Month: January 2018

https://venturebeat.com/2018/01/24/chrome-64-arrives-with-stronger-pop-up-blocker-and-new-developer-features/

~ brucelandonblog ~ Leave a comment

Chrome 64 arrives with stronger pop-up blocker and new developer features

@EPRO

Google today launched Chrome 64 for Windows, Mac, and Linux. Additions in this release include a stronger pop-up blocker and a slew of developer features. You can update to the latest version now using the browser’s built-in silent updater or download it directly from google.com/chrome.

Chrome is arguably more than a browser. With over 1 billion users, it’s a major platform that web developers have to consider. In fact, with Chrome’s regular additions and changes, developers have to keep up to ensure they are taking advantage of everything available.

First up, Chrome 64 has a stronger pop-up blocker that prevents sites with abusive experiences from opening new tabs or windows. These include third-party websites disguised as play buttons, other site controls, or even transparent overlays on websites that capture all clicks. If you’re a site owner, you can use the Abusive Experiences Report in the Google Search Console to see if your site has been found with abusive experiences.

Chrome 64 also brings support for the Resize Observer API, which gives web applications finer control over changes to sizes of elements on a page. Responsive web apps currently use CSS media queries or window.onresize to build responsive components that adapt to different viewport sizes, but these are both global signals and require the overall viewport to change in order for the site to respond accordingly.

Chrome now also supports the import.meta property within JavaScript modules that expose the module URL via import.meta.url. This is useful to developers writing JavaScript modules who want access to host-specific metadata about the current module or library authors who want to access the URL of the module being bundled into the library.

Developers will also want to know that Chrome 64 includes an update to the V8 JavaScript engine: version 6.4. You can expect the usual speed and memory improvements, plus new ECMAScript language features. Check out the summary of API changes for more information.

Chrome 64 was supposed to stop sites from autoplaying content with sound. We tested this and it appears the feature has not been turned on, even though it does work in non-stable versions.

Chrome 63 was supposed to include an option to completely disable audio for whole sites. It didn’t make it into that version, but it is available in Chrome 64, so it’s possible Google might simply be running behind schedule. Presumably by Chrome 65, if not sooner, Google’s browser will disable all autoplaying content with sound.

Other developer features in this release (some are mobile-specific):

  • The offset-path property can be used to animate an element by specifying the geometry of the path that an element moves along.
  • Developers can now use the text-decoration-skip-ink CSS property to control how overlines and underlines are drawn when they cross over a glyph.
  • Coordinates of PointerEvent with pointerType=mouse are now fractional, resulting in more precise mouse measurements.
  • To improve developer experience, Chrome now supports named captures in regular expressionsallowing developers to assign meaningful names to portions of a string that a regular expression matches.
  • Chrome now supports the Unicode property escapes \p{…} and \P{…} for regular expressions that have the u flag set, allowing developers to create more powerful Unicode-aware regular expressions.
  • To assist with local-aware formatting of strings produced by internationalization formatters, developers can now use Intl.NumberFormat.prototype.formatToParts() to format a number to a list of tokens and their type. Thanks to Igalia for helping make this happen!
  • Matching other browser implementations, Chrome now sets the default preload value for <video> and <audio> elements to metadata in order to reduce bandwidth and resource usage by only loading resource metadata and not the media resource itself.
  • Chrome now supports HDR video playback when Windows 10 is in HDR mode, enabling developers to provide users with HDR VP9 Profile 2 10-bit videos.
  • To support compatibility with the HTML Spec, Chrome now throws a “NotSupportedError” DOMException when a media element’s playbackRate is set to a value not supported by Chrome, like negative values.
  • Chrome now supports the Media Capabilities API in Origin Trials, enablingdevelopers to know whether an audio or video playback will be smooth and power-efficient based on previous performance statistics.
  • To match the Media Capture and Streams spec, getUserMedia() returns a rejected Promise with DOMException or OverconstrainedError when there is an error.
  • Developers can now use the cache option to specify the cache mode of a Request.
  • Developers can now use Request.prototype.cache to view the cache mode of a Request and determine whether a request is a reload request.
  • To better align with the Permissions API spec, the Permissions API can now be used to query the status of the camera and microphone permissions.
  • In Focus Management APIs, developers can now focus an element without scrolling to it by using the preventScroll attribute.
  • To allow developers to transform and change position of transformed SVG elements, Chrome now supports transform-box for SVG elements. Thanks to Opera for making this happen!
  • AudioWorklet, an API that exposes low-level audio processing capability to support custom AudioNodes, is now available in origin trials and the experimental flag.
  • To align with the WebRTC 1.0 spec, RTCPeerConnection now supports addTrack() for single stream use cases, as well as removeTrack(), getSenders(), ontrack, and a minimal version of the RTCRtpSender interface.
  • To improve interoperability and end user experience, window.alert() no longer brings a backgrounded tab to the foreground but instead shows the alert when the user switches to the background tab.
  • Similar to macOS, Chrome notifications sent through the Notifications APIorcolor: black; font-family: chrome.notifications on Linux are now showndirectly by the Linux native notification system.
  • To align with the spec, getMatchedCSSRules has been removed and developers can use the Blink polyfill instead.
  • Following the deprecation in Chrome 45, elements can no longer host more than one Shadow Root.
  • To encourage adoption of standardized loading metrics API such as Navigation Timing 2nextHopProtocol, and Paint Timing API, Chrome is deprecating the non-standardized chrome.loadTimes API.

