For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×
Safari

Is Safari the New Internet Explorer? 282 282

An anonymous reader writes: Software developer Nolan Lawson says Apple's Safari has taken the place of Microsoft's Internet Explorer as the major browser that lags behind all the others. This comes shortly after the Edge Conference, where major players in web technologies got together to discuss the state of the industry and what's ahead. Lawson says Mozilla, Google, Opera, and Microsoft were all in attendance and willing to talk — but not Apple.

"It's hard to get insight into why Apple is behaving this way. They never send anyone to web conferences, their Surfin' Safari blog is a shadow of its former self, and nobody knows what the next version of Safari will contain until that year's WWDC. In a sense, Apple is like Santa Claus, descending yearly to give us some much-anticipated presents, with no forewarning about which of our wishes he'll grant this year. And frankly, the presents have been getting smaller and smaller lately."

He argues, "At this point, we in the web community need to come to terms with the fact that Safari has become the new IE. Microsoft is repentant these days, Google is pushing the web as far as it can go, and Mozilla is still being Mozilla. Apple is really the one singer in that barbershop quartet hitting all the sour notes, and it's time we start talking about it openly instead of tiptoeing around it like we're going to hurt somebody's feelings."
Internet Explorer

HP Researchers Disclose Details of Internet Explorer Zero Day 49 49

Trailrunner7 writes: Researchers at HP's Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish complete details and exploit code for the bugs it reports to vendors until after the vulnerabilities are fixed. But in this case, Microsoft has told the researchers that the company doesn't plan to fix the vulnerabilities, even though the bugs were serous enough to win ZDI's team a $125,000 Blue Hat Bonus from Microsoft. The reason: Microsoft doesn't think the vulnerabilities affect enough users.

The vulnerabilities that the ZDI researchers submitted to Microsoft enable an attacker to fully bypass ASLR (address space layout randomization), one of the many mitigations in IE that help prevent successful exploitation of certain classes of bugs. ZDI reported the bugs to Microsoft last year and disclosed some limited details of them in February. The researchers waited to release the full details until Microsoft fixed all of the flaws, but Microsoft later informed them that they didn't plan to patch the remaining bugs because they didn't affect 64-bit systems.
Internet Explorer

Internet Explorer 11 Gains HTTP Strict Transport Security In Windows 7 and 8.1 56 56

Mark Wilson writes: Anyone using the Windows 10 preview has had a chance to use the HTTP Strict Transport Security (HSTS) in Microsoft Edge, and today the security feature comes to Internet Explorer 11 in Windows 7 and Windows 8.1. This security protocol protects against man-in-the-middle attacks and is being delivered to users of older version of Windows through an update in the form of KB 3058515.
Security

Microsoft Opens Vulnerability Bounty Program For Spartan Browser 53 53

jones_supa writes: As it did in the past when it tried to make Internet Explorer more secure, Microsoft has launched a new bug bounty program for Spartan browser, the default application of Windows 10 for surfing the information highway. A typical remote code execution flaw can bring between $1,500 and $15,000, and for the top payment you also need to provide a functioning exploit. The company says that it could pay even more than that, if you convince the jury on the entry quality and complexity. Sandbox escape vulnerabilities with Enhanced Protected Mode enabled, important or higher severity vulnerabilities in Spartan or its engine, and ASLR info disclosure vulnerabilities are also eligible. If you want to accept the challenge, Microsoft provides more information on how to participate.
Internet Explorer

Microsoft To Stop Enabling 'Do Not Track' By Default 64 64

An anonymous reader writes: The history of the do-not-track setting for web browsers has been rife with debate. It took a long time for web experts to come to anything resembling a consensus on how it should be implemented, and the process isn't over yet. Microsoft took criticism for enabling the do-not-track setting by default in Internet Explorer. While it sounds good in theory, many worried it would just spur websites to completely disregard the setting (and some, like Yahoo, did just that). Now, Microsoft has reversed their stance. The do-not-track setting will not be enabled by default in the company's future browsers. They say, "Put simply, we are updating our approach to DNT to eliminate any misunderstanding about whether our chosen implementation will comply with the W3C standard. ... As a result, DNT will not be the default state in Windows Express Settings moving forward, but we will provide customers with clear information on how to turn this feature on in the browser settings should they wish to do so."
Microsoft

