Language Selection

English French German Italian Portuguese Spanish

Web

Web Server Survey and Security

Filed under
Server
Security
Web
  • November 2021 Web Server Survey | Netcraft News

    In the November 2021 survey we received responses from 1,175,392,792 sites across 267,027,794 unique domains and 11,525,855 web-facing computers. This reflects a loss of 4.06 million sites, but a gain of 1.60 million domains and 137,000 computers.

    nginx gained the largest number of domains (+741,000) and web-facing computers (+81,300) this month and continues to lead in both metrics with market shares of 30.1% and 37.3%.

    Further down in the market, there was also a noticeable increase in the total number of web-facing computers running LiteSpeed, which went up by 11,200 to 101,000 (+12.5%), although this resulted in only a 1.44% increase in domains. These counts include sites that run on LiteSpeed Web Server and its open source variant, OpenLiteSpeed, both of which exhibit the same “LiteSpeed” server banner.

    Both nginx and Apache lost nearly 4 million hostnames each, reducing their sites market shares to 34.7% and 24.4%. Meanwhile, Cloudflare gained 1.15 million sites, which has taken its total up to 58.6 million (+2.00%) and increased its sites share to 4.99%.

    nginx and Apache also suffered losses amongst the top million websites, paving the way for Microsoft to increase its presence by 2,369 sites (+3.75%). Microsoft web server software is now used by 65,600 of the top million sites, but Apache is still the most commonly used web server in this sector, with 240,000 of the top million sites using it, and nginx is not far behind with 224,000.

  • Security updates for Tuesday [LWN.net]

    Security updates have been issued by Debian (mbedtls), Red Hat (kernel and rpm), and Ubuntu (freerdp2).

  • Over a million WordPress sites breached | ZDNet

    WordPress is far more than just blogs. It powers over 42% of all websites. So whenever there's a WordPress security failure, it's a big deal. And now GoDaddy, which is the top global web hosting firm with tens of millions more sites than its competition, reports that data on 1.2 million of its WordPress customers has been exposed.

A big hey! from diaspora*

Filed under
Web

You might have been wondering what happened to diaspora*. Well, although we’ve been a bit quiet, we haven’t gone away! In fact, some big things have been happening in the background that we’re really excited about, and now it’s come to the time for us to tell you about them.

Read more

Google Chrome vs Chromium: What’s the difference?

Filed under
Web

Google Chrome is the most popular web browser. No matter whether you prefer to use it, Chrome manages to offer a good user experience.

Even though it is available for Linux, it is not an open-source web browser.

And, if you need the look and feel of Google Chrome but want to use an open-source solution, Chromium can be your answer.

But isn’t Google Chrome based on Chromium? (that’s a Yes.) And, it’s also developed by Google? (Also, Yes.)

So, what are the differences between Chrome and Chromium? In this article, we shall take an in-depth look at both of them and compare them while presenting some benchmarks.

Read more

today's leftovers

Filed under
Web
Misc
  • What is Clear Linux? — Most Powerful Operating System in 2022

    The most powerful Operating and Best Kept Secret of 2021. There is a new kid on the block, Clear Linux by Intel.

  • This Portal fan brought Wheatley to life as his own personal assistant [ed: This is a listening device of (or for) Amazon]

    The video game Portal 2 is widely regarded as a classic that introduced players to several memorable characters, including one of the main protagonists-turned-antagonists, Wheatley. This anthropomorphized personal assistance robot was able to move, speak, and listen/respond to speech from a user, which is exactly what Steve Turner was trying to recreate when he built his own version of Wheatley. His animatronic device starts by waking up, and from there it selects a folder of audio files to play at random. Additionally, its AI-powered interactivity is provided by an Amazon Echo Dot via Alexa and the Arduino Cloud.

  • Dynatrace : Managed release notes version 1.230
  • Digital world seen moving into 'authoritarian space' | Reuters

    From blocking websites to forcing companies to share user data, governments – including democracies – are increasingly resorting to "authoritarian" methods to control the internet, tech experts warned on Thursday.

