Language Selection

English French German Italian Portuguese Spanish

Web

Web Server Survey and Security

Filed under
Server
Security
Web
  • November 2021 Web Server Survey | Netcraft News

    In the November 2021 survey we received responses from 1,175,392,792 sites across 267,027,794 unique domains and 11,525,855 web-facing computers. This reflects a loss of 4.06 million sites, but a gain of 1.60 million domains and 137,000 computers.

    nginx gained the largest number of domains (+741,000) and web-facing computers (+81,300) this month and continues to lead in both metrics with market shares of 30.1% and 37.3%.

    Further down in the market, there was also a noticeable increase in the total number of web-facing computers running LiteSpeed, which went up by 11,200 to 101,000 (+12.5%), although this resulted in only a 1.44% increase in domains. These counts include sites that run on LiteSpeed Web Server and its open source variant, OpenLiteSpeed, both of which exhibit the same “LiteSpeed” server banner.

    Both nginx and Apache lost nearly 4 million hostnames each, reducing their sites market shares to 34.7% and 24.4%. Meanwhile, Cloudflare gained 1.15 million sites, which has taken its total up to 58.6 million (+2.00%) and increased its sites share to 4.99%.

    nginx and Apache also suffered losses amongst the top million websites, paving the way for Microsoft to increase its presence by 2,369 sites (+3.75%). Microsoft web server software is now used by 65,600 of the top million sites, but Apache is still the most commonly used web server in this sector, with 240,000 of the top million sites using it, and nginx is not far behind with 224,000.

  • Security updates for Tuesday [LWN.net]

    Security updates have been issued by Debian (mbedtls), Red Hat (kernel and rpm), and Ubuntu (freerdp2).

  • Over a million WordPress sites breached | ZDNet

    WordPress is far more than just blogs. It powers over 42% of all websites. So whenever there's a WordPress security failure, it's a big deal. And now GoDaddy, which is the top global web hosting firm with tens of millions more sites than its competition, reports that data on 1.2 million of its WordPress customers has been exposed.

A big hey! from diaspora*

Filed under
Web

You might have been wondering what happened to diaspora*. Well, although we’ve been a bit quiet, we haven’t gone away! In fact, some big things have been happening in the background that we’re really excited about, and now it’s come to the time for us to tell you about them.

Read more

Google Chrome vs Chromium: What’s the difference?

Filed under
Web

Google Chrome is the most popular web browser. No matter whether you prefer to use it, Chrome manages to offer a good user experience.

Even though it is available for Linux, it is not an open-source web browser.

And, if you need the look and feel of Google Chrome but want to use an open-source solution, Chromium can be your answer.

But isn’t Google Chrome based on Chromium? (that’s a Yes.) And, it’s also developed by Google? (Also, Yes.)

So, what are the differences between Chrome and Chromium? In this article, we shall take an in-depth look at both of them and compare them while presenting some benchmarks.

Read more

today's leftovers

Filed under
Web
Misc
  • What is Clear Linux? — Most Powerful Operating System in 2022

    The most powerful Operating and Best Kept Secret of 2021. There is a new kid on the block, Clear Linux by Intel.

  • This Portal fan brought Wheatley to life as his own personal assistant [ed: This is a listening device of (or for) Amazon]

    The video game Portal 2 is widely regarded as a classic that introduced players to several memorable characters, including one of the main protagonists-turned-antagonists, Wheatley. This anthropomorphized personal assistance robot was able to move, speak, and listen/respond to speech from a user, which is exactly what Steve Turner was trying to recreate when he built his own version of Wheatley. His animatronic device starts by waking up, and from there it selects a folder of audio files to play at random. Additionally, its AI-powered interactivity is provided by an Amazon Echo Dot via Alexa and the Arduino Cloud.

  • Dynatrace : Managed release notes version 1.230
  • Digital world seen moving into 'authoritarian space' | Reuters

    From blocking websites to forcing companies to share user data, governments – including democracies – are increasingly resorting to "authoritarian" methods to control the internet, tech experts warned on Thursday.

    Governments like China and Russia are blocking social media content, requiring firms to submit to data surveillance, and silencing journalists and activists online, panelists told the Thomson Reuters Foundation's annual Trust Conference.

