YouTube is testing an official way to download videos on your desktop web browser. From a report: If you want to see if you're eligible for the test, which runs through October 19th, check out YouTube's experimental features page, which lists tests available for Premium subscribers. If you're opted-in and on a supported browser ("the latest versions of Chrome, Edge, or Opera," according to Google), when you're watching a video, you should see an option to download the video under the player. When you click it, YouTube will download the video, which you can then watch from the Downloads section that's accessible from the hamburger menu on the left side of the screen.

"2021 Is the Year of Linux on the Desktop," writes PC Magazine. "No, really..." Walk into any school now, and you'll see millions of Linux machines. They're called Chromebooks. For a free project launched 30 years ago today by one man in his spare time, it's an amazing feat.... Linux found its real niche — not as a political statement about "free software," but as a practical way to enable capable, low-cost machines for millions...

Chrome OS and Android are both based on the Linux kernel. They don't have the extra GNU software that distributions like Ubuntu have, but they're descended from Linus Torvalds' original work. Chromebooks are the fastest growing segment of the traditional PC market, according to Canalys. IDC points out that Canalys' estimates of 12 million Chromebooks shipped in Q1 2021 are only a fraction of the 63 million notebooks sold that quarter, but once again, they're where the growth is. Much of that is driven by schools, where Chromebooks dominate now. Schoolkids don't generally need a million apps' worth of generic computing power. They need inexpensive, rugged ways to log into Google Classroom. Linux came to the rescue, enabling cheap, light, easy-to-manage PCs that don't have the Swiss Army Knife cruft of Windows or the premium price of Macs...

One great thing about open-source hacker projects is that they can be taken in unexpected directions. Linux isn't controlled, so it can adapt, Darwinian-style. It was a little scurrying mammal in the time of the dinosaurs, and then the mobile-computing asteroid hit. Linux could evolve. Windows couldn't. When you're building something that fits in your hand and has to sip battery, you can't just keep throwing processors and storage at it. Microsoft had a tough time adapting its monstrous megakernel OS to the new, tiny world. But *nix platforms thrive there: Android (based on Linux) and iOS.
"Android and Chrome water down the Linux philosophy," the article argues, "but they are Linux..."

Does this make any long-time geeks feel vindicated? In the original submission wiredog (Slashdot reader #43,288) looks back to 1995, remembering that "my first Linux was RedHat 2.0 in the beige box, running the 0.95(?) kernel and the F Virtual Window Manager...

"It came with 2 books, a CD, and a boot floppy disk."

This weekend finds some long-time Slashdot readers debating why research shows Firefox losing market share. Long-time Slashdot reader chiguy shares one theory: "Firefox keeps losing users, according to this rant, because it arrogantly refuses to listen to its users."

Slashdot reader BAReFO0t countered that that can't be the reason, "because Google does that too." (They blame Chrome's "feature" addition treadmill, where "they keep adding stupid kitchen sinks for the sole and only purpose to make others unable to keep up.")

Long-time Slashdot reader Z00L00K thinks that "All those totally unnecessary UI changes are what REALLY annoys users. Not only the immediately visible things in the header but also the renaming of items in the menus just bugs people." But long-time Slashdot reader AmiMoJo argues that "the most popular browser, Chrome, has all those things. In fact all the browsers that are more popular than Firefox do, so the idea that those are unpopular and driving people away doesn't really hold up... Firefox's decline is mostly due to Chrome just being really good, and [Firefox] not having a decent mobile version."

I'm still a loyal Firefox user. (Although the thing that annoyed me was when Firefox suddenly changed the keyboard shortcut for copying a link from CNTRL-A to CNTRL-L.) The "rant" at ItsFoss argues that Firefox's original sin was in 2009 when it decided to move tabs to the top of the browser, and when favorite features could no longer be re-enabled in Firefox's about:config file. But that's what I like about Firefox -- at it's best, it's ultimately customizable, with any feature you want easily enabled in what's essentially an incredibly detailed "preferences" menu. Maybe other browsers are just better at attracting new users through purely mechanical advantages like default placement on popular systems?