For what’s new in the browser’s DevTools, check out the release notes.

Chrome 64 also implements x security fixes. The following ones were found by external researchers:

  • [$3000][780450] High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
  • [$2000][787103] High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
  • [$1000][793620] High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09
  • [$4000][784183] Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
  • [$2500][797500] Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
  • [$2000][789952] Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK’s National Cyber Security Centre (NCSC) on 2017-11-30
  • [$1000][753645] Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09
  • [$1000][774174] Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12
  • [$1000][775527] Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
  • [$1000][778658] Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-26
  • [$500][760342] Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
  • [$500][773930] Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
  • [$500][785809] Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
  • [$TBD][797497] Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
  • [$TBD][798163] Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
  • [$TBD][799847] Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08
  • [$500][763194] Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
  • [$500][771848] Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05
  • [$500][774438] Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent’s Xuanwu Lab on 2017-10-13
  • [$500][774842] Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
  • [$N/a][441275] Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
  • [$N/A][615608] Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
  • [$N/A][758169] Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23
  • [$N/A][797511] Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24
  • [805285] Various fixes from internal audits, fuzzing and other initiatives

Google thus spent at least $22,000 in bug bounties for this release. As always, the security fixes alone should be enough incentive for you to upgrade.

Google releases a new version of its browser every six weeks or so. Chrome 64 will arrive by late January.

In related news, Google released Chrome 64 for Android yesterday. In addition to the usual performance and stability improvements, this version has the same stronger ad blocker as the desktop version that prevents sites with abusive ad experiences from opening new windows or tabs.

 

https://www.nytimes.com/2018/01/24/technology/personaltech/huawei-mate-10-pro-smartphone-review.html

~ brucelandonblog ~ Leave a comment

Meet the $800 Smartphone That You Probably Won’t Buy

Huawei’s $800 Mate 10 Pro will not be available through AT&T. Steve Marcus/Reuters

There’s a smartphone that the United States does not want you to buy. It’s called the Mate 10 Pro, and it’s made by Huawei, a Chinese manufacturer that the American government has long suspected of committing espionage for China.

The device, priced at $800, was supposed to make a big splash this year as the first high-end smartphone from Huawei in the United States. But AT&T, which intended to promote the Mate 10 Pro as a rival to premium devices from Apple and Samsung, abruptly pulled out of the deal this month, appearing to bend to pressure from Washington over security concerns. Verizon Wireless, the country’s biggest carrier, may have also canceled a similar deal because of political pressure, according to some reports. (Verizon declined to comment.)

The snub by AT&T, the country’s No. 2 carrier, aroused a candid diatribe from Richard Yu, Huawei’s chief executive, this month at CES, the giant tech convention in Las Vegas.

“It’s a big loss for us, and also for carriers,” he said. “But the more big loss is for consumers, because consumers don’t have the best choice.”

Security issues aside, Mr. Yu may have a point. Based on a week of testing, the Mate 10 Pro is a solid all-around Android smartphone. It has an excellent camera that takes advantage of artificial intelligence to shoot clear, rich photos of pets, plants, food and, of course, people. The device has longer battery life than phones from Apple and Samsung, and, with durability in mind, it comes with a protective case and a screen protector.

Huawei’s chief executive, Richard Yu, presenting his company’s products in October.Christof Stache/Agence France-Presse — Getty Images

Yet without the backing of a big American carrier, the risks of buying the smartphone are high. While the Mate 10 Pro will still be available online next month and on sale at Best Buy stores by the end of the quarter, the lack of carrier buy-in means it will be tougher to get device support if your screen shatters or if something goes wrong.