    "The digital world is increasingly moving into an authoritarian space," said Alina Polyakova, head of the Center for European Policy Analysis, a U.S.-based think-tank.

  • Web trust dies in darkness: Hidden Certificate Authorities undermine public crypto infrastructure

    Security researchers have checked the web's public key infrastructure and have measured a long-known but little-analyzed security threat: hidden root Certificate Authorities.

    Certificate Authorities, or CAs, vouch for the digital certificates we use to establish trust online. You can be reasonably confident that your bank website is actually your bank website when it presents your browser with an end-user or leaf certificate that's linked through a chain of trust to an intermediate certificate and ultimately the X.509 root certificate of a trusted CA.

    Each browser relies on a trust store consisting of a hundred or so root certificates that belong to a smaller set of organizations. Mozilla's CA Certificate List for example currently has 151 certs representing 53 organizations.

    Some of the more well-known CAs in the US include IdenTrust, DigiCert, Sectigo, and Let's Encrypt.

  • From Myanmar to Sudan, autocratic regimes have weaponised internet shutdowns. Time to fight back.

    Internet censorship is nearly as old as the internet itself. While much of the theorizing about the early internet viewed it as a free and open space for the exchange of new ideas, a number of governments had different ideas about its potential.

    While China is well-known for its sophisticated internet censorship apparatus, several governments across the Middle East and North Africa — including Tunisia, Saudi Arabia, and Syria—were early adopters of certain censorship tactics such as keyword filtering and DNS tampering. Similar to China, these countries targeted a range of content, including sites that offered information about human rights violations, sex, and certain religions, as well as those that encouraged political opposition.

    But in recent years, governments have taken the more decidedly extreme tactic of cutting off internet access entirely, depriving their citizens of a lifeline to the world...and each other, a tactic that Human Rights Watch has rightly called "collective punishment."

Chrome 97 Beta, Firefox Add-ons, and Firefox Nightly

Filed under
Google
Moz/FF
Web

  • Chrome Releases: Beta Channel Update for Desktop

    The Chrome team is excited to announce the promotion of Chrome 97 to the Beta channel for Windows, Mac and Linux. Chrome 97.0.4692.20 contains our usual under-the-hood performance and stability tweaks, but there are also some cool new features to explore - please head to the Chromium blog to learn more!

  • Chrome 97 Beta Released With WebTransport API, HDR Media Queries - Phoronix

    Most notable with today's Chrome 97 beta release is initial support for WebTransport. WebTransport is a protocol framework similar to WebRTC data channels but principally for clients constrained by the web security model to communicate with a remote server using a secure, multi-plexed transport. WebTransport uses the HTTP/3 protocol for bidirectional transport. Unlike WebSockets that is TCP-based, WebTransport relies on UDP-like datagrams and cancellable streams. Learn more about WebTransport via the W3C working draft at W3.org.

  • The magic of mouse gestures - Firefox Add-ons Blog

    Mouse gestures are mouse movement and key combinations that give you the power to customize the way you maneuver around web pages. If your online work requires a fair amount of distinct, repetitive activity—things like rapid page scrolling, opening links in background tabs, closing batches of open tabs, etc.—the right mouse gesture can make a major impact on your task efficiency. Here are a few browser extensions that provide excellent mouse gesture features…

  • Firefox Nightly: These Weeks in Firefox: Issue 104

    A big thank you to all the Outreachy applicants who applied for this cycle.

Browsers: GNOME Web, Brave

Filed under
Web
  • 50,000 rules is not enough for Safari Content Blockers and I’m not hopeful that the situation will improve for GNOME Web, despite “WebExtensions” coming.

    GNOME Web uses WebkitGTK, which is basically an improved version of the one that Safari has. (No DRM modules and support for open media codecs.)

    However, it has some of the same limitations. One of these is using Content Blockers for the ad blocking. GNOME Web previously had one that was much, much worse, and caused many bugs, and ate RAM like it was going out of style, and was only partially compatible with Adblock Plus.

    So deleting it out of the browser and moving to use Webkit Content Blockers was a win by that measure.

