An anonymous reader writes "Stanford Law School has kicked off a 'Cookie Clearinghouse' web privacy initiative that brings together researchers and browsers. The project aims to provide a centralized and trusted repository for whitelist and blacklist data on web tracking, much like StopBadwaredoes for malware. Mozilla and Opera are collaborating on the initiative, and Mozilla plans to integrate it into Firefox's new default third-party cookie blocking. The leader of an advertising trade group has, of course, denounced the participating browsers as 'oligopolies.'"
Catch up on stories from the past week (and beyond) at the Slashdot story archive
hypnosec writes "Opera has released its first Chromium-based, completely re-engineered browser as a preview for Windows and Mac systems (download). The new browser has been given quite a makeover and comes with a refresh of Opera's 'Speed Dial' bookmarking feature. Users can now not only organize their shortcuts into folders, but also group them into folders automatically by simply dragging one bookmark over another. Opera has also included a faster bookmarking tool dubbed 'Stash,' allowing users to return to the links quickly. The new version has combined its search and address bars, allowing users to make searches directly via Amazon, Bing, Google and Wikipedia."
J.J. Abrams’ 2009 reboot of Star Trek was wildly successful. It raked in hundreds of millions at the box office, and revitalized the Star Trek franchise, which had languished for 7 years without a new film and 4 years without a TV presence (after 18 consecutive years of new shows). It also did something no Trek movie had done before; it made Star Trek ‘cool’ in the public consciousness. Combined, those factors ensured Abrams would get another turn at the helm of a Trek movie, and sooner rather than later. With today's release of Star Trek: Into Darkness, that trend is very likely to continue. It's a movie with all the same strengths and weaknesses of its predecessor, and if it worked before, it'll work again. Read on for our review.
AmiMoJo writes "It looks like Mozilla are finally going to remove the much hated blink tag from the Gecko rendering engine that powers Firefox. Work to remove support for the tag, which was always non-standard and is not supported by the most popular HTML layout engines WebKit and Blink (Chrome, Safari, Opera, Android), is progressing and should show up in a future version of the browser." A comment attached to the discussion of this (not completed) move points out the odd possibility that Google's new Blink rendering engine may feature the blink tag via CSS animation, which would be "hilarious/awesome."
An anonymous reader writes "Google on Wednesday made a huge announcement to fork WebKit and build a new rendering engine called Blink. Opera, which only recently decided to replace its own Presto rendering engine for WebKit, has confirmed with TNW that it will be following suit. 'When we announced the move away from Presto, we announced that we are going with the Chromium package, and the forking and name change have little practical influence on the Opera browsers. So yes, your understanding is correct,' an Opera spokesperson told TNW. This will affect both desktop and mobile versions of Opera the spokesperson further confirmed."
New submitter jgb writes "WebKit is, now that Opera decided to join the project, in the core of three of the five major web browsers: Apple's Safari, Google's Chromium and Opera. Therefore, WebKit is also a melting pot for many corporate interests, since several competing companies (not only Google and Apple, but also Samsung, RIM, Nokia, Intel and many others) are finding ways of collaborating in the project. All of this makes fascinating the study of how they are contributing to the project. Some weeks ago, a study showed how they were submitting contributions to the code base. Now another one uncovers how they are reviewing those submitted contributions. As expected, most of the reviews during the whole life of the project were done by Apple, with Google as a close second. But things have changed dramatically during the last few years. In 2012, Google is a clear first, reviewing about twice as much (50%) as Apple (25%). RIM (7%) and Nokia (5%) are also relevant reviewers. Code review is very important in WebKit's development process, with reviewers acting as a sort of gatekeepers, deciding which changes make sense, and when they are conforming to the project practices and quality standards. In some sense, review activity reflects the responsibility each company is taking on how WebKit evolves. In some sense, the evolution over time for this activity by the different companies tells the history of how they have been shaping the project."
