browser vendor that decided to abandon its own rendering engine and browser stack' is referring to Opera in this comment answering the question 'Do you actually use the product you are working on?' It appears to originate from Andreas Tolfsen, a former Opera developer who is now part of the Mozilla project. From releasing a unified architecture browser including Linux support since 2001, Opera decided to put Linux development on indefinite hold, communicated through blog comments, and focus on Windows and Mac for their browser rewrite centered around the Blink engine that had its first beta release last spring. The promise to bring back the Linux version in due time was met with growing skepticism as the months went by, and clear answers have been avoided in the developer blog. The uncertainty has spawned user projects such as Otter browser in an attempt to recreate the Opera UI in a free application. Tolfsen's statement seem to be in line with what users have suspected all along: Opera for Linux is not something for the near future."

mikejuk writes "Google and Opera split from WebKit to create Blink, their own HTML rendering engine, and everyone was worried about the effect on standards. Now we have the first big example of a split in the form of CSS Regions support. Essentially Regions are used to provide the web equivalent of text flow, a concept very familiar to anyone who has used a desktop publishing program. The basic idea is that you define containers for a text stream which is then flowed from one container to another to provide a complex multicolumn layout. The W3C standard for Regions has mostly been created by Adobe — a long time DTP company. Now the Blink team has proposed removing Regions support to save 10,000 lines of code in 350,000 in the name of efficiency. If Google does remove the Regions code, which looks highly likely, this would leave Safari and IE 10/11 as the only two major browsers to support Regions. Both Apple and Microsoft have an interest in ensuring that their hardware can be used to create high quality magazine style layouts — Google and Opera aren't so concerned. I thought standards were there to implement not argue with." Although mikejuk thinks this is a bad thing, a lot of people think CSS Regions are awful. Mozilla has never intended to implement them, instead offering the CSS Fragmentation proposal as an alternative. One major flaw of CSS Regions is its reliance upon markup that is used solely for layout, violating the separation of content and style that CSS is intended to enforce.

Hugh Pickens DOT Com writes "Dennis Overbye reports in the NY Times that two years ago Richard Dawkins and Lawrence Krauss set off on a barnstorming tour to save the world from religion and promote science. Their adventure is now the subject of The Unbelievers, a new documentary. 'If you think a road trip with a pair of intellectuals wielding laptops is likely to lack drama, you haven't been keeping up with the culture wars,' writes Overbye. The scientists are mobbed at glamorous sites like the Sydney Opera House. Inside, they sometimes encounter clueless moderators; outside, demonstrators condemning them to hellfire. At one event, a group of male Muslim protesters are confronted by counterprotesters chanting, 'Where are your women?' 'Travelogue shots, perky editing and some popular rock music, as well as interview bits with such supportive celebrities as Woody Allen, Cameron Diaz, Sarah Silverman and Ricky Gervais, shrewdly enliven the brainy — but accessible — discourse,' writes Gary Goldstein in the LA Times, 'but mostly the movie is an enjoyably high-minded love fest between two deeply committed intellectuals and the scads of atheists, secularists, free-thinkers, skeptics and activists who make up their rock star-like fan base.' The movie ends at the Reason Rally in Washington, billed as the largest convention of atheists in history. Dawkins looks out at the crowd standing in a light rain and pronounces it 'the most incredible sight I can remember ever seeing' and declares that too many people have been cowed out of coming out as atheists, secularists or agnostics. 'We are far more numerous than anybody realizes.'"