Firefox reverses course, nixes in-browser ads

Mozilla Firefox

Firefox’s in-browser ads were controversial from the start. After all, its development team had previously worked to protect users’ privacy against increasingly invasive online advertising, so it seemed a bit odd for its developers to stick ads of any kind on the browser’s start page.

On Friday, however, Mozilla—the non-profit organization that develops Firefox—announced that it will end its in-browser Suggested Tiles advertising program “in order to focus on content discovery,” according to the organization.

“Advertising in Firefox could be a great business, but it isn’t the right business for us at this time because we want to focus on core experiences for our users,” Mozilla’s Darren Herman wrote in a blog post announcing the change of plans. “We want to reimagine content experiences and content discovery in our products. We will do this work as a fully integrated part of the Firefox team.”

The ads won’t disappear immediately since Mozilla still has to serve up ads that advertisers already paid for, but the organization says the program should end within a few months.

The story behind the story: Mozilla announced its Suggested Tiles ad program for Firefox’s start page back in February 2014 and released its first ad-supported version of the browser in November of last year. Mozilla expanded the ad program to include ads based on your browser history a few months back. You could opt out of the Tiles ads on the start page by simply toggling the view settings either to show only your top sites or to show a blank page. But our Brad Chacos characterized the Suggested Tiles as “advertising done right,” and commended Mozilla’s user-centric approach.

Leaving the door open?

Of course, it’s certainly possible that Mozilla will explore the idea of in-browser ads again in the future. In his blog post, Herman says that advertising “isn’t the right business for [Mozilla] at this time,” which suggests that Mozilla may take a second look at advertising in the future. Considering the fact that a large portion of Mozilla’s funding comes from its search deal with Google, as our Ian Paul pointed out last year, you certainly can’t blame Mozilla for exploring other ways to pay its bills.

Microsoft Research 2016 predictions: More online video, new processor tech

2016 predictions

For Back to the Future fans, the real 2015 was a bit of a disappointment. No hoverboards. No flying cars. The Cubs didn’t win the World Series. And shockingly enough, wearing two ties somehow didn’t become fashionable. Huh.

2016 may not fulfill those 1980s fantasies either, but the folks working in Microsoft’s research labs think it may still offer up some interesting technological advancements. The company published 16 predictions of what advancements Microsoft Research employees expect to see next year, as well as a look ahead to ten years from now. Their predictions are pretty far-reaching, from new processor tech to more ethical big data. Here are some highlights.

The Internet overtakes TV: Hsiao-Wuen Hon, the corporate vice president for Microsoft Research Asia, expects online video distribution to “overtake TV broadcast in 2016, and that “more people in China will watch the Olympics through the Web than through TV.” In other words, now might be a good time for TV broadcasters to stop fighting against cord-cutting and to truly embrace the Internet-connected future of entertainment.

The stylus comes of age: Principal Researcher Bill Buxton expects to see pen-based computing come into its own in 2016. This prediction seems reasonable enough, especially considering the fact that Apple has added stylus support to the iPad line with the Apple Pencil and the iPad Pro.

Planned obsolesce is so last year: Buxton also foresees a shift in consumer priorities when it comes to tech: “The age of digital baubles, do-dads and planned obsolescence will begin to fade, and the focus of industry and consumers will shift from technology, per se, to enhanced human experience, values, and potential.”

Brand new processor types: Chris Bishop of Microsoft Research’s Cambridge, UK outfit predicts a whole new class of microprocessors “that are tuned to the intensive workloads of machine learning, offering a major performance boost over GPUs.” But will they run Crysis?

Ethics in big data becomes a big deal: The privacy implications of data collection is an ongoing topic of debate, and according to Principal Researcher Kate Crawford, 2016 will be an ethical tipping point of sorts. She expects to see data science programs adopt data ethics curriculums in order to better understand “the human implications of large-scale data collection and experimentation.” It’s about time.

Hop on over to Microsoft’s website and give the full post a read. Only time will tell which of these, if any, will come true, but Microsoft Research’s predictions make for an interesting read if you’re into these sorts of prognostications.

Microsoft to open source Edge browser’s Chakra JavaScript engine

microsoft edge browser primary

Microsoft will open up its Chakra JavaScript engine as an open-source project on GitHub next month.