    Governments like China and Russia are blocking social media content, requiring firms to submit to data surveillance, and silencing journalists and activists online, panelists told the Thomson Reuters Foundation's annual Trust Conference.

    "The digital world is increasingly moving into an authoritarian space," said Alina Polyakova, head of the Center for European Policy Analysis, a U.S.-based think-tank.

  • Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

    Security researchers have checked the web's public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities.

    Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be reasonably confident that your bank website is actually your bank website when it presents your browser with an end-user or leaf certificate that's linked through a chain of trust to an intermediate certificate and ultimately the X.509 root certificate of a trusted CA.

    Each browser relies on a trust store consisting of a hundred or so root certificates that belong to a smaller set of organizations. Mozilla's CA Certificate List for example currently has 151 certs representing 53 organizations.

    Some of the more well-known CAs in the US include IdenTrust, DigiCert, Sectigo, and Let's Encrypt.

  • From Myanmar to Sudan, autocratic regimes have weaponised internet shutdowns. Time to fight back.

    Internet censorship is nearly as old as the internet itself. While much of the theorizing about the early internet viewed it as a free and open space for the exchange of new ideas, a number of governments had different ideas about its potential.

    While China is well-known for its sophisticated internet censorship apparatus, several governments across the Middle East and North Africa — including Tunisia, Saudi Arabia, and Syria—were early adopters of certain censorship tactics such as keyword filtering and DNS tampering. Similar to China, these countries targeted a range of content, including sites that offered information about human rights violations, sex, and certain religions, as well as those that encouraged political opposition.

    But in recent years, governments have taken the more decidedly extreme tactic of cutting off internet access entirely, depriving their citizens of a lifeline to the world...and each other, a tactic that Human Rights Watch has rightly called "collective punishment."

Chrome 97 Beta, Firefox Add-ons, and Firefox Nightly

Filed under
Google
Moz/FF
Web

  • Chrome Releases: Beta Channel Update for Desktop

    The Chrome team is excited to announce the promotion of Chrome 97 to the Beta channel for Windows, Mac and Linux. Chrome 97.0.4692.20 contains our usual under-the-hood performance and stability tweaks, but there are also some cool new features to explore - please head to the Chromium blog to learn more!

  • Chrome 97 Beta Released With WebTransport API, HDR Media Queries - Phoronix

    Most notable with today's Chrome 97 beta release is initial support for WebTransport. WebTransport is a protocol framework similar to WebRTC data channels but principally for clients constrained by the web security model to communicate with a remote server using a secure, multi-plexed transport. WebTransport uses the HTTP/3 protocol for bidirectional transport. Unlike WebSockets that is TCP-based, WebTransport relies on UDP-like datagrams and cancellable streams. Learn more about WebTransport via the W3C working draft at W3.org.

  • The magic of mouse gestures - Firefox Add-ons Blog

    Mouse gestures are mouse movement and key combinations that give you the power to customize the way you maneuver around web pages. If your online work requires a fair amount of distinct, repetitive activity—things like rapid page scrolling, opening links in background tabs, closing batches of open tabs, etc.—the right mouse gesture can make a major impact on your task efficiency. Here are a few browser extensions that provide excellent mouse gesture features…

  • Firefox Nightly: These Weeks in Firefox: Issue 104

    A big thank you to all the Outreachy applicants who applied for this cycle.

Browsers: GNOME Web, Brave

Filed under
Web
  • 50,000 rules is not enough for Safari Content Blockers and I’m not hopeful that the situation will improve for GNOME Web, despite “WebExtensions” coming.

    GNOME Web uses WebkitGTK, which is basically an improved version of the one that Safari has. (No DRM modules and support for open media codecs.)

    However, it has some of the same limitations. One of these is using Content Blockers for the ad blocking. GNOME Web previously had one that was much, much worse, and caused many bugs, and ate RAM like it was going out of style, and was only partially compatible with Adblock Plus.

    So deleting it out of the browser and moving to use Webkit Content Blockers was a win by that measure.

    However, Apple is such a piece of shit company that they designed the scheme so that you’re limited to 50,000 rules. To put that in perspective, in most of my browsers, I have twice that many, and no, they don’t slow the browser down at all, because uBlock-Origin is efficient.