Microsoft Rolls Out Project Spartan With New Windows 10 Build 122 122

An anonymous reader writes: Today Microsoft released a new Technical Preview build for Windows 10. Its most notable addition is Microsoft's new browser: Project Spartan. In a brief post explaining the basics of the browser, the company says it includes their personal assistant software, Cortana, as well as "inking" support, which lets you write or type on the webpage you're viewing. But the biggest change, of course is the new rendering engine. The "suggestion box" page for Project Spartan is already filling up with idea from users, including one for Trident/EdgeHTML to be released as open source.
United Kingdom

UK Licensing Site Requires MSIE Emulation, But Won't Work With MSIE 158 158

Anne Thwacks writes The British Government web site for applying for for a licence to be a security guard requires a plugin providing Internet Explorer emulation on Firefox to login and apply for a licence. It won't work with Firefox without the add-on, but it also wont work with Internet Explorer! (I tried Win XP and Win7 Professional). The error message says "You have more than one browser window open on the same internet connection," (I didn't) and "to avoid this problem, close your browser and reopen it." I did. No change.

I tried three different computers, with three different OSes. Still no change. I contacted their tech support and they said "Yes ... a lot of users complain about this. We have known about it since September, and are working on a fix! Meanwhile, we have instructions on how to use the "Fire IE" plugin to get round the problem." Eventually, I got this to work on Win7pro. (The plugin will not work on Linux). The instructions require a very old version of the plugin, and a bit of trial and error is needed to get it to work with the current one. How can a government department concerned with security not get this sort of thing right?"
Internet Explorer

New Screenshots Detail Spartan Web Browser For Windows 10 Smartphones 62 62

MojoKid writes One of the most anticipated new features in Windows 10 is the Spartan web browser, which will replace the long-serving Internet Explorer. We've seen Spartan in action on the desktop/notebook front, but we're now getting a closer look at Spartan in action on the mobile side thanks to some newly leaked screenshots. Perhaps the biggest change with Spartan is the repositioning of the address bar from the bottom of the screen to the top (which is also in line with other mobile browsers like Safari and Chrome). The refresh button has also been moved from its right-hand position within the address bar to a new location to the left of the address bar. Reading Lists also make an appearance in this latest build of Spartan along with Microsoft's implementation of "Hubs" on Windows 10 for mobile devices.
Chrome

Every Browser Hacked At Pwn2own 2015, HP Pays Out $557,500 In Awards 237 237

darthcamaro writes: Every year, browser vendors patch their browsers ahead of the annual HP Pwn2own browser hacking competition in a bid to prevent exploitation. The sad truth is that it's never enough. This year, security researchers were able to exploit fully patched versions of Mozilla Firefox, Google Chrome, Microsoft Internet Explorer 11 and Apple Safari in record time. For their efforts, HP awarded researchers $557,500. Is it reasonable to expect browser makers to hold their own in an arms race against exploits? "Every year, we run the competition, the browsers get stronger, but attackers react to changes in defenses by taking different, and sometimes unexpected, approaches," Brian Gorenc manager of vulnerability research for HP Security Research said.
Internet Explorer

Microsoft Is Killing Off the Internet Explorer Brand 317 317

An anonymous reader writes: The Verge reports that Internet Explorer as we know it will be taking a back seat to Microsoft's new browser, Project Spartan, in Windows 10 and future projects. IE will still exist, and stick around for compatibility issues, but Project Spartan will be the default way users interact with the internet. Microsoft wants to distance itself with the negative connotations Internet Explorer has acquired through the years. They still haven't decided on an official name for Project Spartan, but it will probably have the company name in it.
Firefox