    However, Apple is such a piece of shit company that they designed the scheme so that you’re limited to 50,000 rules. To put that in perspective, in most of my browsers, I have twice that many, and no, they don’t slow the browser down at all, because uBlock-Origin is efficient.

  • Brave embeds a cryptocurrency wallet right in the browser

    Brave version 1.32 includes a dedicated wallet built right into the browser, in which users can store their private keys for various cryptocurrency holdings. (Read our review of Brave 1.0.) The company claims that the direct integration is more secure than a third-party browser plugin, but also allows users to connect with hardware wallet devices like Trezor and Ledger. Brave’s wallet also provides real-time market information as well as the ability to buy and pay via various cryptocurrencies.

Web Browsers: Microsoft Aggression, Google Chrome Release, Tor Browser 11.0.1, and More

Filed under
Web
  • Microsoft blocks another way to avoid Edge within Windows 11

    Microsoft has begun taking an even more aggressive stance in its efforts to prevent users from choosing their own browser on Windows 11, blocking a small developer’s tool that served as a workaround to enable browser choice.

  • Chrome Releases: Stable Channel Update for Desktop

    The Chrome team is delighted to announce the promotion of Chrome 96 to the stable channel for Windows, Mac and Linux. Chrome 96 is also promoted to our new extended stable channel for Windows and Mac. This will roll out over the coming days/weeks.

  • Google Releases Chrome 96 With Back-Forward Cache Enabled For The Desktop - Phoronix

    Google has released Chrome 96 a day early as the latest routine update to their cross-platform web browser.

    Coming with Chrome 96 is an assortment of mostly minor developer feature additions, some user improvements like the back-forward cache for the desktop, and fixes along with never-ending security work.

  • New Release: Tor Browser 11.0.1

    Tor Browser 11.0.1 is now available from the Tor Browser download page and also from our distribution directory.

    This version provides important bug fixes on Windows, MacOS, and Linux, and includes blockchain explorer Blockchair as a search option.

  • Tweaking Firefox preferences

Web Browsers: More DRM and More Broken Web

Filed under
Web
  • Bypass some paywalls and in-page pop-ups by forcing GNOME Web into Reader Mode.

    Some sites claim they aren’t compatible with a browser’s reader mode to prevent users from clicking on it and bypassing Admiral, paywalls, and other junk.

    Tip: putting ephy-reader: in the front of the URL in GNOME Web and hitting enter forces it into Reader Mode anyway, regardless of what the site wants.

  • EasyOS version 3.1.10 released

    As 3.1.10 has Firefox builtin, if you are going to do an update of an existing installation, get rid of any existing Firefox beforehand. It should be enough just to delete /mnt/wkg/sfs/esyos/oe/dunfell/firefox-*.sfs. At bootup of 3.1.10, the initrd will see that the SFS is no longer there, and will do a "cleanup" -- so there shouldn't be any "firefox" on the desktop after bootup.

    Firefox updating and hardware acceleration both caused trouble, so they have been permanently disabled in file /usr/lib/firefox/distribution/policies.json. To re-enable those features, delete the appropriate lines in that file.
    I was disappointed how slow FF was to startup on the Compaq Presario. SeaMonkey starts much faster. It was also a concern to see the Internet data activity lights continually green in the systray -- FF was only looking at a static page, so why is it transferring so much?
    Muted sound is easy to fix. Right-click on the audio systray icon, choose "Preferences" will run pavucontrol (Pulseaudio Volume Control) which has a mute/unmute button.

    MSCW, I need to work on that. It is functional, but the code is still very ALSA-oriented.

  • Vivaldi messes up their Debian repo and causes Apt sources errors. Mozilla Firefox continues falling apart. Moving my daily browsing to GNOME Web.

    This morning I got an error from Apt in Debian.

    It turned out that Vivaldi had misconfigured their Debian repo, and it was stopping the i386 multiarch repository from updating.

    So I got punchy and removed Vivaldi, its .config and .cache subfolders, their repos, and their two GPG keys.

    Is that an extreme reaction? No. If you can’t manage your Apt configuration responsibly, I remove you. You can mess up and create a hassle for a lot of people, so you should watch what you are doing.

    Mozilla’s subreddit shows the general state of the Firefox world.

