Microsoft’s Year-Old Web Browser: On the Edge of Success

Free gift cards and AdBlock aren’t enough

Microsoft’s Edge web browser, first available (excluding betas) in the end of July last year, has made decent strides in a years’ time. It is software with a purpose and an ambition. Its purpose is to do away with the legacy code of Internet Explorer, giving Windows users a lean, responsive, and standards-compliant default browser. Its ambition, although Microsoft will never say it so matter-of-factly, is to be more than just a tool to install Google Chrome.

Credit: http://statcounter.com

Competition has been stiff for Microsoft ever since Chrome dropped in ’08. Built on Apple’s open source WebKit standard (which Google would later fork into Blink) Chrome and Safari would become the standard on both mobile and the desktop, Chrome on Windows and Android and Safari on macOS and iOS. With nearly a decade passing since Chrome was released and the first stable build of Safari coming to market in 2003, these browsers have slowly eroded Microsoft’s market share. Microsoft’s current rendering engine, EdgeHTML, even has the explicit mission statement of matching “WebKit behaviors.”

“Apple and Google have won the standards war.”

And so because Apple and Google have won the standards war, Microsoft must acquiesce and follow the lead of others. Not having to code websites for Microsoft-proprietary technologies, as was the case with Internet Explorer and its Trident engine, will free up resources for web developers and may help to quicken the pace of internet innovation. On the other hand, WebKit now represents a near single point of failure with the exception of Mozilla Firefox, as Safari runs WebKit, Chrome and Opera use the WebKit fork Blink, and Edge is WebKit-compliant.

So Microsoft is unable to compete on its underlying technologies. Extensions and cross-platform availability are the two weapons Microsoft is left to wield in this latest battle of the browser wars.

Microsoft is missing a major opportunity by keeping Edge Windows-exclusive. One of the most enticing features of Safari and Chrome is that they sync between mobile and the desktop. And since Windows Phone is dead, that means MS is left without a foothold on smartphones, save its Bing app. As has been written about at length here on D&theJM, seamlessly integrating mobile and the desktop has been one of Apple’s cornerstones of success and is still a strategy worth borrowing. Edge for Android is a no-brainer and is an alarming oversight given Microsoft’s “Cloud First, Mobile First” strategy. And even though alternative browsers on iOS must use WebKit, Chrome has been on the iPhone for years and recently Mozilla reversed its stance on supporting the platform. Edge is the odd man out on mobile and would serve as a great way to introduce users to its ecosystem.

Sources: Net Applications, StatCounter, DAP

Regarding extensions, they are finally supported in Edge, having been in the works since early 2015. Launch partners include AdBlock, LastPass, Pocket, Evernote, and Amazon. But is it a case of too little too late? Not having such a basic desktop browser feature at launch has hurt Edge and it has been playing catch-up ever since.

In an act of desperation, Microsoft has revamped Bing Rewards and rebranded it Microsoft Rewards in an attempt to win over users by literally paying them to use its web browser. This will only attract fickle users and cannot serve as a long-term substitute for the work that needs to be put into a fully cross-platform solution.



Microsoft Open Sources PowerShell

Multi-platform, multi-cloud, multi-OS

Last week, Microsoft open sourced its administration tool, PowerShell. The source code is already available on GitHub, and PowerShell is now available on Linux. This follows Microsoft’s recent “Microsoft loves Linux” claims.

Microsoft has said they will release PowerShell for Red Hat, CentOS and Ubuntu distributions of Linux, as well as OS X. Jeffrey Snover, Lead Architect of Microsoft’s Enterprise Cloud group wrote in a blog post, “Microsoft wants to earn customers' preference as the platform for running all their workloads - Linux as well as Windows.” With almost a third of Azure virtual machines running Linux, and the recent addition of Bash to Windows 10, Windows is fully embracing the “multi-platform, multi-cloud, multi-OS" world.”

"With almost a third of Azure virtual machines running Linux, and the recent addition of Bash to Windows 10, Windows is fully embracing the “multi-platform, multi-cloud, multi-OS" world.”

This is great for system administrators everywhere. Windows administrators will be able to move their skills to Linux systems, while Linux administrators will be able to add a new tool to their kit. Microsoft also promises to add remote administration for Linux systems, which is great for the growing number of Enterprise Linux deployments.

I’m glad that Windows is making strides with the open-source community, but that comes with a few problems. There have been a few malwares using Windows PowerShell infect Windows PCs recently, and I can imagine more malicious research being done now that Linux is an official platform. There are also some concerns that the recent addition of Bash to Windows has expanded the attack surface of many systems.

It will be interesting to see whether PowerShell can find a place in Linux.


