Subscribe to ArsTechnica-OpenSource feed ArsTechnica-OpenSource
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 2 hours 11 min ago

The new Firefox lets you stop websites from asking to send you notifications

Wed, 03/14/2018 - 2:19pm

Enlarge (credit: Mozilla)

The Mozilla Foundation released a new version of Firefox this week—release number 59. It treads further down the performance improvement path that November's Quantum release began, but its most interesting feature is a quality-of-life one: Firefox 59 users can prevent some websites from popping up requests to send notifications to your device or from requesting to use your camera unexpectedly.

Specifically, the update notes say:

Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features

Numerous websites, especially news sites and other publishers, request to send these notifications so the notification center of, say, your Mac will be filled with news stories with enticing headlines for you to click, driving more traffic. It's annoying, and it muddies the waters of the Web browser's user experience. You can add trusted websites as exceptions, but all such requests will be blocked otherwise.

Read 5 remaining paragraphs | Comments

Developers love trendy new languages, but earn more with functional programming

Tue, 03/13/2018 - 3:00am

(credit: Stack Exchange)

Developer Q&A site Stack Overflow performs an annual survey to find out more about the programmer community, and the latest set of results has just been published.

JavaScript remains the most widely used programming language among professional developers, making that six years at the top for the lingua franca of Web development. Other Web tech including HTML (#2 in the ranking), CSS (#3), and PHP (#9). Business-oriented languages were also in wide use, with SQL at #4, Java at #5, and C# at #8. Shell scripting made a surprising showing at #6 (having not shown up at all in past years, which suggests that the questions have changed year-to-year), Python appeared at #7, and systems programming stalwart C++ rounded out the top 10.

These aren't, however, the languages that developers necessarily want to use. Only three languages from the most-used top ten were in the most-loved list; Python (#3), JavaScript (#7), and C# (#8). For the third year running, that list was topped by Rust, the new systems programming language developed by Mozilla. Second on the list was Kotlin, which wasn't even in the top 20 last year. This new interest is likely due to Google's decision last year to bless the language as an official development language for Android. TypeScript, Microsoft's better JavaScript than JavaScript comes in at fourth, with Google's Go language coming in at fifth. Smalltalk, last year's second-most loved, is nowhere to be seen this time around.

Read 5 remaining paragraphs | Comments

Google claims it’s going to build its proprietary AMP using Web standards

Sat, 03/10/2018 - 12:15pm

"Too slow;" where have we heard that one before? (credit: Getty Images)

Google has said that it wants to bring the benefits of its AMP specification to sites that stick with Web standards, offering them the same prominent search positioning that it currently only gives to sites using its proprietary tech.

The 2015 introduction of Google's AMP, "Accelerated Mobile Pages," has been deeply contentious within the Web community. AMP is based on HTML, JavaScript, and other related technologies, with a bunch of non-standard alterations and restrictions to, Google says, achieve a number of things that are useful, especially for mobile browsers.

AMP has three main parts: a restricted subset of HTML with custom AMP-specific tags for things like images, audio, and video; a special, mandatory JavaScript library that handles the custom tags, limited animations, and certain other features; and a caching proxy system, wherein Google validates AMP pages and serves them to clients itself.

Read 7 remaining paragraphs | Comments

Vulkan 1.1 out today, with multi-GPU support, better DirectX compatibility

Wed, 03/07/2018 - 9:00am

Enlarge (credit: Khronos Group)

The Khronos Group today launched Vulkan 1.1, the first big revision of its vendor-neutral, cross-platform GPU API.

The new revision standardizes a handful of features that were previously offered as extensions. The release rounds out the API, bringing parity with Microsoft's DirectX 12 in a few areas where it was absent, improving compatibility with DirectX 12, and laying the groundwork for the next generation of GPUs.