Long-time Slashdot reader zenlessyank is also a long-time Firefox user -- "Been using it since Netscape" -- and countered all the doubters with a comment headlined "Firefox rocks!"

"Doesn't matter to me how many other users there are or aren't I will still use it as long as it stays updated."

But what are your thoughts? Feel free to share your own opinions and experiences with Firefox in the comments.

An anonymous reader quotes a report from 9to5Mac, written by Filipe Esposito: Google this week announced the beta release of Chrome 94, the next update to Google's desktop web browser. In addition to general improvements, the update also adds support for the new WebGPU API, which comes to replace WebGL and can even access Apple's Metal API. As described by Google in a blog post, WebGPU is a new, more advanced graphics API for the web that is able to access GPU hardware, resulting in better performance for rendering interfaces in websites and web apps.

For those unfamiliar, Metal is an API introduced by Apple in 2014 that provides low-level access to GPU hardware for iOS, macOS, and tvOS apps. In other words, apps can access the GPU without overloading the CPU, which is one of the limitations of old APIs like OpenGL. Google says WebGPU is not expected to come enabled by default for all Chrome users until early 2022. The final release of Chrome 94 should enable WebCodecs for everyone, which is another API designed to improve the encoding and decoding of streaming videos.

Mozilla developers are putting the finishing touches on a new feature that will block insecure file downloads in Firefox. From a report: Called mixed content downloaded blocking, the feature works by blocking files downloads initiated from an encrypted HTTPS page but which actually take place via an unencrypted HTTP channel. The idea behind this feature is to prevent Firefox users from getting misled by the URL bar and think they're downloading a file securely via HTTPS when, in reality, the file could be tampered with by third parties while in transit.

Apple has released a new version of iCloud for Windows, numbered 12.5. The update adds the ability to access and manage passwords saved in iCloud from a Windows machine, a feature that users have long requested. From a report: Apple has been gradually adding more support for iCloud passwords on non-Apple platforms with mixed results. The company released a Chrome extension that synced iCloud passwords with Chrome. But like this new iCloud Passwords app, it did the bare minimum and not much else. Still, this addition is welcome for users who primarily live in the Apple ecosystem (and thus use Apple's iCloud password locker) but who sometimes have to use Windows. For example, some folks use an iPhone or a Mac most of the time but have a Windows PC that is only used to play games that can't be played on the Mac.

Microsoft's upcoming release of Windows 11 will make it even harder to switch default browsers and ignores browser defaults in new areas of the operating system. While Microsoft is making many positive changes to the Windows 11 UI, the default apps experience is a step back and browser competitors like Mozilla, Opera, and Vivaldi are concerned. From a report: In Windows 11, Microsoft has changed the way you set default apps. Like Windows 10, there's a prompt that appears when you install a new browser and open a web link for the first time. It's the only opportunity to easily switch browsers, though. Unless you tick "always use this app," the default will never be changed. It's incredibly easy to forget to toggle the "always use this app" option, and simply launch the browser you want from this prompt and never see this default choice again when you click web links.

If you do forget to set your default browser at first launch, the experience for switching defaults is now very confusing compared to Windows 10. Chrome and many other rival browsers will often prompt users to set them as default and will throw Windows users into the default apps part of settings to enable this. Microsoft has changed the way default apps are assigned in Windows 11, which means you now have to set defaults by file or link type instead of a single switch. In the case of Chrome, that means changing the default file type for HTM, HTML, PDF, SHTML, SVG, WEBP, XHT, XHTML, FTP, HTTP, and HTTPS. Firefox's statement: We have been increasingly worried about the trend on Windows. Since Windows 10, users have had to take additional and unnecessary steps to set and retain their default browser settings. These barriers are confusing at best and seem designed to undermine a user's choice for a non-Microsoft browser.