Nintendo Shuts Down Fan Project

A not so happy birthday for Metroid

Last Saturday, fan project AM2R (Another Metroid 2 Remake) released, celebrating the 30th anniversary of one of Nintendo’s beloved franchises. The creator of the game was immediately (12-14 hours later) hit with a DMCA notice from Nintendo. AM2R features 16-bit graphics and original music, remaking 1991’s Game Boy classic Metroid II: Return of Samus.

The game was developed by Milton Guasti, an Argentinian programmer, over almost a decade. It was available as a free download for Windows PCs, but now the game’s page cites a copyright claim from Nintendo of America. Nintendo has a new Metroid game on the way, Metroid Prime: Federation Force, which is a first-person shooter for the 3DS. This is a huge departure from Metroid’s roots, and the complete exclusion of Samus from the game will certainly lose sales.

AM2R features fast-paced gameplay inspired by Metroid: Zero Mission (Game Boy Advance) and the atmosphere of Super Metroid (Super Nintendo). It also fully supports controllers, which is very helpful for old school platformers.

The website no longer hosts the game, but the creator has stated that he will “continue improving and fixing AM2R privately”. As of now, though, he does not know how the updates will be released. Guasti is also being very respectful of Nintendo, and stated, “Please, don’t hate Nintendo for all of this. It’s their legal obligation to protect their IP. Instead of sending hate mail, get the original Metroid 2 from the eShop.”

“Please, don’t hate Nintendo for all of this.”

This is a heavy, but not unexpected blow to Nintendo fans. AM2R is a fan project from which the creator never made a single dime, but Nintendo feels it must protect its intellectual property regardless of the fan’s intentions. Nintendo also brought the hammer down on a fan remake of Super Mario 64 last year. A key difference however, was that the HD Mario 64 was only the first level, instead of an entire game. There are still other fan projects at risk, including the just released Pokemon Uranium.

Although AM2R is no longer available for download, it can be found floating around the usual torrent sites. Anyone interested should check out some gameplay and decide if they want to track down a copy.


Why the Surface Phone Should Run Android

Windows Phone has aged poorly and Android is where the apps are at

Credit: https://www.facebook.com/PhoneDesigner

Time and again we’ve heard whispers of a Microsoft Surface Phone. To capitalize on the premium Surface brand, the argument goes, Microsoft should release a companion device for our pockets. None of this conjecture goes as far as to speculate on what mobile operating system the purported smartphone would run; they assume it would be Windows Phone. But that’s a horrible idea.

Windows Phone not only lacks most new apps, getting them months after iOS and Android, but is actually losing the few decent ones offered on its app store. This so-called app gap has long plagued WP and the matter is getting worse due to what has rightly been called an app exodus. The Surface Phone would be dead on arrival if it were powered by Microsoft’s third-rate, albeit beautiful, mobile OS.

As a Windows Phone expatriate, I have long been disappointed with the favoritism MS shows Android. Windows Phone’s distinct user interface, together with its stellar first party apps: Cortana, Office Mobile, and MSN Weather to name a few, made it special. Many of its best features have been ported to the world’s most-used OS, leaving little incentive for users to stay with Redmond's mobile platform and even less reason for developers to make apps for Windows Phone.

Credit: Gartner, Inc.

Considering the prevalence of Android and Microsoft’s hardy support for the platform, it is only natural that the Surface Phone run Android Nougat and not the Windows Phone 10 Anniversary Update. Not to mention, competing head-to-head with smartphone OEMs is something that Microsoft can actually do without disrupting its core business, unlike midrange laptops (i.e., not the Surface Book).



DARPA's Cyber Grand Challenge

Computers Taught to Hack Themselves

The Defense Advanced Research Projects Agency (DARPA), held a competition last Thursday, where seven computers tried to hack each other. With $55 million on the line, all seven teams cut the (figurative) cord and watched their systems attack and defend with no human interference.

The Cyber Grand Challenge (CGC), for which teams started research back in 2013, pitted code against code in an attempt to identify as many software vulnerabilities as possible. Equally impressive, the systems also patched any vulnerabilities they could find in their own software. Seven supercomputers each guarded a server while trying to break into their opponents’. No one knew what type of software DARPA would install for the competition, and even unintended vulnerabilities were found.

"The Cyber Grand Challenge pitted code against code in an attempt to identify as many software vulnerabilities as possible."

In over 8 hours of competition, divided into 96 rounds of about 270 seconds each; the machines wrote 421 new or replacement sections of code and 650 unique proofs of vulnerability. Finding and patching vulnerabilities is still a human skill, and a rare one at that. Today’s autonomous systems may soon learn to find familiar bugs faster than humanly possible, but trickier bugs will still need human intuition.