One feature in particular goes a long way toward filling a Vulkan gap relative to Microsoft's API: explicit multi-GPU support. This allows one program to spread its work across multiple GPUs. Unlike SLI and Crossfire of old, where the task of divvying up the rendering between GPUs was largely handled by the driver, this gives control to the developer. With this addition, developers can create "device groups" that aggregate multiple physical GPUs into a single virtual device and choose how work is dispatched to the different physical GPUs. Resources from one physical GPU can be used by another GPU, different commands can be run on the different GPUs, and one GPU can show rendered images that were created by another GPU.

Read 9 remaining paragraphs | Comments

Chrome on Windows ditches Microsoft’s compiler, now uses Clang

Mon, 03/05/2018 - 8:13pm

Enlarge / The LLVM dragon logo, in honor of the dragon book. (credit: Apple)

Google's Chrome browser is now built using the Clang compiler on Windows. Previously built using the Microsoft C++ compiler, Google is now using the same compiler for Windows, macOS, Linux, and Android, and the switch makes Chrome arguably the first major software project to use Clang on Windows.

Chrome on macOS and Linux has long been built using the Clang compiler and the LLVM toolchain. The open-source compiler is the compiler of choice on macOS, making it the natural option there, and it's also a first-class choice for Linux; though the venerable GCC is still the primary compiler choice on Linux, by using Clang instead, Google ensured that it has only one set of compiler quirks and oddities to work with rather than two.

But Chrome on Windows has instead used Microsoft's Visual C++ compiler. The Visual C++ compiler is the best-supported, most widely used compiler on Windows and, critically, is the compiler with the best support for Windows' wide range of debugging and diagnostic tools. The Visual Studio debugger is widely loved by the C++ community, and other tools, such as the WinDbg debugger (often used for analyzing crash dumps), are core parts of the Windows developer experience.

Read 5 remaining paragraphs | Comments

Microsoft brings its quantum dev kit to macOS, Linux; new kind of qubit this year

Mon, 02/26/2018 - 9:00am

Enlarge (credit: Microsoft)

Microsoft released the first version of its quantum development kit and a new quantum computing programming language Q# last December. Today, the company has released an update that adds support for quantum development on macOS and Linux. Both the Q# language, and the company's quantum simulator, will run on these platforms in addition to Windows.

The new release of the simulator is much faster than the first release, with the company saying that it runs four to five times faster, especially on simulations with 20 or more qubits.

The quantum libraries and samples are now available under an open source license—the source to these was previously merely shared—enabling others to modify and extend them. Interoperability with existing libraries is also being improved: Microsoft is working on integrating Python support. On Windows, today's release includes a preview of the Python integration, which allows Q# programs to call Python code and vice versa.

Read 3 remaining paragraphs | Comments

Firefox’s continued Quantum transformation—more multithreading, tracking protection

Tue, 01/23/2018 - 1:07pm

Firefox 58, out today, continues to deliver Project Quantum, Mozilla's far-reaching modernization effort that's boosting the browser's performance, security, and maintainability. The initiative allows Firefox to take better advantage of modern multicore processors and makes the browser better suited to the demands of today's Web applications.

The two highlights from today's release are an optional Tracking Protection feature and new multithreading in the page rendering.

Firefox has had Tracking Protection in its Private Browsing mode for a couple of years. This actively blocks ads, analytics trackers, and social media sharing buttons, reducing the privacy exposure that these things can cause. Firefox 58 brings the option of using Tracking Protection even in the regular browser, blocking this content without having to use Private Browsing.

Read 6 remaining paragraphs | Comments

Google’s Fuchsia OS on the Pixelbook: It works! It actually works!

Thu, 01/18/2018 - 9:36am

(video link)

Google currently has two OSes on the market: Android and Chrome OS. The company is never one to leave a successful product alone in the marketplace, though, so it's also developing a third operating system called "Fuchsia." When we last checked in on the experimental OS in May 2017, calling it an "OS" was a bit of a stretch. We only got the system UI up and running on top of Android, where it then functioned like an app. The UI offered a neat multi-window system, but mostly it was just a bunch of placeholder graphics. Nothing worked.