HP is announcing two new Chrome OS computers for its consumer-focused lineup. From a report: The first is the Chromebase AiO, an all-in-one desktop computer with a screen that can rotate from landscape to portrait. The second is the Chromebook x2 11, a lightweight detachable that can easily shift from laptop to tablet modes. The company is also announcing a new Works With Chromebook-certified 24-inch USB-C monitor. All three new products are designed for students, families, and general consumers. The Chromebase AiO will be available at HP, Amazon, and Best Buy this month, while the Chromebook x2 11 will be available from Best Buy this month and from HP's website in October. Both computers start at $599.99 for base configurations. The M24fd USB-C monitor will be available in October from HP directly for $249.99.

Google Chrome will disable JavaScript functions like alert() and confirm() inside cross origin-frames," reports Inside.com's developer newsletter.

"As this is a breaking change, developers are encouraged to update their apps and debugging tools before the update." A Chrome engineering team member said the team is disabling alert() to protect users from being tricked by scammers. Some are complaining this has already affected programming tutorials and Javascript learning sites that sandbox user-provided code in cross-origin frames. For those affected by the changes, Chrome advises the following:

- Get a few months' extension by signing up for the "reverse origin trial" so you can temporarily opt out of the change.

- Check out the enterprise policy.


The move has sparked controversy:

- One Discord engineer criticized the fact such a major breaking change is happening without extensive discussion on the matter.

- Another Twitter user echoed the sentiment of many when he argued the move will just hurt those who can't easily update sites while encouraging attackers to use pseudo alert functionality.
One of Google's Chrome engineers explained on Twitter that "Major browser vendors are generally aligned about wanting to move the platform away from alert() and friends, even though it will unfortunately involve some breakage...

"On breakage in general — breaking changes happen often on the web, and as a developer it's good practice to test against early release channels of major browsers to learn about any compatibility issues upfront."

Microsoft said this week it plans to run an experiment in its Edge web browser where it will intentionally disable an important performance and optimization feature in order to enable more advanced security upgrades in what the company is calling Edge Super Duper Secure Mode. From a report: Announced today by Johnathan Norman, Microsoft Edge Vulnerability Research Lead, the idea behind the new Super Duper Secure Mode is to disable support for JIT (Just-In-Time) inside V8, the Edge browser's JavaScript engine. JIT, while unknown to most end-users, plays a crucial role in all of today's web browsers. JIT works by taking JavaScript and compiling it to machine code ahead of time. If the browser needs the code, it gains a significant speed boost. If it doesn't, the code is discarded.

However, JIT support in V8 is complex. Norman said JIT-related security issues amounted to 45% of all V8 vulnerabilities in 2019. Furthermore, more than half of the "in the wild" Chrome exploits rely on JIT-related bugs. Norman said that recent tests carried out by the Edge team have shown that despite its pivotal role in speeding up browsers in the early and mid-2010s, JIT is not a crucial feature anymore to Edge's performance.

Google Chrome will no longer show whether a site you are visiting is secure and only show when you visit an insecure website. Bleeping Computer reports: To further push web developers into only using HTTPS on their sites, Google introduced the protocol as a ranking factor. Those not hosting a secure site got a potentially minor hit in their Google search results rankings. It has appeared to have worked as according to the 'HTTPS encryption on the web' of Google's Transparency Report, over 90% of all browser connections in Google Chrome currently use an HTTPS connection.

Currently, when you visit a secure site, Google Chrome will display a little locked icon indicating that your communication with the site is encrypted, as shown below. As most website communication is now secure, Google is testing a new feature that removes the lock icon for secure sites. This feature is available to test in Chrome 93 Beta, and Chrome 94 Canary builds by enabling the 'Omnibox Updated connection security indicators' flag. With this feature enabled, Google Chrome will only display security indicators when the site is not secure. For businesses who wish to have continued HTTPS security indicators, Google has added an enterprise policy for Chrome 93 named 'LockIconInAddressBarEnabled' that can be used to enable the lock icon again on the address bar.

Google has announced a new platform and community designed to host all its Vulnerability Rewards Programs (VRP) under the same roof. From a report: Since launching its first VRP more than ten years ago, the company has rewarded 2,022 security researchers from 84 different countries worldwide for reporting over 11,000 bugs. [...] "To celebrate our anniversary and ensure the next 10 years are just as (or even more) successful and collaborative, we are excited to announce the launch of our new platform, bughunters.google.com," Google said.

