Sean Hollister, writing for The Verge: If I told you that my entire computer screen just got taken over by a new app that I'd never installed or asked for -- it just magically appeared on my desktop, my taskbar, and preempted my next website launch -- you'd probably tell me to run a virus scanner and stay away from shady websites, no? But the insanely intrusive app I'm talking about isn't a piece of ransomware. It's Microsoft's new Chromium Edge browser, which the company is now force-feeding users via an automatic update to Windows. Seriously, when I restarted my Windows 10 desktop this week, an app I'd never asked for:

1. Immediately launched itself
2. Tried to convince me to migrate away from Chrome, giving me no discernible way to click away or say no
3. Pinned itself to my desktop and taskbar
4. Ignored my previous browser preference by asking me -- the next time I launched a website -- whether I was sure I wanted to use Chrome instead of Microsoft's oh-so-humble recommendation.
5. Did I mention that, as of this update, you can't uninstall Edge anymore?

Apple said last week that it declined to implement 16 new web technologies (Web APIs) in Safari because they posed a threat to user privacy by opening new avenues for user fingerprinting. Technologies that Apple declined to include in Safari because of user fingerprinting concerns include: Web Bluetooth - Allows websites to connect to nearby Bluetooth LE devices.
Web MIDI API - Allows websites to enumerate, manipulate and access MIDI devices.
Magnetometer API - Allows websites to access data about the local magnetic field around a user, as detected by the device's primary magnetometer sensor.
Web NFC API - Allows websites to communicate with NFC tags through a device's NFC reader.
Device Memory API - Allows websites to receive the approximate amount of device memory in gigabytes.
Network Information API - Provides information about the connection a device is using to communicate with the network and provides a means for scripts to be notified if the connection type changes.

Battery Status API - Allows websites to receive information about the battery status of the hosting device. Web Bluetooth Scanning - Allows websites to scan for nearby Bluetooth LE devices.
Ambient Light Sensor - Lets websites get the current light level or illuminance of the ambient light around the hosting device via the device's native sensors.
[...]
The vast majority of these APIs are only implemented in Chromium-based browsers, and very few on Mozilla's platform. Apple claims that the 16 Web APIs above would allow online advertisers and data analytics firms to create scripts that fingerprint users and their devices.

"All the pieces are coming together for Microsoft to launch a direct competitor to Chromebooks..." argues an industry analyst writing for ZDNet: Since adopting the Chromium rendering engine, Microsoft Edge has featured virtually perfect compatibility with Chrome, right down to being able to install extensions from the Chrome app store. It's also enabled Microsoft to more easily support operating systems that Edge didn't previously support such as macOS and Linux. But now that Edge is working well, might Microsoft try to go after Chrome OS? While a "lite" version of Windows has been rumored for years, many of the other pieces are already in place or announced.

First, Microsoft has made no secret of how it covets the education market that has embraced Chromebooks. It has fought back with low-cost Windows notebooks from partners that are competitively priced with such devices but may lack Chrome OS' perception of simplicity and security.

Second, after years of having the web apps of office.com languish as Microsoft emphasized the PC versions, the online suite will be the first to take advantage of Fluid Framework, the company's open-source component framework that allows the embedding of applet functionality and collaboration into a range of container documents such as Edge pages. Third, while the idea of Microsoft limiting the opportunity for Windows developers on a platform might have been unthinkable years ago, times have changed. Many developers, Microsoft included, have made web apps mainstream. Outside of the Windows-boosting Surface team, Microsoft seems indifferent as to where you access its subscription-based client and cloud offerings.

Finally, Microsoft now has the cross-processor architecture support to take the battle to Google -- although, at least for now, it has exclusively focused on high-performance Qualcomm Snapdragon designs as opposed to Mediatek or Allwinner ARM-based chips in budget Chromebooks...

Microsoft's strongest competitive point would be the greater focus on privacy, one of the best reasons to use Edge versus Chrome today.

