'Google released Chrome 88 this week — and besides improving its dark
mode support, they removed support for both Adobe Flash and FTP.
PC World calls it "the end of two eras."
The most noteworthy change in this update is what's not included.
Chrome 88 lays Adobe Flash and the FTP protocol to rest. RIP
circa-2000 Internet.
Neither comes as a surprise, though it's poetic that they're being
buried together. Adobe halted Flash Player downloads at the end of
2020, making good on a promise made years before, and began blocking
Flash content altogether a couple weeks later. Removing Flash from
Chrome 88 is just Google's way of flushing the toilet.
On the other hand, FTP isn't dead, but it is now for Chrome users. The
File Transport Protocol has helped users send files across the
Internet for decades, but in an era of prolific cloud storage services
and other sharing methods, its use has waned. Google started slowly
disabling FTP support in Chrome 86, per ZDNet, and now you'll no
longer be able to access FTP links in the browser. Look for standalone
FTP software instead if you need it, such as FileZilla.
That's not all. Mac users should be aware that Chrome 88 drops support
for OS X 10.10 (OS X Yosemite). Yosemite released in 2014 and received
its last update in 2017...
But Google killing Flash and FTP might be the footnotes that hit
old-school web users in the feels.
Chrome 88 will also block non-encrypted downloads originating from an
encrypted page, the article reports. And the Verge notes Chrome also
offers less intrusive website permission requests (as an experimental
feature enabled from chrome://flags/#permission-chip ), while Bleeping
Computer describes Chrome 88's new experimental feature for searching
through all your open tabs.
And Chrome's blog points out some additional features under the hood:
Chrome 88 will heavily throttle chained JavaScript timers for hidden
pages in particular conditions. This will reduce CPU usage, which will
also reduce battery usage. There are some edge cases where this will
change behavior, but timers are often used where a different API would
be more efficient, and more reliable.'
-- source: https://slashdot.org/story/21/01/23/2018224
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Steven J. Vaughan-Nichols writes at ZDNet:
When Elastic, makers of the open-source search and analytic engine
Elasticsearch, went after Amazon Web Services (AWS) by changing its
license from the open-source Apache 2.0-license ALv2) to the
non-open-source friendly Server Side Public License, I predicted "we'd
soon see AWS-sponsored Elasticsearch and Kibana forks." The next day,
AWS tweeted it "will launch new forks of both Elasticsearch and Kibana
based on the latest Apache 2.0 licensed codebases." Well, that didn't
take long!
In a blog post, AWS explained that since Elastic is no longer making
its search and analytic engine Elasticsearch and its companion data
visualization dashboard Kibana available as open source, AWS is taking
action. "In order to ensure open source versions of both packages
remain available and well supported, including in our own offerings,
we are announcing today that AWS will step up to create and maintain
an ALv2-licensed fork of open-source Elasticsearch and Kibana.... AWS
brings years of experience working with these codebases, as well as
making upstream code contributions to both Elasticsearch and Apache
Lucene, the core search library that Elasticsearch is built on — with
more than 230 Lucene contributions in 2020 alone... We're in this for
the long haul, and will work in a way that fosters healthy and
sustainable open source practices — including implementing shared
project governance with a community of contributors..."
Yet another company, Logz.io, a cloud-monitoring company, and some
partners have announced that it will launch a "true" open source
distribution for Elasticsearch and Kibana.'
-- source: https://news.slashdot.org/story/21/01/23/0245229
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'We have learned that Brad Cox, computer scientist known mostly for
creating the Objective-C programming language with his business
partner Tom Love, died on January 2, 2021 at his residence. He was 76.
From a Legacy.com post:
Brad was born on May 2, 1944 in Fort Benning, Georgia, to the late
Nancy Hinson Cox and Dewey McBride Cox of Lake City, South Carolina.
Brad grew up on the family's dairy farm in South Carolina but found
himself most interested in science. After graduating from Lake City
High School, he received his Bachelor of Science Degree in Organic
Chemistry and Mathematics from Furman University, and his Ph.D. from
the Department of Mathematical Biology at the University of Chicago,
and worked on an early form of neural networks. He soon found himself
more interested in computers and got a job at International Telephone
and Telegraph (ITT) and later joined Schlumbeger -- Doll Research
Labs, and ultimately formed his own Connecticut startup, Productivity
Products International (PPI) later named Stepstone.
Among his first known software projects, he wrote a PDP-8 program for
simulating clusters of neurons. He worked at the National Institutes
of Health and Woods Hole Oceanographic Institute before moving into
the software profession. Dr. Cox was an entrepreneur, having founded
the Stepstone Company together with Tom Love for releasing the first
Objective-C implementation. Stepstone hoped to sell "ICPaks" and Dr.
Cox focused on building his ICPak libraries and hired a team to
continue work on Objective-C, including Steve Naroff. The late Steve
Jobs', NeXT, licensed the Objective-C language for it's new operating
system, NEXTSTEP. NeXT eventually acquired Objective- C from
Stepstone. Objective-C continued to be the primary programming
language for writing software for Apple's OS X and iOS. '
-- source: https://developers.slashdot.org/story/21/01/23/0446216
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'DDoS-for-hire services are abusing the Microsoft Remote Desktop
Protocol to increase the firepower of distributed denial-of-service
attacks that paralyze websites and other online services, a security
firm said this week.