    I got this error. “PR_END_OF_FILE_ERROR” instead of loading sites. It happened on Amazon and a few other sites. First, I thought it was something wrong with my connection, or the site. Nope. Another Firefox bug.

    GNOME Web has a few bugs, but nothing nearly so annoying as the degenerate state Firefox is in. So I’m just going to go full time GNOME Web 41 Flatpak…. and maybe keep Ungoogled Chromium or something around in case I have to log in to T-Mobile, in which case “We have our wires crossed. Ooops.” no matter how your Firefox is configured, when you try to log in. LibreWolf too, why not?

    Since Flatpak apps are self-contained, this will also hopefully prevent disaster from spilling over into my system all for want of a web browser.

    LibreWolf doesn’t just compile and patch out obnoxious junk that Firefox adds. It also removes minimally useful web platform crap that is a major attack surface through hardening of the user.js and prefs.js.

  • Mozilla Plays Matchmaker: Microsoft Store Now Offers Firefox for Windows 10 and 11 - FOSS Force

    The open source community hardly noticed this week when Microsoft opened its arms to its once arch rival in browser space, Firefox, the open source daughter of Netscape and for many years the only serious competition Microsoft’s Internet Explorer browser faced, by making the open source browser available in the Microsoft Store.

    A dozen or so years ago Microsoft would never consider putting open source software of any kind in an online store it managed, even if it had had one back then, which it didn’t. This would’ve been doubly true of a browser, because of its fear that losing the browser market meant losing its lucrative operating system market, which was largely bankrolling its operations. Remember, this was at the height of Ballmer administration, which proclaimed Linux and open source to be a communist cancer, or something like that.

    It’s just as unlikely that Firefox would have accepted any offer from Microsoft to make it easy for Windows users to find and install Firefox through a Microsoft platform. At that time, a decade or more of dirty tricks and FUD originating from Redmond had made the open source community wary and openly belligerent when it came to Microsoft, and Mozilla was dependent on the open source community.

WordPress Survey and Promotion of Monopolistic Browsers With DRM

Filed under
Web
  • Take the 2021 WordPress Annual Survey (and view the 2020 results)!

    Each year, members of the WordPress community (users, site builders, extenders, and contributors) provide their valuable feedback through an annual survey. Key takeaways and trends that emerge from this survey often find their way into the annual State of the Word address, are shared in the public project blogs, and can influence the direction and strategy for the WordPress Project.

    Simply put: this survey helps those who build WordPress understand more about how the software is used, and by whom. The survey also helps leaders in the WordPress open source project learn more about our contributors’ experiences.

  • Bogus “Unsupported Browser” errors on WordPress.com

    Logging in to WordPress.com in GNOME Web 41 from Flatpak results in a page called “Browse Happy” that says I need a different browser.

    This made me unhappy.

    The options are to continue anyway, or learn about supported browsers on https://browsehappy.com/ which implies that not using a “GAFAM” browser puts you at risk on the web.

    I filed a bug report on GNOME Web in the hopes they can add a UA quirk for WordPress that makes it think I use another browser.

cURL Releases and Raves by Daniel Stenberg

Filed under
Web
  • curl 7.80.0 post quantum
  • The curl v8 plan

    For a long time I have been wanting to avoid us to ever reach curl version 7.100.0. I strongly suspect that going three-digits in the minor number will cause misunderstandings and possibly even glitches in people’s comparison scripts etc. If nothing else, it is just a very high number to use in a version string and I believe we would be better off by starting over. Reset the clock so to speak.

    Given that, a curl version 8.0.0 is inevitably going to have to happen and since we do releases every 8 weeks and we basically bump the version number in just about every release, there is a limited amount of time left to avoid the minor number to reach 100. We just shipped curl 7.80.0, so we have less than 20 release cycles in the worst case; a few years.

    A while ago it struck me that we have a rather big anniversary coming up, also within a few years, and that is curl’s 25th birthday.

  • The most used software components in the world

    We can’t know for sure which products are on the top list of the most widely deployed software components. There’s no method for us to count or estimate these numbers with a decent degree of certainty. We can only guess and make rough estimates – and it also depends on exactly what we count. And quite probably also depending on who‘s doing the counting.