Google is pressing on with new plans to hide all parts of web addresses except the domain name. Android Police reports: A few new feature flags have appeared in Chrome's Dev and Canary channels (V85), which modify the appearance and behavior of web addresses in the address bar. The main flag is called "Omnibox UI Hide Steady-State URL Path, Query, and Ref" which hides everything in the current web address except the domain name. For example, "https://www.androidpolice.com/2020/06/07/lenovo-ideapad-flex-5-chromebook-review/" is simply displayed as "androidpolice.com." There are two additional flags that modify this behavior. One reveals the full address once you hover over the address bar (instead of having to click it), while the other only hides the address bar once you interact with the page. An issue page on the Chromium Bug tracker has also been created for keeping track of the changes, though there aren't any additional details there.

There's no public explanation yet for why Google is pressing ahead with these changes, but the company has said in the past that it believes showing the full address can make it harder to tell if the current site is legitimate. "Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage," Chromium software engineer Livvie Lin said in a design document earlier this year. Google has since clarified how the experiment will work and what opt-out options will be available.

"We think this is an important problem area to explore because phishing and other forms of social engineering are still rampant on the web," a Chromium developer on the bug tracker for the change said, "and much research shows that browsers' current URL display patterns aren't effective defenses. We're implementing this simplified domain display experiment so that we can conduct qualitative and quantitative research to understand if it helps users identify malicious websites more accurately."

It was also confirmed that Google will keep the opt-out mechanism that is already present -- an 'Always show full URLs' setting that appears when you right-click the address bar. "We plan to support this opt-out option indefinitely," the same developer said.

The site Android Police is calling out new feature flags in Chrome's early-release Dev and Canary channels (V85) "which modify the appearance and behavior of web addresses in the address bar." The main flag is called "Omnibox UI Hide Steady-State URL Path, Query, and Ref" which hides everything in the current web address except the domain name... There are two additional flags that modify this behavior. One reveals the full address once you hover over the address bar (instead of having to click it), while the other only hides the address bar once you interact with the page...

There's no public explanation yet for why Google is pressing ahead with these changes, but the company has said in the past that it believes showing the full address can make it harder to tell if the current site is legitimate. "Showing the full URL may detract from the parts of the URL that are more important to making a security decision on a webpage," Chromium software engineer Livvie Lin said in a design document earlier this year.

However, it's also worth considering that making the web address less important, as this feature does, benefits Google as a company. Google's goal with Accelerated Mobile Pages (AMP) and similar technologies is to keep users on Google-hosted content as much as possible, and Chrome for Android already modifies the address bar on AMP pages to hide that the pages are hosted by Google. Modifying addresses on the desktop is another step towards making them irrelevant, which hurts the decentralized nature of the internet as a whole.

In the "quick launch bar" of Windows 10, native app icons "support a shortcut menu for commonly or frequently performed tasks in the app. This menu can be invoked by right-clicking the app's quick launch bar icon," writes the Windows Club site -- adding that Mac users can use similar functionality when opening a web browser from the MacOS dock.

But now Google Chrome and Microsoft Edge are working on similar "App Shortcuts" that allow users to do things like send email or composing tweets directly from the Windows 10 taskbar or macOS dock. Slashdot reader techtsp shares their report: Right now, Chromium does not allow users to start a key task within a progressive web app through the Windows 10 taskbar. This is exactly what Chromium-based web browsers are now trying to change.

This feature will enable web developers to add support in Chromium for shortcuts defined in a Web App Manifest. As a result, Chromium progressive web apps can offer App shortcuts for their quick launch bar icon much like native apps.

The App shortcuts feature is currently in development on Microsoft Edge. Meanwhile, Google Chrome 85 is in the Dev channel.

"The terms 'allowlist' and 'blocklist' describe their purpose, while the other words use metaphors to describe their purpose," reads a change description on the source code for Android -- from over a year ago. 9to5Mac calls it "a shortened version of Google's (internal-only) explanation" for terminology changes which are now becoming more widespread.

And Thursday GitHub's CEO said they were also "already working on" renaming the default branches of code from "master" to a more neutral term like "main," reports ZDNet: GitHub lending its backing to this movement effectively ensures the term will be removed across millions of projects, and effectively legitimizes the effort to clean up software terminology that started this month.