Dystopian Rebel writes "A Stanford comp-sci student has found a serious bug in Chromium, Safari, Opera, and MSIE. Feross Aboukhadijeh has demonstrated that these browsers allow unbounded local storage. 'The HTML5 Web Storage standard was developed to allow sites to store larger amounts of data (like 5-10 MB) than was previously allowed by cookies (like 4KB). ... The current limits are: 2.5 MB per origin in Google Chrome, 5 MB per origin in Mozilla Firefox and Opera, 10 MB per origin in Internet Explorer. However, what if we get clever and make lots of subdomains like 1.filldisk.com, 2.filldisk.com, 3.filldisk.com, and so on? Should each subdomain get 5MB of space? The standard says no. ... However, Chrome, Safari, and IE currently do not implement any such "affiliated site" storage limit.' Aboukhadijeh has logged the bug with Chromium and Apple, but couldn't do so for MSIE because 'the page is broken" (see http://connect.microsoft.com/IE). Oops. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit."
An anonymous reader writes "It's not everyday that we get to hear about the potential downsides of using WebKit, but that's just what has happened as Dave Methvin, president of the jQuery foundation and a member of the core programming team that builds the widely used Web programming tool, lamented in a blog post yesterday. While most are happy to cheer for IE's demise, perhaps having three main browser engines is still a good thing. For those that work in the space, does the story ring true? Are we perhaps swearing at the wrong browser when implementing 'workarounds' for Firefox or IE?"
An anonymous reader writes "The H.265 codec standard, the successor of H.264, has been approved, promising support for 8k UHD and lower bandwidth, but the patent issues plaguing H.264 remain." Here's the announcement from the ITU. From the article: "Patents remain an important issue as it was with H.264, Google proposing WebM, a new codec standard based on VP8, back in 2010, one that would be royalties free. They also included it in Chrome, with the intent to replace H.264, but this attempt never materialized. Mozilla and Opera also included WebM in their browsers with the same purpose, but they never discarded H.264 because most of the video out there is coded with it. MPEG LA, the owner of a patent pool covering H.264, promised that H.264 internet videos delivered for free will be forever royalty free, but who knows what will happen with H.265? Will they request royalties for free content or not? It remains to be seen. In the meantime, H.264 remains the only codec with wide adoption, and H.265 will probably follow on its steps."
An anonymous reader writes "Several groups are currently working on specifications for plugin-free, real-time audio and video communication. The World Wide Web Consortium has one called WebRTC, rudimentary support for which is found in Chrome, Firefox, and Opera. Back in August, Microsoft announced its own specification, CU-RTC-Web, because it thought WebRTC wasn't worthwhile. W3C carried out a vote to choose between the two specs, which came out strongly in favor of WebRTC. Microsoft went ahead anyway, and it has now published a prototype for the proposed specification. 'So what's Microsoft playing at, persevering with its own spec in spite of its rejection by the WebRTC group? The company's argument is twofold. First, WebRTC simply isn't complete yet, and Microsoft believes that working on its proposal can shed light on how to solve certain problems such as handling changes in network bandwidth or keeping cellular and Wi-Fi connections open in parallel to allow easy failover from one to the other. Even if Redmond's spec isn't adopted wholesale, portions of it may still be useful. Second, the company believes that WebRTC may not be as close to real standardization as its proponents might argue.'"
First time accepted submitter der_pinchy writes "For many years I have used a high-contrast desktop color scheme (with green text on black background) and notice more and more software uses a forced color scheme that can make it difficult to use. For web browsing I have always used Opera and its white-on-black user style sheet, but have to constantly tweak it so that certain elements and transparent images are visible. Is there anything to be done with some of the major offenders, like Office or recent versions of Visual Studio? Even recent browsers that support user style sheets still use a forced color scheme on a lot of there dialog controls."