    First, let’s acknowledge that SQLite already hosts a page for mostly deployed software module, where they speculate on this topic (and which doesn’t even mention curl). Also, does this count number of devices running the code or number of installs? If we count devices, does virtual machines count? Is it the number of currently used installations or total number of installations done over the years?

  • My first 25 years of HTTP

    I like figuring out even or somehow particularly aligned numbers and dates to celebrate. Here’s another one: today marks the day when httpget 0.1 was released in 1996.

    httpget 0.1 was a tiny command line tool written by Rafael Sagula. It was less than 300 lines of C code. (Today, the product code is 173,000 lines!)

    I found httpget just days after it was released when I was searching for a tool to use for downloading currency rates with from an HTTP site. This was the time before Google existed so I assume I used Altavista or something. I can’t remember actually.

  • Hackad: curl use on TV

    There’s this new TV-show on Swedish Television (SVT) called Hackad (“hacked” in English), which is about a team of white hat hackers showing the audience exactly how vulnerable lots of things, people and companies are and how they can be hacked using various means. In the show the hackers show how they hack into peoples accounts, their homes and their devices.

    Generally this is done in a rather non-techy way as they mostly describe what they do in generic terms and not very specifically or with technical details. But in some short sequences the camera glances over a screen where source code or command lines are shown.

  • curl installations per capita

    I’ve joked with friends and said that we should have a competition to see whom among us have the largest number of curl installations in their homes. This is of course somewhat based on that I claim that there are more than ten billion curl installations in the world. That’s more installations than humans. How many curl installations does an average person have?

    Amusingly, someone also asked me this question at curl presentation I did recently.

    I decided I would count my own installations to see what number I could possibly come up with, ignoring the discussion if I’m actually could be considered “average” in this regard or not. This counting includes a few assumptions and estimates, but this isn’t a game we can play with complete knowledge. But no crazy estimates, just reasonable ones!

  • One new contributor every 3.4 days

    In the curl project we keep track of and say thanks to every single contributor. That includes persons who report bugs or security problems, who run infrastructure for us, who assist in debugging or fixing problems as well as those who author code or edit the website. Those who have contributed to make curl to what it is.

    Exactly today October 4th 2021, we reached 2,500 names in this list of contributors for the first time. 2,500 persons since the day curl was created back in March 1998. 2,500 contributors in 8599 days. This means that on average we’ve seen one new contributor helping out in the project every 3.44 days for almost twenty-four years. Not bad at all.

Syndicate content

More in Tux Machines

Kernel and Graphics: Linux Stuff and GPUs

  • Facebook/Meta Tackling Transparent Page Placement For Tiered-Memory Linux Systems - Phoronix

    Back during the Linux 5.15 cycle Intel contributed an improvement for tiered memory systems where less used memory pages could be demoted to slower tiers of memory storage. But once demoted that kernel infrastructure didn't have a means of promoting those demoted pages back to the faster memory tiers should they become hot again, though now Facebook/Meta engineers have been working on such functionality.  Prior to the Linux 5.15 kernel, during the memory reclaim process when the system RAM was under memory pressure was to simply toss out cold pages. However, with Linux 5.15 came the ability to shift those cold pages to any slower memory tiers. In particular, modern and forthcoming servers with Optane DC persistent memory or CXL-enabled memory, etc. Therefore the pages are still accessible if needed but not occupying precious system DRAM if they aren't being used and to avoid just flushing them out or swapping to disk. 

  • Linux 5.17 To Boast Latency Optimization For AF_UNIX Sockets - Phoronix

    Net-next has been queuing a number of enticing performance optimizations ahead of the Linux 5.17 merge window kicking off around the start of the new year. Covered already was a big TCP optimization and a big improvement for csum_partial() that is used in the network code for checksum computation. The latest optimization is improving the AF_UNIX code path for those using AF_UNIX sockets for local inter-process communication.  A new patch series was queued up on Friday in net-next for improving the AF_UNIX code. That patch series by Kuniyuki Iwashima of Amazon Japan is ultimately about replacing AF_UNIX sockets' single big lock with per-hash locks. The series replaces the AF_UNIX big lock and also as part of the series has a speed-up to the autobind behavior. 