But, in reality, these efforts started years ago, in 2014, when the Drupal project first moved in to replace "master/slave" terminology with "primary/replica." Drupal's move was followed by the Python programming language, Chromium (the open source browser project at the base of Chrome), Microsoft's Roslyn .NET compiler, and the PostgreSQL and Redis database systems... The PHPUnit library and the Curl file download utility have stated their intention to replace blacklist/whitelist with neutral alternatives. Similarly, the OpenZFS file storage manager has also replaced its master/slave terms used for describing relations between storage environments with suitable replacements. Gabriel Csapo, a software engineer at LinkedIn, said on Twitter this week that he's also in the process of filing requests to update many of Microsoft's internal libraries.
A recent change description for the Go programming language says "There's been plenty of discussion on the usage of these terms in tech. I'm not trying to have yet another debate." It's clear that there are people who are hurt by them and who are made to feel unwelcome by their use due not to technical reasons but to their historical and social context. That's simply enough reason to replace them.

Anyway, allowlist and blocklist are more self-explanatory than whitelist and blacklist, so this change has negative cost.
That change was merged on June 9th -- but 9to5Mac reports it's just one of many places these changes are happening. "The Chrome team is beginning to eliminate even subtle forms of racism by moving away from terms like 'blacklist' and 'whitelist.' Google's Android team is now implementing a similar effort to replace the words 'blacklist' and 'whitelist.'" And ZDNet reports more open source projects are working on changing the name of their default Git repo from "master" to alternatives like main, default, primary, root, or another, including the OpenSSL encryption software library, automation software Ansible, Microsoft's PowerShell scripting language, the P5.js JavaScript library, and many others.

Long-time Slashdot reader mrflash818 ("Linux geek since 1999") shared a ZDNet article pointing out that SpaceX's Falcon 9 rocket has an onboard operating system that's "a stripped-down Linux running on three ordinary dual-core x86 processors. The flight software itself runs separately on each processor and is written in C/C++."

Interestingly, back in 2018 a Slashdot headline asked whether C++ was "a really terrible language," and Elon Musk replied on Twitter with his single-word answer. "Yes."

ZDNet points out that "ordinary" processors are often needed because of the multi-year development time for the spacecraft they power. Their article notes that the International Space Station actually runs on 1988-vintage 20 MHz Intel 80386SX CPUs: Of course, while those ancient chips work for the station's command and control multiplexer/demultiplexer, they're not much good for anything else. For ordinary day-in and day-out work, astronauts use HP ZBook 15s running Debian Linux, Scientific Linux, and Windows 10. The Linux systems act as remote terminals to the control multiplexer/demultiplexer, while the Windows systems are used for email, the web, and fun.

Usually, though, chips that go into space aren't ordinary chips. CPUs that stay in space must be radiation-hardened. Otherwise, they tend to fail due to the effects of ionizing radiation and cosmic rays. These customized processors undergo years of design work and then more years of testing before they are certified for spaceflight. For instance, NASA expects its next-generation, general-purpose processor, an ARM A53 variant you may know from the Raspberry Pi 3, to be ready to run in 2021...

The Dragon spacecraft's touchscreen interface is rendered using Chromium and JavaScript. If something were to go wrong with the interface, the astronauts have physical buttons to control the spacecraft.
Today the SpaceX software team answered questions on Reddit, revealing they use Chromium with a reactive library developed in-house, and that "All of our on-board computers either run Linux (with the PREEMPT_RT patch) or are microcontrollers that run bare-metal code...." Later they emphasized that for the Falcon 9 and Dragon software, "All of the application-level autonomous software is written in C++. We generally use object oriented programming techniques from C++, although we like to keep things as simple as possible.

"We do use open source libraries, primarily the standard C++ library, plus some others. However, we limit our use of open source libraries to only extremely high quality ones, and often will opt to develop our own libraries when it is feasible so that we can control the code quality ourselves."

An anonymous reader quotes a report from ZDNet: Mint's programmers, led by lead developer, Clement "Clem" Lefebvre, has dropped support for Ubuntu's Snap software packing system. [...] So, what's not to like? Well, a lot, thinks Clem. As he wrote in July 2019, the idea is fine: "When snap was announced it was supposed to be a solution, not a problem. It was supposed to make it possible to run newer apps on top of older libraries and to let third-party editors publish their software easily towards multiple distributions, just like Flatpak and AppImage." But, he said, "What we didn't want it to be was for Canonical to control the distribution of software between distributions and third-party editors, to prevent direct distribution from editors, to make it so software worked better in Ubuntu than anywhere else and to make its store a requirement."

