An anonymous reader writes with this excerpt from VentureBeat: Google today announced it is beefing up its two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. The feature is available in Chrome: Instead of typing in a code, you can simply insert Security Key into your computer's USB port and tap it when prompted by Google's browser. "When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished," Google promises. While Security Key works with Google Accounts at no charge, you'll need to go out and buy a compatible USB device directly from a Universal 2nd Factor (U2F) participating vendor.
Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!
An anonymous reader writes Mozilla and Humble Bundle announced a new package that features award-winning indie best-sellers for which gamers can choose how much they want to pay. Naturally called the Humble Mozilla Bundle, the package consists of eight games that have been ported to the Web. The first five games (Super Hexagon, AaaaaAAaaaAAAaaAAAAaAAAAA!!! for the Awesome, Osmos, Zen Bound 2, and Dustforce DX) can cost you whatever you want. The next two (Voxatron and FTL: Faster Than Light) can be had if you beat the average price for the bundle. You can pay $8 or more to receive all of the above, plus the last game, Democracy 3. Previously, all of these indie games were available only on PC or mobile. Now they all work in browsers on Windows, Mac, and Linux without having to install any plugins.
An anonymous reader writes Chrome OS is based on the Linux kernel and designed by Google to work with web applications and installed applications. Chromebook is one of the best selling laptops on Amazon. However, devs decided to drop support for ext2/3/4 on external drivers and SD card. It seems that ChromiumOS developers can't implement a script or feature to relabel EXT volumes in the left nav that is insertable and has RW privileges using Files.app. Given that this is the main filesystem in Linux, and is thereby automatically well supported by anything that leverages Linux, this choice makes absolutely no sense. Google may want to drop support for external storage and push the cloud storage on everyone. Overall Linux users and community members are not happy at all.
An anonymous reader writes: In addition to updating Chrome for iOS, Google has released Chrome 38 for Windows, Mac, and Linux. While Chrome 38 beta brought a slew of new features, the stable release is pretty much just a massive security update. This means that, with Chrome 38, Google isn't adding any features to the stable channel (full changelog). That said, Chrome 38 does address 159 security issues (including 113 "relatively minor ones"). Google spent $75,633.70 in bug bounties for this release.
sfcrazy writes Adobe is bringing the king of all photo editing software, Photoshop, to Linux-based Chrome OS. Chrome OS-powered devices, such as Chromebooks and Chromeboxes, already have a decent line-up of 'applications' that can work offline and eliminate the need of a traditional desktop computer. So far it sounds like great news. The bad news is that the offering is in its beta stage and is available only to the customers of the Creative Cloud Education program residing in the U.S. I have a full subscription of Creative Cloud for Photographers, and LightRoom, but even I can't join the program at the moment.
An anonymous reader writes A developer who goes by the handle Vladikoff has tweaked Google's App Runtime for Chrome (ARC) to allow any Android app to run on any major desktop operating system, not just the handful announced last week which were also limited to Chrome OS. His tweaked version of ARC is re-packaged as ARChon. The install isn't very straightforward, and you have to be in developer mode on Chrome. But there's a support forum on reddit. The extension will work on any OS running the desktop version of Chrome 37 and up as long as the user also installs chromeos-apk, which converts raw Android app packages (APKs) to a Chrome extension. Ars Technica reports that apps run this way are buggy, fast, and crash often but expresses optimism for when Google officially "opens the floodgates on the Play Store, putting 1.3 million Android apps onto nearly every platform."
sfcrazy writes: Native support for Netflix is coming to Linux, thanks to their move from Silverlight to HTML5, Mozilla and Google Chrome. Paul Adolph from Netflix proposed a solution to Ubuntu developers: "Netflix will play with Chrome stable in 14.02 if NSS version 3.16.2 or greater is installed. If this version is generally installed across 14.02, Netflix would be able to make a change so users would no longer have to hack their User-Agent to play." The newer version of NSS is set to go out with the next security update.
jones_supa writes Google has revealed that it's launching the finished 64-bit version of Chrome 39 for OS X this November, which already brought benefits in speed, security and stability on Windows. However at this point the 32-bit build for Mac will cease to exist. Just to make it clear, this decision does not apply to Windows and Linux builds, at least for now. As a side effect, 32-bit NPAPI plugins will not work on Chrome on Mac version 39 onwards. The affected hardware are only the very first x86-based Macs with Intel Core Duo processors. An interesting question remains, whether the open source version of Chrome, which is of course Chromium, could still be compiled for x86-32 on OS X.
An anonymous reader writes On Thursday, Google launched "App Runtime for Chrome (Beta)" which allows Android apps to run on Chrome OS without the need for porting. At the moment, only Duolingo, Evernote, Sight Words, and Vine are available on the platform with the rest of the Play Store's offerings to come later. Google "built an entire Android stack into Chrome OS using Native Client" in order to achieve this.