It has been hard to check in on Fuchsia since. The Fuchsia system UI, which was written with a cross-platform SDK called "Flutter," quickly shut down the Android (and iOS) compatible builds. Fuchsia has a Vulkan-based graphics stack, and no emulator supports the new-ish graphics API. The only way to get Fuchsia up and running again was with actual hardware, and the only supported devices were Intel NUC PCs from 2015 and the Acer Switch Alpha 12 laptop.

Read 29 remaining paragraphs | Comments

BitTorrent users beware: Flaw lets hackers control your computer

Mon, 01/15/2018 - 4:25pm

Enlarge (credit: Tavis Ormandy)

There's a critical weakness in the widely used Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. That's according to a researcher with Google's Project Zero vulnerability reporting team, who also warns that other BitTorrent clients are likely similarly susceptible.

Researcher Tavis Ormandy published the proof-of-concept attack code last week, along with a detailed description of the underlying vulnerability it exploited. Normally, Project Zero withholds publication of such details for 90 days or until the developer has released a fix. In this case, however, Ormandy's private report to Transmission included a patch that completely fixed the vulnerability. The researcher went ahead and disclosed the vulnerability last Tuesday—only 40 days after the initial report—because Transmission developers had yet to apply it. Ormandy said the publication would allow Ubuntu and other downstream projects to independently install the fix.

"I'm finding it frustrating that the Transmission developers are not responding on their private security list," Ormandy wrote in Tuesday's public report. "I suggested moving this into the open so that distributions can apply the patch independently."

Read 7 remaining paragraphs | Comments

Microsoft quietly snuck an ssh client and server into latest Windows 10 update

Thu, 12/14/2017 - 12:38pm

Enlarge (credit: Liz West)

In 2015, Microsoft announced its intent to bring OpenSSH, the widely used implementation of the secure shell (ssh) protocol used for remote system access and administration throughout the UNIX world, natively to Windows. Without too many people noticing, it turns out that the company has now done this. The Windows 10 Fall Creators Update adds a couple of optional features, with both client and server now available for installation (via Serve The Home).

Add the feature from the Optional Features settings page and, well... I think it works, but I'm not entirely sure because I can't make it work. It can't use my RSA key—Microsoft's issues list on GitHub says that only ed25519 keys are supported at present—but my ed25519 key isn't working either. I have seen people successfully use it with password authentication, but I don't have a password-authenticated server to actually test with right now. Both my keys work fine from Windows Subsystem for Linux ssh, so I'm confident that they're fine; the native Win32 program just doesn't like them for reasons that aren't at all obvious at this time.

I'm sure that eventually the wrinkles will be fixed. This is a beta and it's not installed by default, so hiccups aren't a huge surprise. But it's another little sign that Microsoft is continuing to embrace the wider world beyond Windows. I don't expect that ssh will become the main tool for administration of Windows machines any time soon—though with the ssh server and PowerShell, even that isn't impossible to imagine—but when this works, it's going to make connecting to and using other systems from Windows that bit more convenient.

Read 1 remaining paragraphs | Comments

Chrome 63 offers even more protection from malicious sites, using even more memory

Thu, 12/07/2017 - 4:50pm

Enlarge / You might need more of this stuff if you want to use Chrome's new Site Isolation mode. Well, not this stuff exactly; it's RAM from a very obsolete VAX computer. (credit: Kevin Stanchfield)

To further increase its enterprise appeal, Chrome 63—which hit the browser's stable release channel yesterday—includes a couple of new security enhancements aimed particularly at the corporate market.

The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another.

Chrome's default model is, approximately, to use one process per tab. This more or less ensures that unrelated sites are kept in separate processes, but there are nuances to this set-up. Pages share a process if they are related through, for example, one opening another with JavaScript or iframes embedding (wherein one page is included as content within another page). Over the course of a single browsing session, one tab may be used to visit multiple different domains; they'll all potentially be opened within a single process. On top of this, if there are already too many Chrome processes running, Chrome will start opening new pages within existing processes, resulting in even unrelated pages sharing a process.

Read 5 remaining paragraphs | Comments