Clem was worried then that Canonical was moving in that direction because: "Ubuntu is planning to replace the Chromium [Google's open-source browser and foundation for Chrome] repository package with an empty package, which installs the Chromium snap. In other words, as you install APT [Debian's program for installing and managing DEB files] updates, Snap becomes a requirement for you to continue to use Chromium and installs itself behind your back. This breaks one of the major worries many people had when Snap was announced and a promise from its developers that it would never replace APT. A self-installing Snap Store which overwrites part of our APT package base is a complete NO-NO. It's something we have to stop and it could mean the end of Chromium updates and access to the snap store in Linux Mint."

Fast forward to now, and that's still the case with Chromium, and Clem has had enough: "In the Ubuntu 20.04 package base, the Chromium package is indeed empty and acting, without your consent, as a backdoor by connecting your computer to the Ubuntu Store. Applications in this store cannot be patched, or pinned. You can't audit them, hold them, modify them, or even point snap to a different store. You've as much empowerment with this as if you were using proprietary software, i.e. none. This is in effect similar to a commercial proprietary solution, but with two major differences: It runs as root, and it installs itself without asking you."

Websites are still capable of detecting when a visitor is using Chrome's incognito (private browsing) mode, despite Google's efforts last year to disrupt the practice. From a report: It is still possible to detect incognito mode in Chrome, and all the other Chromium-based browsers, such as Edge, Opera, Vivaldi, and Brave, all of which share the core of Chrome's codebase. Furthermore, developers have taken the scripts shared last year and have expanded support to non-Chrome browsers, such as Firefox and Safari, allowing sites to block users in incognito mode across the board. Currently, there is no deadline for a new Chrome update to block incognito mode detections, however, today, Google might be interested more than ever in fixing this issue.

Microsoft is starting to roll out its new Edge browser through Windows Update. The new Chromium-based version of Edge launched in January, but Windows users had to specifically download it. From a report: A Microsoft support article notes that it's now available on Windows Update, meaning it will soon arrive on the more than 1 billion Windows 10 devices in use. It appears that Edge will be automatically installed through Windows Update on Windows 10 version 1803 and higher. That covers the vast majority of versions of Windows 10 that are currently supported, meaning it should start showing up in Windows Update for everyone soon. As always, this is a gradual rollout, so you might not see it immediately on Windows Update just yet.

"Around 70% of our serious security bugs are memory safety problems," the Chromium project announced this week. "Our next major project is to prevent such bugs at source."

ZDNet reports: The percentage was compiled after Google engineers analyzed 912 security bugs fixed in the Chrome stable branch since 2015, bugs that had a "high" or "critical" severity rating. The number is identical to stats shared by Microsoft. Speaking at a security conference in February 2019, Microsoft engineers said that for the past 12 years, around 70% of all security updates for Microsoft products addressed memory safety vulnerabilities. Both companies are basically dealing with the same problem, namely that C and C++, the two predominant programming languages in their codebases, are "unsafe" languages....

Google says that since March 2019, 125 of the 130 Chrome vulnerabilities with a "critical" severity rating were memory corruption-related issues, showing that despite advances in fixing other bug classes, memory management is still a problem... Half of the 70% are use-after-free vulnerabilities, a type of security issue that arises from incorrect management of memory pointers (addresses), leaving doors open for attackers to attack Chrome's inner components...

While software companies have tried before to fix C and C++'s memory management problems, Mozilla has been the one who made a breakthrough by sponsoring, promoting and heavily adopting the Rust programming language in Firefox... Microsoft is also heavily investing in exploring C and C++ alternatives⦠But this week, Google also announced similar plans as well... Going forward, Google says it plans to look into developing custom C++ libraries to use with Chrome's codebase, libraries that have better protections against memory-related bugs. The browser maker is also exploring the MiraclePtr project, which aims to turn "exploitable use-after-free bugs into non-security crashes with acceptable performance, memory, binary size and minimal stability impact."

And last, but not least, Google also said it plans to explore using "safe" languages, where possible. Candidates include Rust, Swift, JavaScript, Kotlin, and Java.