An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."
nerdyalien writes: At some point, haven't all web developers spent an unjustifiable number of hours trying to optimize a desktop site for mobile devices? Responsive web design provides a solution: "develop once, works in every device." However, still it downloads multi-MB images and re-sizes them based on device screen resolution. Retrieving optimized images from the server, based on device (desktop, tablet, phone) and the device's internet connection (fiber, broadband, mobile), has always been an open problem. Recently, a number of freelance developers are tackling this with a new HTML element, <picture>, which informs the web browser to download optimized images from the server. The tag will be featured in Chrome and Firefox later this year. Will this finally deliver us faster web browsing on mobile devices and an easier web development experience?
An anonymous reader writes Back in August, groups of Russian hackers assembled the biggest list of compromised login credentials ever seen: 1.2 billion accounts. Now, domain registrar Namecheap reports the hackers have begun using the list to try and access accounts. "Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. ... The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts." They report that most login attempts are failing, but some are succeeding. Now is a good time to check that none of your important accounts share passwords.
darthcamaro (735685) writes "Forget about HTML5, that's already passe — Google is already moving on to HTML5.1 support for the upcoming Chrome 38 release. Currently only a beta, one of the biggest things that web developers will notice is the use of the new "picture" tag which is a container for multiple image sizes/formats. Bottom line is it's a new way to think about the "IMG" tag that has existed since the first HTML spec."
Trailrunner7 writes: Mozilla is planning to add support for public-key pinning in its Firefox browser in an upcoming version. In version 32, which would be the next stable version of the browser, Firefox will have key pins for a long list of sites, including many of Mozilla's own sites, all of the sites pinned in Google Chrome and several Twitter sites. Public-key pinning has emerged as an important defense against a variety of attacks, especially man-in-the-middle attacks and the issuance of fraudulent certificates. The function essentially ties a public key, or set of keys, issued by known-good certificate authorities to a given domain. So if a user's browser encounters a site that's presenting a certificate that isn't included in the set of pinned public keys for that domain, it will then reject the connection. The idea is to prevent attackers from using fake certificates in order to intercept secure traffic between a user and the target site.
An anonymous reader writes Google has released Chrome/Chromium version 37 for Windows, Mac, and Linux. Among the changes are better-looking fonts on Windows and a revamped password manager. There are 50 security fixes, including several to patch a sandbox escaping vulnerability. The release also brings stable 64-bit Windows support which ...offers many benefits for speed, stability and security. Our measurements have shown that the native 64-bit version of Chrome has improved speed on many of our graphics and media benchmarks. For example, the VP9 codec that’s used in High Definition YouTube videos shows a 15% improvement in decoding performance. Stability measurements from people opted into our Canary, Dev and Beta 64-bit channels confirm that 64-bit rendering engines are almost twice as stable as 32-bit engines when handling typical web content. Finally, on 64-bit, our defense in depth security mitigations such as Partition Alloc are able to far more effectively defend against vulnerabilities that rely on controlling the memory layout of objects. The full changelog.
Gamoid writes At VMworld today, VMware introduced the Workplace Suite, a platform for securely delivering applications and content across desktops and mobile devices from the cloud. The really cool part, though, is a partnership with Google and NVIDIA to deliver even graphics-intensive Windows applications on a Chromebook. From the article: "The new VMware Workplace Suite takes advantage of three existing VMware products: Tools for application, device, and content management as well as secure cloud file storage that comes from the January acquisition of enterprise mobile management company AirWatch; VMware Horizon for desktop-as-a-service; and brand-new acquisition CloudVolumes for app delivery. "
msm1267 writes: The keepers of Tor commissioned a study testing the defenses and viability of their Firefox-based browser as a privacy tool. The results (PDF) were a bit eye-opening since the report's recommendations don't favor Firefox as a baseline for Tor, rather Google Chrome. But Tor's handlers concede that budget constraints and Chrome's limitations on proxy support make a switch or a fork impossible.
New submitter nrjperera (2669521) submits news of a new laptop from HP that's in Chromebook (or, a few years ago, "netbook") territory, price-wise, but loaded with Windows 8.1 instead. Microsoft has teamed up with HP to make an affordable Windows laptop to beat Google Chromebooks at their own game. German website Mobile Geeks have found some leaked information about this upcoming HP laptop dubbed Stream 14, including its specifications. According to the leaked data sheet the HP Stream 14 laptop will share similar specs to HP's cheap Chromebook. It will be shipped with an AMD A4 Micro processor, 2GB of RAM, 32GB of flash storage and a display with 1,366 x 768 screen resolution. Microsoft will likely offer 100GB of OneDrive cloud storage with the device to balance the limited storage option.
An anonymous reader writes "Google is toying with a complete revamp of the user account system in its browser. Google is essentially pulling the user management system from Chrome OS back into Chrome. The company's thinking is likely two-layered. First, it wants users to stay in the browser for as long as possible, and thus it wants the switching process to be part of Chrome as opposed to Windows, Mac, or Linux. Second, if it can teach users to have accounts in Chrome (as well as use incognito and guest modes), the learning curve will have been flattened for when they encounter Chrome OS."