The Mozilla Foundation released a new version of Firefox this week—release number 59. It treads further down the performance improvement path that November's Quantum release began, but its most interesting feature is a quality-of-life one: Firefox 59 users can prevent some websites from popping up requests to send notifications to your device or from requesting to use your camera unexpectedly.
Specifically, the update notes say:
Added settings in about:preferences to stop websites from asking to send notifications or access your device's camera, microphone, and location, while still allowing trusted websites to use these features
Numerous websites, especially news sites and other publishers, request to send these notifications so the notification center of, say, your Mac will be filled with news stories with enticing headlines for you to click, driving more traffic. It's annoying, and it muddies the waters of the Web browser's user experience. You can add trusted websites as exceptions, but all such requests will be blocked otherwise.
Developer Q&A site Stack Overflow performs an annual survey to find out more about the programmer community, and the latest set of results has just been published.
Google has said that it wants to bring the benefits of its AMP specification to sites that stick with Web standards, offering them the same prominent search positioning that it currently only gives to sites using its proprietary tech.
The Khronos Group today launched Vulkan 1.1, the first big revision of its vendor-neutral, cross-platform GPU API.
The new revision standardizes a handful of features that were previously offered as extensions. The release rounds out the API, bringing parity with Microsoft's DirectX 12 in a few areas where it was absent, improving compatibility with DirectX 12, and laying the groundwork for the next generation of GPUs.
One feature in particular goes a long way toward filling a Vulkan gap relative to Microsoft's API: explicit multi-GPU support. This allows one program to spread its work across multiple GPUs. Unlike SLI and Crossfire of old, where the task of divvying up the rendering between GPUs was largely handled by the driver, this gives control to the developer. With this addition, developers can create "device groups" that aggregate multiple physical GPUs into a single virtual device and choose how work is dispatched to the different physical GPUs. Resources from one physical GPU can be used by another GPU, different commands can be run on the different GPUs, and one GPU can show rendered images that were created by another GPU.
Google's Chrome browser is now built using the Clang compiler on Windows. Previously built using the Microsoft C++ compiler, Google is now using the same compiler for Windows, macOS, Linux, and Android, and the switch makes Chrome arguably the first major software project to use Clang on Windows.
Chrome on macOS and Linux has long been built using the Clang compiler and the LLVM toolchain. The open-source compiler is the compiler of choice on macOS, making it the natural option there, and it's also a first-class choice for Linux; though the venerable GCC is still the primary compiler choice on Linux, by using Clang instead, Google ensured that it has only one set of compiler quirks and oddities to work with rather than two.
But Chrome on Windows has instead used Microsoft's Visual C++ compiler. The Visual C++ compiler is the best-supported, most widely used compiler on Windows and, critically, is the compiler with the best support for Windows' wide range of debugging and diagnostic tools. The Visual Studio debugger is widely loved by the C++ community, and other tools, such as the WinDbg debugger (often used for analyzing crash dumps), are core parts of the Windows developer experience.
Microsoft released the first version of its quantum development kit and a new quantum computing programming language Q# last December. Today, the company has released an update that adds support for quantum development on macOS and Linux. Both the Q# language, and the company's quantum simulator, will run on these platforms in addition to Windows.
The new release of the simulator is much faster than the first release, with the company saying that it runs four to five times faster, especially on simulations with 20 or more qubits.
The quantum libraries and samples are now available under an open source license—the source to these was previously merely shared—enabling others to modify and extend them. Interoperability with existing libraries is also being improved: Microsoft is working on integrating Python support. On Windows, today's release includes a preview of the Python integration, which allows Q# programs to call Python code and vice versa.
Firefox 58, out today, continues to deliver Project Quantum, Mozilla's far-reaching modernization effort that's boosting the browser's performance, security, and maintainability. The initiative allows Firefox to take better advantage of modern multicore processors and makes the browser better suited to the demands of today's Web applications.