"The makers of the widely used JavaScript server-side runtime, Node.js, have released Deno 1.0, a new runtime for JavaScript and TypeScript that addresses 'design mistakes' in Node.js," reports ZDNet: Just like Node.js or Node, the Deno runtime is for executing JavaScript outside a web browser. However, unlike Node.js, Deno offers first-class support for Microsoft's increasingly popular Typescript, a superset of JavaScript designed for large projects... "With the changing JavaScript language, and new additions like TypeScript, building Node projects can become an arduous endeavor, involving managing build systems and other heavy-handed tooling that takes away from the fun of dynamic language scripting," writes Node.js creator Ryan Dahl in a blogpost co-authored by fellow Deno developers Bert Belder and Bartek Iwanczuk...

Deno is based on Google's Chromium V8 JavaScript engine.
While its standard modules are all written in TypeScript, Infoworld points out that Deno "can be a replacement for utility scripts that may have been written in Python or Bash... Deno was designed as a series of Rust crates to allow integration at different layers." (A blog post by its developers notes Deno "makes it easy to bind Rust future-based APIs into JavaScript promises.")

But "Like a web browser, it knows how to fetch external code," the developers wrote, calling Deno "a web browser for command-line scripts" while arguing that with Node, "the mechanism for linking to external libraries is fundamentally centralized through the NPM repository, which is not inline with the ideals of the web... Also like browsers, [Deno] code is executed in a secure sandbox by default. Scripts cannot access the hard drive, open network connections, or make any other potentially malicious actions without permission." In an interview Dahl tells JAXenter they're already keeping an index of third party modules that work on Deno at https://deno.land/x/.

"It's important to understand that Deno is not a fork of Node," the developers' blog post explains. "It's a completely new implementation..."

"One last thing," the blog post concludes. "Consider supporting this open source software work by pre-ordering a Deno v1.0 hoodie."

An anonymous reader quotes a report from BetaNews: Microsoft is no stranger to hitting its customers with ads for its products and services, and it seems that the company is so keen that people make the switch to the new Chromium-based version of Edge that it is now bombarding Outlook.com users with banner ads. The ads are targeting people who visit the web-based version of Outlook using Google Chrome, and they see Microsoft extolling the speed and performance of its most recent web browser.

As spotted by Windows Latest a series of ads appear at the top of Outlook.com encouraging people to try out Microsoft Edge. In the ads, Microsoft claims that Edge brings "the best of the web," makes "Outlook more accessible," and boosts "speed, performance and compatibility." The good news about the latest batch of ads from Microsoft is that they are not terribly persistent. While there are a number of different banner ads which are displayed in rotation after a refresh or on each new visit to Outlook.com, once they have been dismissed they do not seem to make a reappearance.

Microsoft's relatively new Chromium-based Edge browser is going to be retired in mid-2021. Softpedia reports: News of Microsoft supporting Edge on Windows 7 until at least July 2021 first surfaced earlier this year, but now the software giant has updated its official documentation with more specifics about this date. "We will continue to support Microsoft Edge on Windows 7 and Windows Server 2008 R2 until July 15, 2021. These operating systems are out of support and Microsoft recommends you move to a supported operating system such as Windows 10," the company explains. "While Microsoft Edge helps keep you more secure on the web, your PC may still be vulnerable to security risks. In order for IE mode to be supported on these operating systems the devices will need to have the Extended Security Updates for Windows 7. Without the Windows 7 Extended Security updates Internet Explorer functionality will be vulnerable to security risks. Additionally, IE mode functionality may cease to work without the continued servicing through the extended security updates."

An anonymous reader writes: Mozilla today launched Firefox 75 for Windows, Mac, and Linux. Firefox 75 includes a revamped address bar with significant search improvements, a few performance tweaks, and a handful of developer features. You can download Firefox 75 for desktop now from Firefox.com, and all existing users should be able to upgrade to it automatically. According to Mozilla, Firefox has about 250 million active users, making it a major platform for web developers to consider.