  • Nvidia Pascal GPU, DX12 and VKD3D: Slideshow time! - Boiling Steam

    So Horizon Zero Dawn had a sale recently on Fanatical, and I thought… OK I’ll grab it! It’s time. I first installed it on my workstation that only has a GTX1060 3GB GPU – not a workhorse but a decent card nonetheless for low-to-medium end gaming. I knew very well that Horizon Zero Dawn is a DX12 game and that Pascal architecture (Nvidia 10xx basically) and earlier versions do not play very well with DX12 games running through vkd3d-proton, the DX12 to Vulkan translation layer. Still, I could imagine getting somewhere around 30 FPS on low-to-medium settings, and use FSR if necessary to get to better framerates. Nothing prepared me for the performance I was about to experience.

Linux 5.16-rc3

So rc3 is usually a bit larger than rc2 just because people had some
time to start finding things.

So too this time, although it's not like this is a particularly big
rc3. Possibly partly due to the past week having been Thanksgiving
week here in the US. But the size is well within the normal range, so
if that's a factor, it's not been a big one.

The diff for rc3 is mostly drivers, although part of that is just
because of the removal of a left-over MIPS Netlogic driver which makes
the stats look a bit wonky, and is over a third of the whole diff just
in itself.

If you ignore that part, the statistics look a bit more normal, but
drivers still dominate (network drivers, sound and gpu are the big
ones, but there is noise all over). Other than that there's once again
a fair amount of selftest (mostly networking), along with core
networking, some arch updates - the bulk of it from a single arm64
uaccess patch, although that's mostly because it's all pretty small -
and random other changes.

Full shortlog below.

Please test,

             Linus
Read more Also: Linux 5.16-rc3 Released With Alder Lake ITMT Fix, Other Driver Fixes - Phoronix

Audiocasts/Shows: Endless OS 4.0.0, GIMP, BSD, KDE, and Elementary

today's howtos

  1. How to install FreeOffice 2021 on Ubuntu 20.04 Linux

    One of the best free alternatives to Microsoft Office is FreeOffice, developed by a German software company- SoftMaker. Recently, they have upgraded their Office suite to version 21. And here we learn the steps to install FreeOffice 2021 version on Ubuntu 20.04 Linux using the command terminal. This free office suite is a part of the commercial one from the same developers known as SoftMaker Office 21 (also available for Linux), of course, the premium will have more features but that doesn’t mean the free version- FreeOffice 2021 deprives to full fill all daily office documents (MS-Word alternative) related requirements. It offers a Microsoft office ribbon-like interface and three modules- TextMaker 21 to create documents; PlanMaker 21 to create sheets (Excel alternative) and Presentations 21 for making slides like MS-Powerpoint.

  2. Pin Custom Folders to Left Panel ‘Files’ Icon Context Menu in Ubuntu 20.04 | UbuntuHandbook

    In Windows 10, user may right-click on the ‘File Explorer’ icon on panel to access pinned folders (e.g., Desktop, Downloads and Documents) quickly. Ubuntu has first implemented this feature in Ubuntu 21.10, though it seems to be not working properly due to bug. Ubuntu 20.04 may manually add the context (right-click) menu options so user can right-click on the ‘Files’ icon to choose open favorite folders quickly.

  3. How To Install Perl on AlmaLinux 8 - idroot

    In this tutorial, we will show you how to install Perl on AlmaLinux 8. For those of you who didn’t know, Perl (Practical Extraction and Reporting Language) is a general-purpose programming language originally developed for text manipulation and now used for a wide range of tasks including system administration, web development, network programming, GUI development, and more. The major features of Perl are easy to use, supports object-oriented and procedural programming languages, and has built-in support for processing text. The most impressive feature of Perl is that it supports a large collection of third-party modules. This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of the Perl programming language on AlmaLinux 8. You can follow the same instructions for Rocky Linux.

  4. How to play Total War: WARHAMMER on Linux

    Total War: Warhammer is a turn-based real-time tactics video game developed by Creative Assembly and published by Sega. It takes place in the War Hammer 40K universe. Here’s how you can play it on your Linux PC.

  5. How to install Funkin' Vs. Camellia on a Chromebook

    Today we are looking at how to install Funkin' Vs. Camellia on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.