The two highlights from today's release are an optional Tracking Protection feature and new multithreading in the page rendering.
Firefox has had Tracking Protection in its Private Browsing mode for a couple of years. This actively blocks ads, analytics trackers, and social media sharing buttons, reducing the privacy exposure that these things can cause. Firefox 58 brings the option of using Tracking Protection even in the regular browser, blocking this content without having to use Private Browsing.
Google currently has two OSes on the market: Android and Chrome OS. The company is never one to leave a successful product alone in the marketplace, though, so it's also developing a third operating system called "Fuchsia." When we last checked in on the experimental OS in May 2017, calling it an "OS" was a bit of a stretch. We only got the system UI up and running on top of Android, where it then functioned like an app. The UI offered a neat multi-window system, but mostly it was just a bunch of placeholder graphics. Nothing worked.
It has been hard to check in on Fuchsia since. The Fuchsia system UI, which was written with a cross-platform SDK called "Flutter," quickly shut down the Android (and iOS) compatible builds. Fuchsia has a Vulkan-based graphics stack, and no emulator supports the new-ish graphics API. The only way to get Fuchsia up and running again was with actual hardware, and the only supported devices were Intel NUC PCs from 2015 and the Acer Switch Alpha 12 laptop.
There's a critical weakness in the widely used Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. That's according to a researcher with Google's Project Zero vulnerability reporting team, who also warns that other BitTorrent clients are likely similarly susceptible.
Researcher Tavis Ormandy published the proof-of-concept attack code last week, along with a detailed description of the underlying vulnerability it exploited. Normally, Project Zero withholds publication of such details for 90 days or until the developer has released a fix. In this case, however, Ormandy's private report to Transmission included a patch that completely fixed the vulnerability. The researcher went ahead and disclosed the vulnerability last Tuesday—only 40 days after the initial report—because Transmission developers had yet to apply it. Ormandy said the publication would allow Ubuntu and other downstream projects to independently install the fix.
"I'm finding it frustrating that the Transmission developers are not responding on their private security list," Ormandy wrote in Tuesday's public report. "I suggested moving this into the open so that distributions can apply the patch independently."
In 2015, Microsoft announced its intent to bring OpenSSH, the widely used implementation of the secure shell (ssh) protocol used for remote system access and administration throughout the UNIX world, natively to Windows. Without too many people noticing, it turns out that the company has now done this. The Windows 10 Fall Creators Update adds a couple of optional features, with both client and server now available for installation (via Serve The Home).
Add the feature from the Optional Features settings page and, well... I think it works, but I'm not entirely sure because I can't make it work. It can't use my RSA key—Microsoft's issues list on GitHub says that only ed25519 keys are supported at present—but my ed25519 key isn't working either. I have seen people successfully use it with password authentication, but I don't have a password-authenticated server to actually test with right now. Both my keys work fine from Windows Subsystem for Linux ssh, so I'm confident that they're fine; the native Win32 program just doesn't like them for reasons that aren't at all obvious at this time.
I'm sure that eventually the wrinkles will be fixed. This is a beta and it's not installed by default, so hiccups aren't a huge surprise. But it's another little sign that Microsoft is continuing to embrace the wider world beyond Windows. I don't expect that ssh will become the main tool for administration of Windows machines any time soon—though with the ssh server and PowerShell, even that isn't impossible to imagine—but when this works, it's going to make connecting to and using other systems from Windows that bit more convenient.
To further increase its enterprise appeal, Chrome 63—which hit the browser's stable release channel yesterday—includes a couple of new security enhancements aimed particularly at the corporate market.
The first of these is site isolation, an even stricter version of the multiple process model that Chrome has used since its introduction. Chrome uses multiple processes for several security and stability reasons. On the stability front, the model means that even if a single tab crashes, other tabs (and the browser itself) are unaffected. On the security front, the use of multiple processes makes it much harder for malicious code from one site to steal secrets (such as passwords typed into forms) of another.