The Highlights

The signature feature of the Mate 10 Pro is the processor, which has a dedicated part of its silicon specifically designed for artificial intelligence.

This allows the phone to crunch algorithms and do things like automatically recognize an object so that the camera can be adjusted to focus quickly and let in the right amount of light. Huawei also says A.I. allows the phone to maximize its performance: Periodically, it will automatically do maintenance, like clearing out old system files that might otherwise slow down the phone.

The camera is notable as well. Huawei teamed up with Leica, a popular camera maker, to develop the phone’s dual-lens setup. Like phones from Apple and Samsung, the Mate 10 Pro’s camera can create a so-called bokeh effect, where the two cameras work together to show the picture’s main subject in sharp focus while gently blurring the background.

Like other modern smartphones, the Mate 10 Pro is water and dust resistant. But it also has an extra-large battery that Huawei says will last longer than that in many other phones. That’s partly because of its A.I. processor, which examines how the battery is being used and changes resource allocation to prolong its life.

A photo taken with the Huawei Mate 10 Pro, left, compared with one taken with Apple’s iPhone X.

The Mate 10 Pro also ships with a screen protector applied to its display, and inside the box there is a plastic protective case. These are thoughtful additions. The case absorbs the impact of drops, and the screen protector helps prevent scratches, which weaken the structural integrity of a display.

Pros and Cons

In my tests, the two best features of the Mate 10 Pro were the camera and battery. The least impressive was the display.

But let’s start with the good stuff. In side-by-side comparisons with an iPhone X and Samsung’s Galaxy S8+, the Mate 10 Pro came in second to Apple’s offering in photo quality. All took nice photos, but the colors in the Galaxy S8+’s pictures looked oversaturated, and while the Mate 10 Pro’s photos appeared rich and clear, the shadow details looked better on the iPhone X.

As for the bokeh effect, also known as portrait mode, the Mate 10 Pro excelled at separating the subject from the background compared with the Galaxy S8+, but I still preferred the iPhone X because it did a better job at lighting up a person’s face.

There was one area where the Mate 10 Pro was the clear winner: the battery. In my tests browsing the web over a cellular connection, Huawei’s phone had roughly two hours more juice than Samsung’s Galaxy Note 8 and the iPhone X.

The display — the biggest downside of the Mate 10 Pro — had a lower resolution than the Note 8, the Galaxy S8+ and the iPhone X, meaning some graphics and text looked more pixelated. Over all, text appeared crisper and websites more vibrant on the iPhone X and Samsung Galaxy screens than they did on the Mate 10 Pro’s display.

Bottom Line

The Mate 10 Pro is an impressive smartphone, but you probably aren’t going to buy it even if you get your hands on it. The lower-resolution display is a major negative, as is the lack of carrier support.

Huawei said that to get technical support for the Mate 10 Pro, you can call its hotline, and for repairs, you can ship your device to a center in Texas. That’s still not ideal compared with the ease of strolling into an Apple store or your carrier’s nearest location.

Privacy and trust are also important. In 2012, the House Intelligence Committee concluded that Huawei and ZTE, another Chinese telecommunications company, were a national security threat because of their attempts to extract sensitive data from American companies. And in 2016, security researchers discovered preinstalled software on some Huawei and ZTE phones that included a back door that sent all of a device’s text messages to China every 72 hours. That feature was not intended for American phones, according to the company that made the software. But American lawmakers have been wary of Huawei.

Most important, you will have to decide whether you trust Huawei. The onus is on you to carefully read Huawei’s privacy policy and determine if you feel confident using this phone. In a statement, Huawei said that privacy and security were top priorities and that it complied with stringent privacy frameworks and regulations.

At CES, Huawei’s Mr. Yu described how the company had previously overcome trust hurdles — including at home in China, where Huawei’s smartphones were initially distrusted by Chinese carriers because the company was a newcomer.

“It was very hard,” he said. “But we won the trust of the Chinese carriers, we won the trust of the developing market and we also won the global carriers, all the European and Japanese carriers. Over the last 30 years, we’ve proven our quality.”

https://probonoaustralia.com.au/news/2018/01/horizon-will-change-life/

~ brucelandonblog ~ Leave a comment

What is on the Horizon and How it Will Change Your Life?