  • Brave embeds a cryptocurrency wallet right in the browser

    Brave version 1.32 includes a dedicated wallet built right into the browser, in which users can store their private keys for various cryptocurrency holdings. (Read our review of Brave 1.0.) The company claims that the direct integration is more secure than a third-party browser plugin, but also allows users to connect with hardware wallet devices like Trezor and Ledger. Brave’s wallet also provides real-time market information as well as the ability to buy and pay via various cryptocurrencies.

Web Browsers: Microsoft Aggression, Google Chrome Release, Tor Browser 11.0.1, and More

Filed under
Web
  • Microsoft blocks another way to avoid Edge within Windows 11

    Microsoft has begun taking an even more aggressive stance in its efforts to prevent users from choosing their own browser on Windows 11, blocking a small developer’s tool that served as a workaround to enable browser choice.

  • Chrome Releases: Stable Channel Update for Desktop

    The Chrome team is delighted to announce the promotion of Chrome 96 to the stable channel for Windows, Mac and Linux. Chrome 96 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

  • Google Releases Chrome 96 With Back-Forward Cache Enabled For The Desktop - Phoronix

    Google has released Chrome 96 a day early as the latest routine update to their cross-platform web browser.

    Coming with Chrome 96 is an assortment of mostly minor developer feature additions, some user improvements like the back-forward cache for the desktop, and fixes along with never-ending security work.

  • New Release: Tor Browser 11.0.1

    Tor Browser 11.0.1 is now available from the Tor Browser download page and also from our distribution directory.

    This version provides important bug fixes on Windows, MacOS, and Linux, and includes blockchain explorer Blockchair as a search option.

  • Tweaking Firefox preferences

Web Browsers: More DRM and More Broken Web

Filed under
Web
  • Bypass some paywalls and in-page pop-ups by forcing GNOME Web into Reader Mode.

    Some sites claim they aren’t compatible with a browser’s reader mode to prevent users from clicking on it and bypassing Admiral, paywalls, and other junk.

    Tip: putting ephy-reader: in the front of the URL in GNOME Web and hitting enter forces it into Reader Mode anyway, regardless of what the site wants.

  • EasyOS version 3.1.10 released

    As 3.1.10 has Firefox builtin, if you are going to do an update of an existing installation, get rid of any existing Firefox beforehand. It should be enough just to delete /mnt/wkg/sfs/esyos/oe/dunfell/firefox-*.sfs. At bootup of 3.1.10, the initrd will see that the SFS is no longer there, and will do a "cleanup" -- so there shouldn't be any "firefox" on the desktop after bootup.

    Firefox updating and hardware acceleration both caused trouble, so they have been permanently disabled in file /usr/lib/firefox/distribution/policies.json. To re-enable those features, delete the appropriate lines in that file.
    I was disappointed how slow FF was to startup on the Compaq Presario. SeaMonkey starts much faster. It was also a concern to see the Internet data activity lights continually green in the systray -- FF was only looking at a static page, so why is it transferring so much?
    Muted sound is easy to fix. Right-click on the audio systray icon, choose "Preferences" will run pavucontrol (Pulseaudio Volume Control) which has a mute/unmute button.

    MSCW, I need to work on that. It is functional, but the code is still very ALSA-oriented.

  • Vivaldi messes up their Debian repo and causes Apt sources errors. Mozilla Firefox continues falling apart. Moving my daily browsing to GNOME Web.

    This morning I got an error from Apt in Debian.

    It turned out that Vivaldi had misconfigured their Debian repo, and it was stopping the i386 multiarch repository from updating.

    So I got punchy and removed Vivaldi, its .config and .cache subfolders, their repos, and their two GPG keys.

    Is that an extreme reaction? No. If you can’t manage your Apt configuration responsibly, I remove you. You can mess up and create a hassle for a lot of people, so you should watch what you are doing.

    Mozilla’s subreddit shows the general state of the Firefox world.