The type of hacking competition DARPA held, where hackers attack and defend from each other, is commonly known as “Capture the Flag”. These type of competitions have until now been difficult to watch because of their being in cyberspace. To help this, DARPA partnered with San Francisco based gaming company voidAlpha to visualize what is happening inside the machines.

Groups of hexagons stand for services running inside the machines. Colored lines show data flowing into these services, including probes from competing machines. This allows the audience to see when a bot finds a security hole, when it patches a hole, or when it exploits another machine.

Team ForAllSecure, a startup of computer scientists from Pittsburgh, placed first earning a $2 million prize. Their entry, Mayhem, will also be allowed to participate in DEFCON’s hacking challenge, and this will be the first time a machine has been allowed to participate. Second place belonged to TECHx, a team of software analysis experts from GrammaTech Inc. and the University of Virginia with a $1 million prize. Third place was team Shellphish, a group of Computer Science graduates at the University of California, Santa Barbara, who won $750,000.

This competition has marked an important step in security going forward. With huge numbers of products joining the internet of things, new software is needed to protect everything from your computer to your light bulbs. Although software can’t completely replace human bug hunters yet, they can be used to find and patch large numbers of common vulnerabilities.

For those interested, an expanded highlights reel from the competition can be found here.



Davis & the Jake-Man 08: Browser Wars: The Fox Awakens


Yahoo Investigates Leaked Credentials

Has Neither Confirmed Nor Denied a Breach

On Monday, a hacker going by “peace_of_mind” or simply “Peace” advertised about 200 million Yahoo credentials on the Dark Web. The leak allegedly contains usernames, hashed (scrambled) passwords, birthdates and in some cases, backup email addresses. Peace is offering the entire database for 3 bitcoins, or about $1800. As of this writing, Yahoo has not confirmed or denied a breach, but is investigating.

The hacker has posted a sample of the database online, and the passwords are hashed with the Message Digest 5 (MD5) algorithm. A hashing algorithm is a series of complicated math steps which turns an input (the passwords) into another set of characters which are much less readable.

This will keep average people from reading your password, but depending on the algorithm used, your password is not much safer. MD5 has been broken for years. Rainbow tables holding long lists of passwords and their hashes are readily available online, and automated tools can reverse MD5 hashing instantly.

Peace has hinted that the data he is selling is likely from 2012, and that he has already sold copies of it. The MySpace and LinkedIn breaches a few months ago have also been attributed to Peace. MySpace had over 427 million credentials stolen and LinkedIn had 117 million logins stolen. Motherboard has reported many of the Yahoo credentials no longer work or are invalid.

“Yahoo has not issued a password reset.”

As of now, the source of the breach is unknown. Peace has claimed that this breach, along with ones for MySpace, LinkedIn and Tumblr, were the acts of a Russian group. Yahoo has not issued a password reset yet, which is often the first step after notifying users. But still, better to be safe than sorry. If you haven’t changed your Yahoo password in some time, or share that old password between accounts, now might be a good time.



Mid-Cycle Upgrades Represent the Best and the Worst of Planned Obsolesce

The Staggering Rate of Innovation is Bittersweet

Credit: The Verge

This week, Microsoft released its Xbox One S console. Heralded as what the Xbox One should have been, devices like this new Xbox beg the question: Software updates aside, why aren't products like these this good when they originally come out?

The Xbox One S is far from the only consumer electronics device in recent years to raise eyebrows for this reason. Consider the iPhone 6. Like the original Xbox One, the iPhone 6 was a radical departure from its predecessor. Like the 2013 Xbox, the 2014 iPhone lacked a key feature found in competing products.

Credit: Macworld

In the case of the One, it could not maintain full 1080p HD resolution when under load. The iPhone to this day doesn’t have a 1080p screen, staying true to what Steve Jobs dubbed a “retina display.” More importantly, the original iPhone 6 had only a single gigabyte of memory. Other 2014 flagship phones, including the HTC One (M8), the Samsung Galaxy S4, and the LG G3, had 2GB of RAM for enhanced multitasking.

The iPhone 6S remedied this issue, much like the Xbox One S’s improved APU will alleviate its under-performance as compared to the PlayStation 4. But what about owners of the 2013 Xbox One? And those who purchased the iPhone 6? They weren't exactly cheated out of their $400 and $650, respectively. Sure, their devices are able to play current games and run the newest apps but, compared to those who bought in a year later, early adopters must deal with lesser performance in spite of owning essentially the same product, save these spec bumps.

"Tech companies have no incentive to deliver the experiences their customers deserve at launch."

Mid-cycle upgrade cycles can help potential adopters who were on the fence buy into the ecosystem, but at the cost of burning earlier customers. It’s nefarious and greedy. But tech companies have no incentive to deliver the experiences their customers deserve at launch. Better to reel in as many suckers as possible upfront and hook more folks down the line. Heck, some may even bite twice.