An anonymous reader writes "On Wednesday, security professional Gaurang Pandya outlined how Nokia is hijacking Internet browsing traffic on some of its phones. As a result, the company technically has access to all your Internet content, including sensitive data that is sent over secure connections (HTTPS), such as banking credentials and pretty much any other usernames and passwords you use to login to services on the Internet. Last month, Pandya noted his Nokia phone (an Asha 302) was forcing traffic through a proxy, instead of directly hitting the requested server. The connections are either redirected to Nokia/Ovi proxy servers if the Nokia browser is used, and to Opera proxy servers if the Opera Mini browser is used (both apps use the same User-Agent)."
An anonymous reader writes with this quote from Tom's Hardware: "Due to Apple's anti-3rd-party browser stance, and Windows RT's IE-only advantage on the 'Desktop,' Android is the only mobile platform where browser competition is thriving. The results are pretty surprising, with the long-time mobile browsers like Dolphin, Maxthon, Sleipnir, and the stock Android browser coming out ahead of desktop favorites like Firefox, Opera, and even Chrome. Dolphin, thanks to its new Jetpack HTML5 engine, soars ahead of the competition."
Trailrunner7 writes "A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the February 2013 Critical Patch Update as Oracle earlier said it would. Adam Gowdiak of Polish security consultancy Security Explorations reported the vulnerability to Oracle on Sept. 25, as well as proof-of-concept exploit code his team produced. The vulnerability is present in Java versions 5, 6 and 7 and would allow an attacker to remotely control an infected machine once a user landed on a malicious website hosting the exploit. Gowdiak said his proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7."
Rexdude writes "Firefox continues to be criticized for their new versioning system and being a memory hog. People talk about Chrome, IE9, Opera as alternatives — but do Slashdotters ever use Seamonkey? I've never seen anyone mention it in any discussion on browsers. The successor to the original Mozilla Suite, it has a full-blown email/news/RSS client, Chatzilla, and an HTML editor. Also several other default features that would require separate extensions for Firefox. And they don't update their versions like crazy either; the current version is 2.13.1. I've been quite happy with it so far — it's snappier to use than Firefox. How many people on Slashdot use Seamonkey, and what has been your experience? (Note — I'm not affiliated with the project.)"
An anonymous reader writes "cHTeMeLe is a board game about writing HTML5 code. In cHTeMeLe, players endorse their favorite web browser (Firefox, Safari, Chrome, Opera, or IE) and then score points by correctly laying out HTML tags, while also trying to bug or crash their opponents' code. From the article: 'Despite cHTeMeLe's technical theme, its developers claim you don't need any web programming experience to play. The game takes web design standards and boils them down into game rules that even children can learn. To help less technical players keep everything straight, the tag cards use syntax highlighting that different parts of code have unique colors — just like an Integrated Developer Environment. No one is going to completely pick up HTML5 purely by playing cHTeMeLe, but it does have some educational value for understanding basic tags and how they fit together.'"
RocketAcademy writes "ABC News is reporting that Phantom of the Opera singer/actress Sarah Brightman outbid NASA for a seat on a Soyuz flight to the International Space Station. Brightman reportedly paid more than $51 million. If that story is true, there may be some interesting bidding wars in the future."
jcatcw writes "Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco, researchers from the Polish firm Security Explorations disclosed yet another critical Java vulnerability that might 'spoil the taste of Larry Ellison's morning ... Java.' According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects one billion users of Oracle Java SE software, Java 5, 6 and 7. It could be exploited by apps on Chrome, Firefox, Internet Explorer, Opera and Safari. Wow, thanks a lot Oracle."
hypnosec writes "A student at the University of Oslo, Norway has claimed that Phishing attacks can be carried out through the use of URI and users of Firefox and Opera are vulnerable to such attacks. Malicious web pages can be stored into data URIs (Uniform Resource Identifiers) whereby an entire webpage's code can be stuffed into a string, which if clicked on will instruct the browser to unpack the payload and present it to the user in form of a page. This is where the whole thing gets a bit dangerous. In his paper, Phishing by data URI [PDF], Henning Klevjer has claimed that through his method he was able to successfully load the pages on Firefox and Opera. The method however failed on Google Chrome and Internet Explorer."