The upcoming SingularityU Australia Summit provides an opportunity to prepare for a future that looks nothing like the past.
Sydney skyline

Wednesday, 24th January 2018
at 5:14 pm

New technologies are exploding around the world, rapidly changing the way we live, play and work. So, what can we expect in the next 12 months and beyond?

Singularity University Ambassador Kaila Colbin is at the forefront of exponential technologies, having spoken to CEOs around the globe about a future with unprecedented opportunities; one to look forward to and embrace with adequate preparation and knowledge.

“We’re already seeing the impact of exponential technologies. Companies, governments, institutions and individuals need to start learning about new technologies and considering the opportunities they will create,” Colbin, a native New Yorker who is now based in Christchurch NZ says.

“Technologies from robotics to artificial intelligence to virtual reality are advancing exponentially. We are living in the most amazing time in human history, and the impact on the way we live and work will be dramatic.”

We’re encountering some of the greatest transitions that any generation has ever had to face.

Technological disruption is already affecting every part of our lives; every business, every industry, every society – even what it means to be “human.” These changes show no signs of slowing down; in fact, they’re accelerating rapidly.

But the ever-increasing pace of change doesn’t just hold challenges – it holds opportunity. We are shifting from an economic model based on scarcity to one of abundance. What are the strategic implications? What kinds of policies do we need? What is the impact on our economy? What are the ethical considerations? None of the old rules apply.

Founded by tech legends Ray Kurzweil and Peter Diamandis, Singularity University helps people understand exponential technologies and how they can be used to address humanity’s biggest challenges.

The SingularityU Australia Summit is an experience you don’t want to miss – an opportunity to prepare for a future that looks nothing like the past.

We’re proud to partner with the summit to bring this fantastic three-day conversation to Australian shores.

Join us 19-21 February at the SingularityU Australia Summit – and be prepared for what lies ahead.

https://electrek.co/2018/01/24/tesla-powerpack-s-spacex-spaceport/

~ brucelandonblog ~ Leave a comment

Tesla delivers a Powerpack system to SpaceX’s new spaceport in Texas

Tesla has delivered yet another Powerpack project and this time, it’s a lot closer to home and yet it could help send things far away from earth.

SpaceX’s new rocket launch site in Texas is getting a new energy storage system from Tesla.

 Currently, SpaceX is launching its rockets for both government and commercial customers from military or NASA launch sites.

But Elon Musk, CEO of both Tesla and SpaceX, wanted the company to have its own spaceport in order not to have to lease those sites for its commercial launches and eventually to launch its Mars missions.

That’s why the company acquired large parcels of land in Boca Chica Beach near Brownsville in South Texas between 2012 and 2014.

They have since been working on building a launch facility at the location with original plans to start launching rockets in 2016, but construction work has been delayed by two years due to complicated dirt work due to poor soil, according to SpaceX President and COO Gwynne Shotwell.

But the facility is now coming together and SpaceX reportedly aims to start launching rocket there starting next year.

Before Tesla’s acquisition of SolarCity, SpaceX contracted the company to build a large solar array at the location, which was also delayed.

We are told that the 632 kW solar array is now almost completed and that they are combining it with a Tesla Powerpack system.

NASA Spaceflight forum member Nomadd shared a few images of the installation (reprinted with permission):

Tesla powerpack SpaceX
Tesla powerpack SpaceX 2
Tesla powerpack SpaceX 3
Tesla powerpack SpaceX 4
PPK
PPK5

We are talking about a 3-Powerpack system (between ~300 and 600 kWh) and a commercial Tesla inverter.

Electrek’s Take

Another good example of synergy between Musk’s companies. SpaceX and SolarCity had several collaborations before Tesla’s acquisition, including the X-shaped solar array at SpaceX’s headquarters:

But the rocket company was also a big customer of SolarCity’s solar bond, a product that Tesla discontinued after acquiring the solar installer.

Though this new collaboration is now direct with Tesla.

It makes sense to add Powerpack to the location since the company first planned for the facility to be off-grid in early plans for the project.

Interestingly, Powerpacks could eventually also be launched from this location if SpaceX is ever successful with its plans to build a colony on Mars. Solar power and batteries are likely going to be the best energy solution on Mars and therefore, SpaceX is going to have to send some there at some point.

Powerpacks, or future versions of the product, would be an obvious option due to SpaceX’s links with Tesla. Considering that it is probably at least a decade into the future and Tesla is already at the “Powerpack 2”, I would guess that “Powerpack 5” is going to power the Mars colony.