The code repository, called ChakraCore, will include the key components of Chakra engine used for its Edge browser, according to a blog post.

Like many other vendors, Microsoft built its own JavaScript engine in 2008 as the coding language became increasingly crucial to the Web and for many other uses, including mobile apps, cloud services, NoSQL databases, game engines and front-end tools.

Microsoft has applied Chakra in many Windows applications in Xboxes, its phones and operating system.

microsoft chakra
Gaurav Seth, principal program manager lead at Microsoft, announces at the JSConf US Last Call conference on Friday that the Chakra JavaScript engine will be an open source project.

In a performance table, Microsoft claims that Chakra is faster than competing engines in Google’s Chrome and Mozilla’s Firefox browsers, as well as its own Internet Explorer 11 browser.

ChakraCore can stand on its own and is not dependent on components in the Edge browser in order to parse, interpret, compile or execute JavaScript.

ChakraCore will initially only be available for Windows when its released in January, but plans call for bringing it to other platforms. After the repository is available, Microsoft is going to provide guidance on its initial priorities.

“The community is at the heart of any open source project, so we look forward to the community cloning the repository, inspecting the code, building it, and contributing everything from new functionality to tests or bug fixes,” Microsoft wrote.

Security vulnerabilities found in support software from Lenovo, Toshiba, and Dell

Lenovo ThinkPad X240 (2)

The number of vulnerabilities discovered in technical support applications installed on PCs by manufacturers keeps piling up. New exploits have been published for flaws in Lenovo Solution Center, Toshiba Service Station and Dell System Detect.

The most serious flaws appear to be in Lenovo Solution Center and could allow a malicious Web page to execute code on Lenovo Windows-based computers with system privileges.

The flaws were discovered by a hacker who uses the online aliases slipstream and RoL and who released a proof-of-concept exploit for them last week. This prompted the CERT Coordination Center at Carnegie Mellon University to publish a security advisory.

One of the issues is caused by the LSCTaskService, which is created by the Lenovo Solution Center and runs with SYSTEM privileges. This service opens an HTTP daemon on port 55555 that can receive commands. One of those commands is called RunInstaller and executes files placed in the %APPDATA%\LSC\Local Store folder.

Any local user can write to this directory, regardless of their privilege, but the files are executed as the SYSTEM account. This means that a restricted user can exploit the logic flaw to gain full system access.

Furthermore, there is a directory traversal flaw that can be exploited to trick the Lenovo Solution Center to execute code from arbitrary locations, so an attacker doesn’t even need to place files in the aforementioned Local Store folder.

Finally, the LSCTaskService is vulnerable to cross-site request forgery (CSRF), an attack method through which a malicious website can relay rogue requests through the user’s browser. This means that, in order to exploit the previous two flaws, an attacker doesn’t even need to have local access to the system where the Lenovo Solution Center is installed and can simply trick the user to visit a specially crafted Web page.

In a security advisory on its website, Lenovo said that it is currently investigating the vulnerability report and will provide a fix as soon as possible. Until then, concerned users can uninstall the Lenovo Solution Center in order to mitigate the risk, the company said.

Slipstream also published proof-of-concept exploits for two other, lower-impact, vulnerabilities—one in the Toshiba Service Station and one in Dell System Detect (DSD), a tool that users are prompted to install when they click the “Detect Product” button on Dell’s support website.

The Toshiba Service Station application creates a service called TMachInfo that runs as SYSTEM and receives commands via UDP port 1233 on the local host. One of those commands is called Reg.Read and can be used to read most of the Windows registry with system privileges, according to the hacker.

“I have no idea what to do with it, but someone else might,” slipstream wrote in the exploit comments.

The flaw in DSD apparently stems from the way Dell attempted to fix a previous vulnerability. According to slipstream, the company implemented RSA-1024 signatures to authenticate commands, but put them in a place on its website where attackers can obtain them.

These can be used as a crude bypass method for Windows’ User Account Control (UAC). In this context, the bypass means that “if DSD isn’t elevated, we annoy the user with elevation requests until they click yes,” the hacker said.

This is not the first time when vulnerabilities have been found in support tools installed on Lenovo or Dell computers.

Toshiba and Dell did not immediately respond to a request for comment.

