Last week, Chromium 68 was introduced to the “Stable Channel” with lots of bugs fixed, many of those being security fixes (42 in total). And a few days ago an update was released, so I decided to build Chromium 68 for Slackware.
NOTE: starting with Chromium 68, the browser will show a “Not secure” warning on all HTTP pages. Google announced this in a blog post published on February 8th on Google’s Chromium and Online Security blogs.
You’ll find 32bit as well as 64bit packages for Chromium 68.0.3440.84 in my package repository. They are available for both Slackware 14.2 and -current. I have also updated the Chromium Widevine plugin to version 184.108.40.2068. The older version refused to work with Chromium 68. Note that the Widevine plugin is available for 32bit just as for the 64bit browser, so even those running older computers (or those of you who are in need of a 32bit OS) can enjoy DRM movie playback.
For newcomers: Widevine is a Content Decryption Module (CDM) used by Netflix to stream video to your computer in a Chromium browser window. With my chromium and chromium-widevine-plugin packages you no longer need Chrome (or Firefox if you dislike that browser), to watch Netflix.
Also note (to the purists among you): even though support for Widevine CDM plugin has been built into my chromium package, that package is still built from Open Source software only. As long as you do not install the chromium-widevine-plugin package, your system will not be tainted by closed-source code.
Today, a post about Digital Rights Management. I am not going to bore you with the pros and cons of restricting your freedom, but I do want to point to a meaningful event which happened this week.
Before I continue, I want you to fully realize that with Slackware Linux, your rights are not taken away. You are free to use – or not use – technologies that allow you to watch “protected” content like Netflix videos. Our browsers will work just as well if you choose not to use DRM technologies. The libraries which implement the DRM layer are separate from the Slackware packages containing the browsers (Firefox, Chromium) and are not distributed with the OS. It is up to you to add DRM extensions if you need them. You are and remain in control of your OS.
With that out of the way, what happened?
This week, the World Wide Web Consortium (W3C) has finally approved the Encrypted Media Extensions (EME) as part of the HTML5 standard. Objections from the Electronic Frontier Foundation, Free Software Foundation and other digital freedom advocates have not been honored. But that does not necessarily mean it’s a bad thing. EME is a standard to implement DRM, but it is not a DRM solution itself. EME allows companies that built their business model around the commercial distribution of protected media content to create rich applications that run in your browser, based on international standards.
Digital Rights Management is not new and it is not going away either. However: it is in need of standardizing to improve the current status-quo. Because there are already several de-facto standards to stream protected content to your browser: Flash, Silverlight, to name the two that have been most widely used in the past years. Both these technologies are dying or dead already. New technologies that build on HTML5 are already becoming unofficial standards; think of Widevine, which is a DRM solution from Google. Not just browser plugins like the ones I mentioned, but also applications can implement DRM when they allow you to watch or listen to multimedia without the option to make unrestricted local copies. Locally stored content will be encrypted and can only be played back using the original app. Lots of those on Android for instance.
DRM solutions are proprietary. Their code is not free and the libraries are distributed as binary-only. There’s a logic to that of course. Think what you will, but there are both providers and consumers that embrace them. What is more important, is that there is wisdom in embedding these technologies in Web standards. We should not encourage companies to pollute our computers with incompatible and non-interoperable solutions. So yes, I am glad that EME is a W3C standard finally. Let the Web remain viable, allowing maximum flexibility and compatibility.
I mentioned Widevine in the text, and I have something new to tell about that too.
My package repository contains the chromium-widevine-plugin. It is a add-on package to my chromium browser package that allows you (among others) to watch Netflix video content in your Chromium browser. In the past I have always used the Google Chrome RPM’s to extract the ‘libwidevinecdm.so‘ library and make a Slackware package out of it. Google stopped distributing 32bit versions of the Chrome browser after version 48 so those of you on 32bit Slackware and using my Chromium package, were stuck with an old version of the Widevine CDM library and no way of knowing how long this library would remain compatible with newer Chromium sources.