 

http://business.financialpost.com/technology/apple-ceo-tim-cook-shopify-augmented-reality

~ brucelandonblog ~ Leave a comment

Tim Cook’s visit to Shopify all about augmented reality, as Apple CEO praises ‘profound’ emerging technology

Cook’s agenda during his surprise visit to Toronto is heavy on meetings with developers and coders, but he has also made students a priority

Apple CEO Tim Cook visited Shopify’s offices and took in a demonstration on augmented reality.Mario Jose Sanchez/AP Photo

Apple CEO Tim Cook took in a demonstration of Canadian e-commerce platform Shopify’s augmented reality capabilities during a visit to Toronto, while touting his company’s investment in the emerging technology.

“I believe that AR is the most profound technology of the future,” Cook said in an interview. “It amplifies human performance. It amplifies humans, not substitutes, and doesn’t isolate. I’m a huge believer in it.”

Cook’s agenda during his visit to Toronto is heavy on meetings with developers and coders, but he has also made students a priority on this trip, visiting Sheridan College on Tuesday and surprising a Grade 7 Scarborough classroom participating in a coding session at a Toronto Apple Store on Monday.

The focus on augmented and virtual reality (AR/VR) is key for Apple, which released tools last year that allow developers to add AR experiences to apps. The company has also said that the newest iterations of the iPhone were engineered specifically with AR in mind, and Apple recently launched an iMac Pro to allow developers to create AR and VR  on the Mac for the first time.

The global augmented and virtual reality market size is expected to hit US$215 billion by 2021, according to a study by statistics company Statista.  

I believe that AR is the most profound technology of the future

“I see AR taking off very quickly,” Cook said. “I see developers across Canada adopting at a very fast rate, bringing their craft to market and I couldn’t be happier with it.” 

During his visit to Shopify’s Toronto office, he watched three AR-specific demonstrations that the company said it is developing for its more than 500,000 merchants. The highlight was a combined AR and VR demo that allowed Cook and a member of the development team to digitally see and interact via an iPad with another employee, who was wearing a VR headset and acting as a merchant. 

“I’m a big fan of Shopify. I love the fact that their focus is on democratizing technology for entrepreneurs that are largely artisans and bringing their products to market so that these merchants can focus on what they are great at,” Cook said.

Tim Cook at Shopify’s office. Handout/Apple Inc.

Shopify chief executive Tobias Lütke said that his company is planning to use Apple’s ARKit to become the largest AR-enabled ecommerce platform. The goal is to offer small businesses the latest in technology, something that is usually reserved for large, well-resourced companies.

“What Shopify then can do is that we know this is going to happen, we can establish some patterns, and we can get this productized to the point where it’s going to be a single clink for every store,”Lütke said.

“The internet ought to be a force for democratization, but yet we see the story over and over again that it actually is placed into the hands of the companies already at scale and often one of the forces that puts the smaller businesses out of business.”

Cook’s visit coincides with an announcement that Apple’s delayed entry into the smart speaker market will be available for sale in parts of the world starting Feb. 9. The HomePod is available for pre-order in the United States, Britain and Australia on Friday. No word yet on when it will arrive in Canada.

Apple has allowed Amazon and Google a head start when it comes to smart speakers, which has led some industry watchers to warn that it’ll be an uphill battle to catch up.

“They already are late to the game and know that, so they want to put their best foot forward at this point,” said Manish Nargas, a consumer and moble research analyst for IDC Canada.

“Siri is perhaps not as smart of an assistant as an Amazon Alexa or a Google Assistant is, but that said they want to make sure they are creating other use cases for the HomePod (such as music) and making sure from the get-go they are good.”

The HomePod was first announced at Apple’s developers conference in June, with an expected launch date of late 2017. In November, the company said it needed more time and pushed the release date into 2018.

Cook said Apple’s experience in integrating hardware with software and services will set its offering apart from similar products by Amazon and Google. “Competition makes all of us better and I welcome it,” Cook said. “(But) if you are both trying to license something and compete with your licensees, this is a difficult model and it remains to be seen if it can be successful or not.”

Apple’s HomePod features larger speakers for better music playback and integrates with Siri, the company’s digital assistant and other services, such as Apple Music.

“We think one thing that was missing from this market was a quality audio experience, a very immersive audio experience,” Cook said. “Music deserves that kind of quality as opposed to some kind of squeaky sound.”

Special to the Financial Post