"This new site brings all of our VRPs (Google, Android, Abuse, Chrome and Play) closer together and provides a single intake form that makes it easier for bug hunters to submit issues." The new VRP platform should provide researchers with per-country leaderboards, healthier competition via gamification, awards/badges for specific bugs, and more opportunities for interaction. Google also launched a new Bug Hunter University, which would allow bug hunters to brush up on their skills or start a hunting learning streak.

Google has updated the schedule for its introduction of "Privacy Sandbox" browser technology and the phasing out of third-party cookies. The Register reports: The new timeline has split the bundle of technologies in the Privacy Sandbox into five phases: discussion, testing, implementation in Chrome (called "Ready for adoption"), Transition State 1 during which Chrome will "monitor adoption and feedback" and then the next stage that involves winding down support for third-party cookies over a three-month period finishing "late 2023." Although "late 2023" might sound a long way off, the timeline has revealed that "discussion" of the contentious FLoC (Federated Learning of Cohorts) is planned to end in Q3 2021 -- just a couple of months away -- and that discussion for First Party Sets, rejected by the W3C Technical Architecture Group as "harmful to the web in its current form," is scheduled to end around mid-November.

Google said that "extended discussions and testing stages often produce better, more complete solutions, and the timeline for testing and ready for adoption of use cases might change accordingly," so the dates are not set in stone. There is no suggestion that any of the proposals will be withdrawn; the company appears to believe it can alleviate concerns by tweaking rather than abandoning its proposals. Discussion of the various pieces is set to take place in the W3C Web Incubator Community Group (WICG), though at a FLEDGE WICG Call last week, Google's Michael Kleber, tech lead for Privacy Sandbox, suggested that the W3C would not be deciding which technologies are implemented, at least in the context of FLEDGE (formerly TURTLEDOVE), which enables auctions for personalized ads in a more private manner than today.

FLEDGE is competing for attention with the Microsoft-devised PARAKEET and MaCAW. Asked by Julien Delhommeau, staff system architect at adtech company Xandr, if the WICG would get a say in whether FLEDGE or PARAKEET/MaCAW would be adopted, Kleber said: "The W3C doesn't get to be the boss of anyone, the decisions are going to be made at each of the browsers. The goal isn't to have one winner and everyone else losing -- the goal of W3C is to put out a bunch of ideas, understand the positives of each, and come to a chimera that has the most necessary features. Every browser seems to want convergence, long term, so figuring out how to make convergence happen is important." [...] According to Kleber, when asked if personalized advertising could be removed from the web, he said "while most of the sites in the world would lose 50-70 per cent of their revenue in the alternative you're advocating for, Google is not one of them." He made this claim on the basis that "Google makes most of its money from the ads that appear on Google Search," which do not require tracking technology.

Chris Lee, a former staff interaction designer at Google, writes in a blog post: Chrome Home was an ambitious redesign of mobile Chrome's main UI. It brought Chrome's toolbar to the bottom of the screen and turned in into a peeking panel that could be swiped to expose additional controls. I created the original concept and pitch for Chrome Home in 2016. It was based off two insights:

1. Phones were growing in size, and we had opportunity to innovate in creating a gestural, spatial interface that would still be usable with one hand.
2. Mobile Chrome was also growing in features - but because its minimalist interface kept everything behind a "three dot" menu, these features were underutilized and hard to access.

The idea caught traction internally, eventually becoming a Chrome org priority. I then led a team to execute and iterate on the concept. Executing on Chrome Home required rethinking not just the toolbar, but almost all of Chrome's UI: search, bookmarks, tabs, prompts, etc. To inform our decisions, we used a variety of prototyping and testing approaches of increasing fidelity. Ultimately, such a fundamental change to a web browser required nothing short of building it into the product and testing it in longitudinal studies and live beta experiments. We heard a mixture of reactions. The feature gained a cult following among the tech community. But for some mainstream users, the change felt disorienting. Chrome serves billions of users around the globe with varying tech literacy. I became increasingly convinced that launching Chrome Home would not serve all our users well. So just as I strongly as I had pitched the original concept, I advocated for us to stop the launch -- which took not a small amount of debate. Lee adds, "oh, and Safari in iOS 15 picked up some similar ideas and criticisms."