Typically abbreviated as RDP, Remote Desktop Protocol is the
underpinning for a Microsoft Windows feature that allows one device to
log into another device over the Internet. RDP is mostly used by
businesses to save employees the cost or hassle of having to be
physically present when accessing a computer.
As is typical with many authenticated systems, RDP responds to login
requests with a much longer sequence of bits that establish a
connection between the two parties. So-called booter/stresser
services, which for a fee will bombard Internet addresses with enough
data to take them offline, have recently embraced RDP as a means to
amplify their attacks, security firm Netscout said.
The amplification allows attackers with only modest resources to
strengthen the size of the data they direct at targets. The technique
works by bouncing a relatively small amount of data at the amplifying
service, which in turn reflects a much larger amount of data at the
final target. With an amplification factor of 85.9 to 1, 10
gigabytes-per-second of requests directed at an RDP server will
deliver roughly 860Gbps to the target.
“Observed attack sizes range from ~20 Gbps – ~750 Gbps,” Netscout
researchers wrote. “As is routinely the case with newer DDoS attack
vectors, it appears that after an initial period of employment by
advanced attackers with access to bespoke DDoS attack infrastructure,
RDP reflection/amplification has been weaponized and added to the
arsenals of so-called booter/stresser DDoS-for-hire services, placing
it within the reach of the general attacker population.”'
-- source: https://arstechnica.com/information-technology/2021/01/ddosers-are-abusing-…
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Earlier this week security experts disclosed details on seven
vulnerabilities impacting Dnsmasq, "a popular DNS software package
that is commonly deployed in networking equipment, such as routers and
access points," reports ZDNet. "The vulnerabilities tracked as
DNSpooq, impact Dnsmasq, a DNS forwarding client for *NIX-based
operating systems."
Slashdot reader Joe2020 shared Help Net Security's quote from Shlomi
Oberman, CEO and researcher at JSOF. "Some of the bigger users of
Dnsmasq are Android/Google, Comcast, Cisco, Red Hat, Netgear, and
Ubiquiti, but there are many more. All major Linux distributions offer
Dnsmasq as a package, but some use it more than others, e.g., in
OpenWRT it is used a lot, Red Hat use it as part of their
virtualization platforms, Google uses it for Android hotspots (and
maybe other things), while, for example Ubuntu just has it as an
optional package."
More from ZDNet:
Dnsmasq is usually included inside the firmware of various networking
devices to provide DNS forwarding capabilities by taking DNS requests
made by local users, forwarding the request to an upstream DNS server,
and then caching the results once they arrive, making the same results
readily available for other clients without needing to make a new DNS
query upstream. While their role seems banal and insignificant, they
play a crucial role in accelerating internet speeds by avoiding
recursive traffic...
Today, the DNSpooq software has made its way in millions of devices
sold worldwide [including] all sorts of networking gear like routers,
access points, firewalls, and VPNs from companies like ZTE, Aruba,
Redhat, Belden, Ubiquiti, D-Link, Huawei, Linksys, Zyxel, Juniper,
Netgear, HPE, IBM, Siemens, Xiaomi, and others. The DNSpooq
vulnerabilities, disclosed today by security experts from JSOF, are
dangerous because they can be combined to poison DNS cache entries
recorded by Dnsmasq servers. Poisoning DNS cache records is a big
problem for network administrators because it allows attackers to
redirect users to clones of legitimate websites...
In total, seven DNSpooq vulnerabilities have been disclosed today.
Four are buffer overflows in the Dnsmasq code that can lead to remote
code execution scenarios, while the other three bugs allow DNS cache
poisoning. On their own, the danger from each is limited, but
researchers argue they can be combined to attack any device with older
versions of the Dnsmasq software...
The JSOF exec told ZDNet that his company has worked with both the
Dnsmasq project author and multiple industry partners to make sure
patches were made available to device vendors by Tuesday's public
disclosure.'
-- source: https://it.slashdot.org/story/21/01/23/0412253
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Meet the Raspberry Pi Pico, a tiny little microcontroller that lets
you build hardware projects with some code running on the
microcontroller. Even more interesting, the Raspberry Pi Foundation is
using its own RP2040 chip, which means that the foundation is now
making its own silicon. From a report:
If you're not familiar with microcontrollers, those devices let you
control other parts or other devices. You might think that you can
already do this kind of stuff with a regular Raspberry Pi. But
microcontrollers are specifically designed to interact with other
things. They're cheap, they're small and they draw very little power.
You can start developing your project with a breadboard to avoid
soldering. You can pair it with a small battery and it can run for
weeks or even months. Unlike computers, microcontrollers don't run
traditional operating systems. Your code runs directly on the chip.