When the coronavirus crisis took hold, millions found themselves spending more time in their browsers as they learn and work from home. But the crisis is also impacting software developers. Google was forced to pause its Chrome releases, which typically arrive every six weeks. Ultimately, Chrome 81 was delayed, Chrome 82 is being skipped altogether, and Chrome 83 has been moved up a few weeks. Microsoft has followed suit with Edge's release schedule, consistent with Google's open source Chromium project, which both Chrome and Edge are based on. Mozilla wants to make clear it is not in the same boat. The company took an indirect jab at Google and Microsoft today, saying: "We've built empathy into our systems for handling difficult or unexpected circumstances. These strengths are what allow us to continue to make progress where some of our competitors have had to slow down or stop work."

Long-time Slashdot reader AmiMoJo quotes Softpedia: It was probably just a matter of time, but the thing so many people, including everyone at Microsoft, expected finally happened: Microsoft Edge surpassed Mozilla Firefox to become the world's second most-used desktop browser. Data provided by market analysis firm NetMarketShare reveals that the whole thing happened in March, when the adoption of the Chromium-powered Microsoft Edge improved to a level that allowed it to overtake Mozilla's own browser.

So right now, Microsoft Edge is the second most-used desktop browser on the planet with a share of 7.59%, while Mozilla Firefox is now third with 7.19%.

As for who's leading the pack, Google Chrome continues to be number one with a share of 68.50%.

Microsoft today announced upcoming features for its Edge browser based on Google's Chromium open source project, the same browser Google's Chrome is based on. Consumer features like Vertical Tabs, Smart Copy, and Password Monitor are coming soon. Microsoft also shared a few updates for existing or already announced features like Collections, InPrivate mode, and Immersive Reader.

According to 9to5Google, Google is working on a native Chrome OS app for printing and scanning documents. From the report: While there are many ways to start printing on Chrome OS, there's no real way to see what you've currently got queued to print, when not using Cloud Print [which is shutting down at the end of the year]. This is particularly frustrating if you've accidentally printed a long document as there's no way to cancel. [...] Late last month, work began on a new "Print Management app," starting with a Chrome OS specific flag in chrome://flags. Print Management is still in the early stages of development but we know that, like many Chrome OS apps, it'll be a web-based System Web App (SWA), which you can launch from the printers section of the main Settings app. Inside, you'll see a list of your recent printing attempts, including useful information like the job's name, what time it started, whether it succeeded, and which printer it was sent to.

And then, of course, on the flip side of working with paper documents is scanning, which is by no means easy to do on Chrome OS. Thankfully, Print Management will also include a UI for scanning documents and photos. The Chromium team is already working on this behind yet another flag.

"New academic research published last month looked at the phone-home [telemetry] features of six of today's most popular browsers and found that the Brave browser sent the smallest amount of data about its users back to the browser maker's servers," reports ZDNet: The research, conducted by Douglas J. Leith, a professor at Trinity College at the University of Dublin, looked at Google Chrome, Mozilla Firefox, Apple Safari, Brave, Microsoft Edge (the new Chromium-based version), and the Yandex Browser.

"In the first (most private) group lies Brave, in the second Chrome, Firefox, and Safari, and in the third (least private) group lie Edge and Yandex...." [T]he professor found evidence that Chrome, Firefox, and Safari all tagged telemetry data with identifiers that were linked to each browser instance. These identifiers allowed Google, Mozilla, and Apple to track users across browser restarts, but also across browser reinstalls...

[T]he most intrusive phoning-home features were found in the new version of Microsoft Edge and the official Yandex Browser. According to Prof. Leith, both used unique identifiers that were linked to the device's hardware, rather than the browser installation. Tracking users by hardware allows Microsoft and Yandex to follow users across installations and potentially link browser installs with other apps and online identities. The professor said that Edge collected the hardware UUID of the user's computer, an identifier that cannot be easily changed or deleted without altering a computer's hardware. Similarly, Prof. Leith also found that Yandex transmitted a hash of the hardware serial number and MAC address to its backend servers.

"As far as we can tell this behaviour [in Edge and Yandex] cannot be disabled by users," the professor said.
The article also points out that Brave was the only browser that didn't use search autocomplete functionality to collect and send back information on a user's visited web pages. (Even though this can be disabled in Firefox, Chrome, and Safari, it's on by default.)

But Edge and Yandex "also sent back information about visited web pages that did not appear to be related to the search autocomplete feature, suggesting the browsers had other ways to track users' browsing habits."