Threatpost reports on "another vast software supply-chain attack" that was "found lurking in the npm open-source code repository...a credentials-stealing code bomb" that used the password-recovery tools in Google's Chrome web browser. Researchers caught the malware filching credentials from Chrome on Windows systems. The password-stealer is multifunctional: It also listens for incoming commands from the attacker's command-and-control (C2) server and can upload files, record from a victim's screen and camera, and execute shell commands...

ReversingLabs researchers, who published their findings in a Wednesday post, said that during an analysis of the code repository, they found an interesting embedded Windows executable file: a credential-stealing threat. Labeled "Win32.Infostealer.Heuristics", it showed up in two packages: nodejs_net_server and temptesttempfile. At least for now, the first, main threat is nodejs_net_server. Some details:

nodejs_net_server: A package with 12 published versions and a total of more than 1,300 downloads since it was first published in February 2019...finally upgrading it last December with a script to download the password-stealer, which the developer hosts on a personal website. It was subsequently tweaked to run TeamViewer.exe instead, "probably because the author didn't want to have such an obvious connection between the malware and their website," researchers theorized...

ReversingLabs contacted the npm security team on July 2 to give them a heads-up about the nodejs_net_server and tempdownloadtempfile packages and circled back once again last week, on Thursday, since the team still hadn't removed the packages from the repository. When Threatpost reached out to npm Inc., which maintains the repository, a GitHub spokesperson sent this statement: "Both packages were removed following our investigation...."

Google says it has fixed a major Chrome OS bug that locked users out of their devices. Google's bulletin says that Chrome OS version 91.0.4472.165, which was briefly available this week, renders users unable to log in to their devices, essentially bricking them. From a report: Chrome OS automatically downloads updates and switches to the new version after a reboot, so users who reboot their devices are suddenly locked out them. The go-to advice while this broken update is out there is to not reboot. The bulletin says that a new build, version 91.0.4472.167, is rolling out now to fix the issue, but it could take a "few days" to hit everyone. Users affected by the bad update can either wait for the device to update again or "powerwash" their device -- meaning wipe all the local data -- to get logged in. Chrome OS is primarily cloud-based, so if you're not doing something advanced like running Linux apps, this solution presents less of an inconvenience than it would on other operating systems. Still, some users are complaining about lost data.

On Wednesday, Google announced it will soon offer an HTTPS-first option in Chrome, which will try to upgrade page loads to HTTPS. "If you flip this option on, the browser will also show a full-page warning when you try to load up a site that doesn't support HTTPS," adds The Verge. From the report: HTTPS is a more secure version of HTTP (yes, the "S" stands for "secure"), and many of the websites you visit every day likely already support it. Since HTTPS encrypts your traffic, it's a helpful privacy tool for when you're using public Wi-Fi or to keep your ISP from snooping on the contents of your browsing. Google has been encouraging HTTPS adoption with moves like marking insecure sites with a "Not secure" label in the URL bar and using https:// in the address bar by default when you're typing in a URL. For now, this HTTPS-First Mode will be just an option, but the company says it will "explore" making the mode the default in the future. The HTTPS-First Mode will be available starting with Chrome 94, according to Google. Currently, that release is set for September 21st. And HTTP connections will still be supported, the company says. Google is also "re-examining" the lock icon in the URL bar. Google explains in a blog post: "As we approach an HTTPS-first future, we're also re-examining the lock icon that browsers typically show when a site loads over HTTPS. In particular, our research indicates that users often associate this icon with a site being trustworthy, when in fact it's only the connection that's secure. In a recent study, we found that only 11% of participants could correctly identify the meaning of the lock icon."

The company plans to swap the lock icon with a downward-facing arrow starting with Chrome 93. Though, the "Not Secure" label will still be shown for sites that aren't secure.