Like other microcontrollers, the Raspberry Pi Pico has dozens of input
and output pins on the sides of the device. Those pins are important
as they act as the interface with other components. For instance, you
can make your microcontroller interact with an LED light, get data
from various sensors, show some information on a display, etc. The
Raspberry Pi Pico uses the RP2040 chip. It has a dual-core Arm
processor (running at 133MHz), 264KB of RAM, 26 GPIO pins including 3
analog inputs, a micro-USB port and a temperature sensor. It doesn't
come with Wi-Fi or Bluetooth. And it costs $4.'
-- source: https://hardware.slashdot.org/story/21/01/21/1258214
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Google has threatened to disable its search engine in Australia if
it's forced to pay local publishers for news, a dramatic escalation of
a months-long standoff with the government. From a report:
The proposed law, intended to compensate publishers for the value
their stories generate for the company, is "unworkable," Mel Silva,
managing director for Australia and New Zealand, told a parliamentary
hearing Friday. She specifically opposed the requirement that Google
pay media companies for displaying snippets of articles in search
results.
The threat is Google's most potent yet as the digital giant tries to
stem a flow of regulatory action worldwide. At least 94% of online
searches in Australia go through the Alphabet unit, according to the
local competition regulator. "We don't respond to threats," Australia
Prime Minister Scott Morrison said Friday. "Australia makes our rules
for things you can do in Australia. That's done in our parliament.
It's done by our government. And that's how things work here in
Australia."'
-- source: https://tech.slashdot.org/story/21/01/22/0339236
However, in related news:
"Google Agrees To Pay French News Sites To Send Them Traffic"
-- source: https://tech.slashdot.org/story/21/01/21/2316209
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Google's parent firm, Alphabet, is done exploring the idea of using a
fleet of balloons to beam high-speed internet in remote parts of the
world. From a report:
The firm said on Thursday evening that it was winding down Loon, a
nine-year-old project and a two-and-a-half-year-old spin off firm,
after failing to find a sustainable business model and partners for
one of its most prominent moonshot projects. The demise of Loon, which
assumed spotlight after the project helped restore cell services
knocked out by a hurricane in Puerto Rico, comes a year after the
Android-maker ended Google Station, its other major connectivity
effort to bring internet to the next billion users.'
-- source: https://tech.slashdot.org/story/21/01/22/1418212
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
'Intel has talked with TSMC and Samsung about the Asian companies
making some of its best chips, but the Silicon Valley pioneer is still
holding out hope for last-minute improvements in its own production
capabilities. Bloomberg reports:
After successive delays in its chip fabrication processes, Santa
Clara, California-based Intel has yet to make a final decision less
than two weeks ahead of a scheduled announcement of its plans,
according to people familiar with the deliberations. Any components
that Intel might source from Taiwan wouldn't come to market until 2023
at the earliest and would be based on established manufacturing
processes already in use by other TSMC customers, said the people,
asking not to be identified because the plans are private.
Talks with Samsung, whose foundry capabilities trail TSMC's, are at a
more preliminary stage, the people said. An Intel spokesperson
referred to previous comments by Bob Swan, the company's chief
executive officer. Swan has promised investors he'll set out his plans
for outsourcing and get Intel's production technology back on track
when the company reports earnings Jan. 21. [...] TSMC, the largest
maker of semiconductors for other companies, is preparing to offer
Intel chips manufactured using a 4-nanometer process, with initial
testing using an older 5-nanometer process, according to the people.
The company has said it will make test production of 4-nanometer chips
available in the fourth quarter of 2021 and volume shipments the
following year. The Taiwanese company expects to have a new facility
in Baoshan operational by the end of this year, which can be converted
to production for Intel if required, one of the people said. TSMC
executives previously said the new Baoshan unit would house a research
center with 8,000 engineers.
While Intel has outsourced production of lower-end chips before, it
has kept the manufacturing of its best semiconductors in-house,
considering it a competitive strength. Its engineers have historically
tailored their designs to the company's manufacturing processes,
making a shift to outsourcing of flagship products unthinkable in the
past. As the provider of 80% of personal computer and server
processors globally, Intel produces hundreds of millions of chips each
year. That scale dictates that any potential supplier must create new
capacity to accommodate Intel.'
-- source: https://hardware.slashdot.org/story/21/01/08/2215226
Cheers, Peter
--
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304
http://www.cms.waikato.ac.nz/~fracpete/http://www.data-mining.co.nz/
Just been watching this review
<https://www.youtube.com/watch?v=CyEpshm16HY> of the TinyPilot
KVM-over-IP box. It’s purchasable from the maker’s website for
US$300-plus, which is a fraction of the price of most other KVM-over-IP
products. It’s built around a Raspberry π 4, using the camera adapter
for HDMI in (no use made of the GPIO connector at all). Of course this
means it can only support a connection to a single server machine. The
source code is on GitHub if you want to build that yourself. The base
product offers insecure HTTP-only access; if you want HTTPS, you have
to pay extra for the TinyPilot Pro software licence.
For comparison, some reader comments mention an alternative “PiKVM”
product -- has anyone heard of this?