    I got this error. “PR_END_OF_FILE_ERROR” instead of loading sites. It happened on Amazon and a few other sites. First, I thought it was something wrong with my connection, or the site. Nope. Another Firefox bug.

    GNOME Web has a few bugs, but nothing nearly so annoying as the degenerate state Firefox is in. So I’m just going to go full time GNOME Web 41 Flatpak…. and maybe keep Ungoogled Chromium or something around in case I have to log in to T-Mobile, in which case “We have our wires crossed. Ooops.” no matter how your Firefox is configured, when you try to log in. LibreWolf too, why not?

    Since Flatpak apps are self-contained, this will also hopefully prevent disaster from spilling over into my system all for want of a web browser.

    LibreWolf doesn’t just compile and patch out obnoxious junk that Firefox adds. It also removes minimally useful web platform crap that is a major attack surface through hardening of the user.js and prefs.js.

  • Mozilla Plays Matchmaker: Microsoft Store Now Offers Firefox for Windows 10 and 11 - FOSS Force

    The open source community hardly noticed this week when Microsoft opened its arms to its once arch rival in browser space, Firefox, the open source daughter of Netscape and for many years the only serious competition Microsoft’s Internet Explorer browser faced, by making the open source browser available in the Microsoft Store.

    A dozen or so years ago Microsoft would never consider putting open source software of any kind in an online store it managed, even if it had had one back then, which it didn’t. This would’ve been doubly true of a browser, because of its fear that losing the browser market meant losing its lucrative operating system market, which was largely bankrolling its operations. Remember, this was at the height of Ballmer administration, which proclaimed Linux and open source to be a communist cancer, or something like that.

    It’s just as unlikely that Firefox would have accepted any offer from Microsoft to make it easy for Windows users to find and install Firefox through a Microsoft platform. At that time, a decade or more of dirty tricks and FUD originating from Redmond had made the open source community wary and openly belligerent when it came to Microsoft, and Mozilla was dependent on the open source community.

WordPress Survey and Promotion of Monopolistic Browsers With DRM

Filed under
Web
  • Take the 2021 WordPress Annual Survey (and view the 2020 results)!

    Each year, members of the WordPress community (users, site builders, extenders, and contributors) provide their valuable feedback through an annual survey. Key takeaways and trends that emerge from this survey often find their way into the annual State of the Word address, are shared in the public project blogs, and can influence the direction and strategy for the WordPress Project.

    Simply put: this survey helps those who build WordPress understand more about how the software is used, and by whom. The survey also helps leaders in the WordPress open source project learn more about our contributors’ experiences.

  • Bogus “Unsupported Browser” errors on WordPress.com

    Logging in to WordPress.com in GNOME Web 41 from Flatpak results in a page called “Browse Happy” that says I need a different browser.

    This made me unhappy.

    The options are to continue anyway, or learn about supported browsers on https://browsehappy.com/ which implies that not using a “GAFAM” browser puts you at risk on the web.

    I filed a bug report on GNOME Web in the hopes they can add a UA quirk for WordPress that makes it think I use another browser.

cURL Releases and Raves by Daniel Stenberg

Filed under
Web
  • curl 7.80.0 post quantum
  • The curl v8 plan

    For a long time I have been wanting to avoid us to ever reach curl version 7.100.0. I strongly suspect that going three-digits in the minor number will cause misunderstandings and possibly even glitches in people’s comparison scripts etc. If nothing else, it is just a very high number to use in a version string and I believe we would be better off by starting over. Reset the clock so to speak.

    Given that, a curl version 8.0.0 is inevitably going to have to happen and since we do releases every 8 weeks and we basically bump the version number in just about every release, there is a limited amount of time left to avoid the minor number to reach 100. We just shipped curl 7.80.0, so we have less than 20 release cycles in the worst case; a few years.

    A while ago it struck me that we have a rather big anniversary coming up, also within a few years, and that is curl’s 25th birthday.

  • The most used software components in the world

    We can’t know for sure which products are on the top list of the most widely deployed software components. There’s no method for us to count or estimate these numbers with a decent degree of certainty. We can only guess and make rough estimates – and it also depends on exactly what we count. And quite probably also depending on who‘s doing the counting.