"New data from Statcounter shows that Edge has now overtaken established rival Firefox in the rankings," reports TechRadar: In recent months, the pair have been neck-and-neck, but Microsoft's browser has now put daylight between itself and Firefox. Figures for June suggest Microsoft Edge now holds 3.4% of the browser market, while Firefox has slipped to 3.29%, continuing a downward trajectory that has seen the browser either lose or maintain market share in ten of the last twelve months.

The change pushes Edge into third position in the browser rankings, behind only Chrome (65.27%) and Safari (18.34%). Launched in January 2020, the new Chromium-based Edge got off to a slow start, but began to gather momentum as the year progressed. Since last summer, the browser's market share has more than tripled.

The increase in adoption can be attributed in part to renewed marketing efforts, but also to improvements that brought the experience in line with other modern web browsers.
That may be true, but the article also acknowledges that it was just last month that Microsoft began rolling out Edge to all Windows PCs (via Windows 10 updates), "expanding the install base by millions almost overnight.

"Now, Microsoft is doing everything in its power to encourage users to abandon Internet Explorer in favor of Edge, such as removing support for Microsoft 365 web apps and automatically launching certain web pages in the new browser."

An anonymous reader shares a post: Google Chrome for Android has a feature that gives Google Search an unfair advantage over its competition. Sure, it's the default search engine and that's a huge hurdle to overcome for any competitor. However, Chrome also reserves a performance-boosting feature for Google Search exclusively. I recently poked around in the Chromium project source code; the open-source foundation for Google's Chrome web browser. The Chromium project is co-developed by Google, and other corporate and individual contributors. The project is managed and controlled by Google, however. I was looking for something else when I stumbled upon a feature called PreconnectToSearch. When enabled, the feature preemptively opens and maintains a connection to the default search engine.

The preconnection feature resolves the domain name, and negotiates and sets up a secure connection to the server. All these things take time and they must happen before the search engine can receive the users' search queries. Preempting these steps can save a dozen seconds on a slow network connection or half a second on a fast connection. This optimization can yield a nice performance boost for Google's customers. Assuming the connection only requires a trivial amount of processing power and network bandwidth, of course. Setting up the connection early can be wasteful or slow down the loading of other pages if the user isn't going to search the web. There's just one small catch: Chromium checks the default search engine setting, and only enables the feature when it's set to Google Search. This preferential treatment means no other search engine can compete with Google Search on the time it takes to load search results. Every competitor must wait until the user has started to type a search query before Chrome will establish a connection.

Popular benchmark site Geekbench has removed OnePlus 9 benchmarks from its charts due to allegations that the company designed Oxygen OS optimization tools in such a way that they could be viewed as cheating. Android Authority reports: Yesterday, AnandTech posted some information about "weird behavior" it spotted with the OnePlus 9 Pro. According to the team's research, Oxygen OS apparently limits the performance of some popular Android apps -- but none of those apps are benchmark suites. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench, one of the more popular benchmarking sites, took these allegations seriously. After conducting its own investigation, Geekbench recently announced that it has removed all OnePlus 9 benchmarks from its charts. Geekbench called Oxygen OS's behavior a form of "benchmark manipulation." OnePlus has yet to issue a statement on the matter. In some of our own testing, we found that AnandTech's data is on the mark. We found that the OnePlus 9 series limits the performance of Google Chrome while older OnePlus phones do not. OnePlus issued a statement to Android Authority addressing the matter: "Our top priority is always delivering a great user experience with our products, based in part on acting quickly on important user feedback. Following the launch of the OnePlus 9 and 9 Pro in March, some users told us about some areas where we could improve the devices' battery life and heat management. As a result of this feedback, our R&D team has been working over the past few months to optimize the devices' performance when using many of the most popular apps, including Chrome, by matching the app's processor requirements with the most appropriate power. This has helped to provide a smooth experience while reducing power consumption. While this may impact the devices' performance in some benchmarking apps, our focus as always is to do what we can to improve the performance of the device for our users."

This is reminiscent of when the company was caught pushing the OnePlus 5's performance capabilities when the OS detected a benchmark app. This resulted in artificially inflated scores that users would not see during real-world usage.