Analysis: People Who Use Firefox Or Chrome Make Better Employees 127 127

HughPickens.com writes: In the world of Big Data, everything means something. Now Joe Pinsker reports that Cornerstone OnDemand, a company that sells software that helps employers recruit and retain workers, has found after analyzing data on about 50,000 people who took its 45-minute online job assessment, that people who took the test on a non-default browser, such as Firefox or Chrome, ended up staying at their jobs about 15 percent longer than those who stuck with Safari or Internet Explorer. They also tended to perform better on the job as well. Chief Analytics Officer Michael Housman offered an explanation for the results in an interview with Freakonomics Radio: "I think that the fact that you took the time to install Firefox on your computer shows us something about you. It shows that you're someone who is an informed consumer," says Housman. "You've made an active choice to do something that wasn't default." But why would a company care about something as seemingly trivial as the browser a candidate chooses to use? "Call centers are estimated to suffer from a turnover rate of about 45 percent annually (PDF), and it can cost thousands of dollars to hire new employees," says Pinsker. "Because of that, companies are eager to find any proxy for talent and dedication that they can."
Chrome

Ask Slashdot: Most Useful Browser Extensions? 353 353

An anonymous reader writes: One of the most powerful features of modern browsers is the ability to install third-party extensions. They allow third-party developers to work on really useful niche functionality, and let users customize their browser with the tools they need. Unfortunately, this environment has the same discover-ability and security problems as standalone software. Thus, my question: what are your most useful (and safe) browser extensions? I can't live without some privacy basics like NoScript, AdBlock, and Ghostery. I also find FoxyProxy helpful for getting around geolocation requirements for media streaming. OneTab works pretty well for saving groups of browser tabs, and Pushbullet keeps getting better at managing my phone while I'm at my PC.
Software

Windows 10 IE With Spartan Engine Performance Vs. Chrome and Firefox 181 181

MojoKid writes: In Microsoft's latest Windows 10 preview build released last week, Cortana made an entrance, but the much-anticipated Spartan browser did not. However, little did we realize that some of Spartan made the cut, in the form of an experimental rendering engine hidden under IE's hood. Microsoft has separated its Trident rendering engine into two separate versions: one is for Spartan, called EdgeHTML, while the other remains under its legacy naming with Internet Explorer. The reason Microsoft doesn't simply forego the older version is due to compatibility concerns. If you're running the Windows 10 9926 build, chances are good that you're automatically taking advantage of the new EdgeHTML engine in IE. To check, you can type 'about:flags' into the address bar. "Automatic" means that the non-Spartan Trident engine will be called-upon only if needed. In all other cases, you'll be taking advantage of the future Spartan web rendering engine. Performance-wise, the results with IE are like night and day in certain spots. Some of the improvements are significant. IE's Sunspider result already outperforms the competition, but it has been further improved. And with Kraken, the latency with the Spartan-powered Trident engine dropped 40%. Similar results are seen with a boost in the Octane web browser test as well.
Internet Explorer

In Addition To Project Spartan, Windows 10 Will Include Internet Explorer 99 99

An anonymous reader writes After unveiling its new Project Spartan browser for Windows 10, Microsoft is now offering more details. The company confirmed that Windows 10 will also include Internet Explorer for enterprise sites, though it didn't say how exactly this will work. Spartan comes with a new rendering engine, which doesn't rely on the versioned document modes the company has historically used. It also provides compatibility with the millions of existing enterprise websites specifically designed for Internet Explorer by loading the IE11 engine when needed. In this way, the browser uses the new rendering engine for modern websites and the old one for legacy purposes.
Internet Explorer

Time For Microsoft To Open Source Internet Explorer? 165 165

An anonymous reader writes: Ars Technica's Peter Bright argues that it's time for Microsoft to make Internet Explorer open source. He points out that IE's major competitors are all either fully open source (Firefox), or partially open source (Chrome, Safari, and Opera), and this puts Microsoft at a huge disadvantage. Bright says, "It's time for Microsoft to fit in with the rest of the browser industry and open up Trident. One might argue that this argument could be made of any software, and that Microsoft should by this logic open source everything. But I think that the browser is special. The community that exists around Web standards does not exist in the same way around, say, desktop software development, or file system drivers, or user interfaces. Development in the open is integral to the Web in an almost unique way. ... Although Microsoft has endeavored to be more open about how it's developing its browser, and which features it is prioritizing, that development nonetheless takes place in private. Developing in the open, with a public bug tracker, source code repositories, and public discussion of the browser's future direction is the next logical step."
Microsoft