    First, let’s acknowledge that SQLite already hosts a page for mostly deployed software module, where they speculate on this topic (and which doesn’t even mention curl). Also, does this count number of devices running the code or number of installs? If we count devices, does virtual machines count? Is it the number of currently used installations or total number of installations done over the years?

  • My first 25 years of HTTP

    I like figuring out even or somehow particularly aligned numbers and dates to celebrate. Here’s another one: today marks the day when httpget 0.1 was released in 1996.

    httpget 0.1 was a tiny command line tool written by Rafael Sagula. It was less than 300 lines of C code. (Today, the product code is 173,000 lines!)

    I found httpget just days after it was released when I was searching for a tool to use for downloading currency rates with from an HTTP site. This was the time before Google existed so I assume I used Altavista or something. I can’t remember actually.

  • Hackad: curl use on TV

    There’s this new TV-show on Swedish Television (SVT) called Hackad (“hacked” in English), which is about a team of white hat hackers showing the audience exactly how vulnerable lots of things, people and companies are and how they can be hacked using various means. In the show the hackers show how they hack into peoples accounts, their homes and their devices.

    Generally this is done in a rather non-techy way as they mostly describe what they do in generic terms and not very specifically or with technical details. But in some short sequences the camera glances over a screen where source code or command lines are shown.

  • curl installations per capita

    I’ve joked with friends and said that we should have a competition to see whom among us have the largest number of curl installations in their homes. This is of course somewhat based on that I claim that there are more than ten billion curl installations in the world. That’s more installations than humans. How many curl installations does an average person have?

    Amusingly, someone also asked me this question at curl presentation I did recently.

    I decided I would count my own installations to see what number I could possibly come up with, ignoring the discussion if I’m actually could be considered “average” in this regard or not. This counting includes a few assumptions and estimates, but this isn’t a game we can play with complete knowledge. But no crazy estimates, just reasonable ones!

  • One new contributor every 3.4 days

    In the curl project we keep track of and say thanks to every single contributor. That includes persons who report bugs or security problems, who run infrastructure for us, who assist in debugging or fixing problems as well as those who author code or edit the website. Those who have contributed to make curl to what it is.

    Exactly today October 4th 2021, we reached 2,500 names in this list of contributors for the first time. 2,500 persons since the day curl was created back in March 1998. 2,500 contributors in 8599 days. This means that on average we’ve seen one new contributor helping out in the project every 3.44 days for almost twenty-four years. Not bad at all.

Syndicate content

More in Tux Machines

Graphics: RenderDoc, Mesa, and Vulkan

  • RenderDoc 1.17 Released For This Leading Open-Source Graphics Debugging Tool - Phoronix

    RenderDoc 1.17 released this week as the newest version of this leading cross-platform, cross-API graphics debugging utility. RendertDoc 1.17 continues to be a gem for developers working with Vulkan and OpenGL along with Direct3D 11/12. RenderDoc as the MIT-licensed frame-capture-based graphics debugger works extremely well for game/engine developers as well as GPU driver developers in working through different issues.

  • DMA-BUF Feedback Support For Wayland Lands In Mesa 22.0's EGL Code - Phoronix

    Landing in Mesa on Black Friday was DMA-BUF Feedback support within the EGL code as another important step forward for Wayland. Introduced earlier this week was Wayland Protocols 1.24 and the primary addition to that collection of protocols is DMA-BUF feedback support. The DMA-BUF "feedback" support is important for Wayland multi-GPU systems where needing to know more information about the GPU device used by the compositor and for being able to efficiently exchange buffers between the secondary and primary GPUs.

  • RADV Vulkan Driver Finally Adds VK_KHR_synchronization2 Support - Phoronix

    The Mesa Radeon Vulkan driver "RADV" has added support for the prominent VK_KHR_synchronization2 extension introduced earlier this year. Added back in February with Vulkan 1.2.170 was VK_KHR_synchronization2 for simplifying the core synchronization APIs of this industry-standard graphics API. VK_KHR_synchronization2 makes Vulkan synchronization handling easier to deal with Those interested in the changes with the "synchronization2" revision can see this Khronos blog post going over the Vulkan synchronization handling in detail along with the changes from this extension.