Microsoft will send you a free Surface Pro 4 spacer for your old Surface Pro 3 dock

surface pro 3 dock

One of the minor mysteries of the Surface Pro 4’s launch appears to have been solved: yes, you can now find a Surface Pro 4 spacer online.

What’s a spacer? Well, it’s been the answer to this question: If I own a Surface Pro 3 and a SP3 dock, and I wanted to buy a Surface Pro 4, would I be able to fit the SP4 inside my SP3 dock? Or would I really have to buy a new $200 Surface Pro 4 docking station, as well?

The answer to this question, has so far, been “No…but.” Although the Surface Pro 4 is nearly physically identical to the Surface Pro 3, a slight difference in the thickness of the SP4 means that the tablet doesn’t quite align with the SP3 dock’s connectors. As a solution, Microsoft originally said it would supply a free “spacer” to prop up the tablet and ensure a proper fit. Unfortunately, Microsoft apparently forgot to brief the employees at its Microsoft Stores, who had no idea what I was talking about when I asked about the spacer offer in the months following the launch.

Windows Central’s Rod Trent appears to have discovered the answer, however: an online method to request that Microsoft ship you a spacer directly.

surface pro 4 dock
Microsoft’s Surface Pro 4 docking station

You’ll need to visit Microsoft’s Surface Online Support Center and click the “Replace an Accessory” button. Register your Surface Pro 4 tablet if you haven’t already. You should then see the option to have Microsoft ship you the free spacer. (Microsoft will reportedly charge $6 for shipping.) For some reason the serial number attached to our Surface Pro 4 wasn’t recognized as a valid serial number, probably because it was a review unit.

There are alternatives. A commenter on the Windows Central article notes that Microsoft has posted official instructions for 3D-printing your own spacer. Trent, meanwhile, suggests trying a beer coaster.

Why this matters: As productive as Microsoft’s Surface tablets are, they become that much more useful with a Surface dock. The Surface Pro 4 dock offers four USB 3.0 ports and two miniDisplayPort connectors, an upgrade over the single miniDisplayPort connector and three USB 3.0 ports that the SP3’s dock offers. But the SP4 dock has also been plagued with a number of negative reviews, and who wants to spend an extra $200 if they don’t have to? A free spacer for the SP3 dock seems like a cheap, safe solution.

How to turn Chrome into a language tutor


There are a lot of exercises you can do to learn a new language, such as listening to radio programs, reading, and watching TV in your chosen target language. But to get that done you have to make an effort to integrate those sessions into your daily life.

If you’re finding it hard to study, a Chrome app called Language Immersion for Chrome can help get you started or keep up practice on a language you already know.

All you have to do is give LI a target language and rate your level of knowledge from novice to fluent. Then the extension will slip words or phrases from the target language into the websites you visit every day. LI for Chrome uses Google Translate and is available for 64 of the languages Google’s Translate service offers.

Here’s how it works.

Using Language Immersion for Chrome

Download and install Language Immersion for Chrome. Once it’s installed, click the icon that appears to the right of the address bar. Then just choose your language, set your level of fluency, and you’re ready to go.

Now just visit a website and you’ll see words or phrases that are highlighted and translated into the target language. It’s your job to make sense of the translated portion to build your vocabulary. If you’re having a really tough time, just click on the translated words and they’ll revert back to English. Click again and they go back to your target language. The extension’s settings also have an option to hear any translated portions spoken using Google Translate.

LI also sets the Google Translate website to automatically translate words into your target language.

At the novice level only little bits of sentences are translated into the language you’re learning. It then increases the amount of translated portions as you manually bump up the difficulty level. Once you hit fluent, you’ll see full paragraphs in the second language.

If you ever want a break from LI for Chrome, just click the icon again and then hit the bigOff button.

LI’s idea is somewhat weird since it’s a mish-mash of English and whatever language you’re studying, but it’s a novel way to get a little bit of practice into your day.

As for the translated bits of websites, they’re about what you’d expect from Google Translate. They’re not always perfect. The extension would sometimes translate gaming service Steam as vapeur in French, for example, and grammar and word endings for languages that depend on context can be a little wonky.

It’s not a language learning system by any means, but it’s a handy complement to any other studying you’re doing.