Microsoft Patches OLE Zero-Day Vulnerability 37 37

msm1267 writes: Microsoft today released a patch for a zero-day vulnerability under active exploit in the wild. The vulnerability in OLE, or Microsoft Windows Object Linking and Embedding, enables a hacker to remotely execute code on an infected machine, and has been linked to attacks by the Sandworm APT group against government agencies and energy utilities. Microsoft also issued a massive Internet Explorer patch, but warned organizations that have deployed version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET) to upgrade to version 5.1 before applying the IE patches. Version 5.1 resolves some compatibility issues, in addition to several mitigation enhancements.
Microsoft

Microsoft Is Bringing WebRTC To Explorer, Eyes Plugin-Free Skype Calls 66 66

An anonymous reader writes Microsoft today announced it is backing the Web Real-Time Communication (WebRTC) technology and will be supporting the ORTC API in Internet Explorer. Put another way, the company is finally throwing its weight behind the broader industry trend of bringing voice and video calling to the browser without the need for plugins. Both Google and Mozilla are way ahead of Microsoft in this area, both in terms of adding WebRTC features to their respective browsers and in terms of building plugin-free calling services that rely on the technology. In short, Skype is under threat, and Microsoft has finally decided to opt for an "If you can't beat 'em, join 'em" strategy.
Internet Explorer

Microsoft's JavaScript Engine Gets Two-Tiered Compilation 46 46

jones_supa writes: The Internet Explorer team at Microsoft recently detailed changes to the JavaScript engine coming in Windows 10. A significant change is the addition of a new tier in the Just-in-Time (JIT) compiler. In Windows 10, the Chakra JS engine now includes a second JIT compiler that bridges the gap between slow, interpreted code and fast, optimized code. It uses this middle-tier compiler, called Simple JIT, as a "good enough" layer that can move execution away from the interpreter quicker than the Full JIT can. Microsoft claims that the changes will allow certain workloads to "run up to 30% faster". The move to a two-tiered JIT compiler structure mirrors what other browsers have done. SpiderMonkey, the JavaScript engine in Firefox, has an interpreter and two compilers: Baseline and IonMonkey. In Google Chrome, the V8 JavaScript engine is also a two-tiered system. It does not use an interpreter, but compiles on a discrete background thread.
The Internet

CSS Proposed 20 Years Ago Today 180 180

An anonymous reader writes: On 10 October 1994, Opera CTO Hakon Lie posted a proposal for Cascading HTML style sheets. Now, two decades on, CSS has become one of the modern web's most important building blocks. The Opera dev blog just posted an interview with Lie about how CSS came to be, and what he thinks of it now. He says that if these standards were not made, "the web would have become a giant fax machine where pictures of text would be passed along." He also talks about competing proposals around the same time period, and mentions his biggest mistake: not producing a test suite along with the CSS1 spec. He thinks this would have gotten the early browsers to support it more quickly and more accurately. Lie also thinks CSS has a strong future: "New ideas will come along, but they will extend CSS rather than replace it. I believe that the CSS code we write today will be readable by computers 500 years from now."
Internet Explorer

Internet Explorer Implements HTTP/2 Support 122 122

jones_supa writes: As part of the Windows 10 Technical Preview, Internet Explorer will introduce HTTP/2 support, along with performance improvements to the Chakra JavaScript engine, and a top-level domains parsing algorithm based on publicsuffix.org. HTTP/2 is a new standard by the Internet Engineering Task Force. Unlike HTTP/1.1, the new standard communicates metadata in binary format to significantly reduce parsing complexity. While binary is usually more efficient than text, the real performance gains are expected to come from multiplexing. This is where multiple requests can be share the same TCP connection. With this, one stalled request won't block other requests from being honored. Header compression is another important performance concern for HTTP.