Kernel: Futex2, Fixes, and Other New Features for Linux 5.16

  • Futex2 Brings Linux Gaming To The Next Level - Invidious

    Futex2 has been a work in progress by Valve and collabora for a very long time and it seems like it's finally going to make it's way into the kernel.

  • Patch out for Alder Lake Linux bug that reminds of the Windows 11 Ryzen CPPC issue - Neowin

    Linux boss Linus Torvalds merged earlier today several important patches for Intel CPU generally related to performance states (P-states) on Linux.

  • Linux 5.16 Merges Fix For One Of The Intel Alder Lake Issues - Phoronix

    Merged this Friday afternoon into the Linux 5.16 development kernel is fixing a performance issue affecting some Intel Alder Lake motherboards. The fix merged a short time ago is the item previously covered within Linux ITMT Patch Fixes Intel "Alder Lake" Hybrid Handling For Some Systems. As explained in that prior article, TurboBoost Max 3.0 / ITMT (Turbo Boost Max Technology) code within the kernel isn't being enabled for some systems, particularly if overclocking or even any memory XMP / optimal settings. The ASUS Z690 board I've been primarily using for the i9-12900K was affected as are numerous other boards. I've also heard reports of some motherboards running purely stock are even having this issue.

  • Intel Preparing USI Stylus Support For Linux - Phoronix

    Intel open-source driver engineers have been working on USI stylus support for the Linux kernel. The Universal Stylus Initiative (USI) aims to offer interoperability of active styluses across touchscreen devices. The Universal Stylus Initiative has a goal of allowing all styluses that comply with USI to work across devices. USI is backed by the likes of Google who wants to see USI working uniformally across Chromebooks, Dell and other hardware vendors, Intel is also involved and leading the upstream Linux support patches, and peripheral vendors like Logitech are also supporting the standard. Other big names like Wacom, Samsung, and many other players from desktop to laptops to mobile.

Open Hardware/Modding With LineageOS and Arduino

  • Ham Radio Gets Brain Transplant | Hackaday

    Old radios didn’t have much in the way of smarts. But as digital synthesis became more common, radios often had as much digital electronics in them as RF circuits. The problem is that digital electronics get better and better every year, so what looked like high-tech one year is quaint the next. [IMSAI Guy] had an Icom IC-245 and decided to replace the digital electronics inside with — among other things — an Arduino.

  • My phone - November 2021

    My current phone is the Google Pixel 3a from 2019. It’s running the LineageOS operating system without the Open GApps stack (GApps is short for “Google Apps”). This means there’s no proprietary software or tracking from Google on the phone by default.

  • PiGlass V2 Embraces The New Raspberry Pi Zero 2 | Hackaday

    Well, that certainly didn’t take long. It’s been just about a month since the Raspberry Pi Zero 2 hit the market, and we’re already seeing folks revisit old projects to reap the benefits of the drop-in upgrade that provides five times the computational power in the same form factor. Take for example the PiGlass v2 that [Matt] has been working on. He originally put the Pi Zero wearable together back in 2018, and while it featured plenty of bells and whistles like a VuFine+ display, 5 MP camera, and bone conduction audio, the rather anemic hardware of the original Zero kept it from reaching its true potential.

October/November in KDE Itinerary

Since the last summary KDE Itinerary has been moving with big steps towards the upcoming 21.12 release, with work on individual transport modes, more convenient ticket access, trip editing, a new health certificate UI, better transfer handling and many more improvements.

New Features
Current ticket access A small but very convenient new addition is the “Current ticket” action, which immediately navigates you to the details page of the most current element on the itinerary. That comes in handy when having to show or scan your ticket and avoids having to find the right entry in the list in a rush. This action is now also accessible from jump list actions in the taskbar on Linux, or app shortcuts on Android. Combined with the easily accessible barcode scanmode mentioned last time it’s now just two clicks or taps to get ready for a ticket check. Read more