But Mozilla have since then extended Firefox’ capabilities, so that it too is now able to use Widevine’s Content Decryption Module. In Firefox, this DRM capability was implemented in such a way that by default, the browser is completely DRM-free. You (the enduser) first have to explicitly enable DRM in the browser’s settings after which Firefox will download the Widevine CDM from an Internet URL. And since Firefox comes in 32bit as well as 64bit variants, I was thinking “where do they download these Widevine libraries and are they useable in Chromium as well?”
So I set out to find the Firefox download location for Widevine CDM libraries, found them, retrieved them and tested the libraries in 32bit and 64bit Chromium. Lo and behold…. this worked!
I have now rewritten my SlackBuild script for the chromium-widevine-plugin package to use this alternate download location. And since I no longer have to extract the library from a Chrome RPM, I have also changed the package version numbering. The package version no longer reflects the Chrome release, but now it is actually reflecting the internal version of the Widevine CDM library.
Have fun watching Netflix! While I am at it, I recommend The Expanse, or perhaps Helix. If you’re not so much into Sci-Fi (or have already seen those series) and want to know more about our basic foods, check out Cooked.
Last week I made my build server at home churn through a lot of packages, let me summarize what became available recently in my slackbuilds repository:
I added ‘NetworkManager-openvpn‘ which is a plugin for NM adding support for OpenVPN connections. I needed this for myself since I recently started using the services of Private Internet Access (PIA). All I needed in addition was the ZIP file with OpenVPN configurations. If you need more instructions about how to setup the PIA VPN let me know and I will wrote some more about that. I also added this plugin to my PLASMA5 Live Edition.
I upgraded ‘Handbrake‘ to 1.0.3 which also fixed the libvpx library error on -current.
I updated the Flash Player plugins for Mozilla and Chromium browsers to 220.127.116.11 (this is a security update).
I updated Chromium and its Widevine plugin to 57.0.2987.98. There is a slightly newer release out already but that will have to wait a bit.
I updated LibreOffice to 5.3.1 (packages for -current only but I will build them for 14.2 too).
I did more than that; I also updated the front page of my ‘bear’ server with the information that you can access it over secure HTTP (https), and added a link to my post about the CACert issue with Mozilla and Google browsers. Furthermore I added more detail about the dynamically generated ISOs for Slackware-current (the installation DVD and the Live Edition).
I will spend my next post writing about the new KDE 5_17.03 edition which I uploaded to my ‘ktown’ repository, but let me mention here that I already uploaded a new PLASMA5 variant of the Slackware Live Edition which contains a “work in progress” version of this new Plasma 5 release (work in progress because I decided to add more packages later). I did not mention that in any previous post.
Along with that Plasma 5 Live ISO I also uploaded a variant containing the very fresh MATE 1.18 (thanks to Willy for providing me with the tried & tested packages). So there is enough to play with 🙂
I am actually considering a new spin of the PLASMA5 Live ISO because it allows me to offer the complete KDE-5_17.03 including the Kdenlive non-linear video editor in the Live OS, along with the latest LibreOffice.
Enough for now, check out my follow-up post for the news about my new Plasma 5 ‘ktown’ release.
I had rebuilt the libreoffice-5.2.4 packages for Slackware -current last week, because library updates in Slackware had broken the spreadsheet application ‘localc‘. And voila… not long afterwards the Document Foundation blog announced 5.2.5: “all users are invited to update to LibreOffice 5.2.5 from LibreOffice 5.1.6 or previous versions“. Today on the first of february, we can even witness the 5.3 release.
I am definitely not building packages right away for 5.3 but I did compile packages for 5.2.5 – albeit only for Slackware -current. I may or may not create these packages for Slackware 14.2 as well and then upgrade the -current package to 5.3. Depends on the other stuff I need to do.
These libreoffice packages are huge in size so please use a mirror for download, and take into account that only the master site and ‘bear’ will have the packages during the first 24 hours.
On another note, Chromium (and Chrome) 56 ‘stable’ was released. It’s nice to test the HTML5 feature set on a site like HTML5test and see that it is at the top of all the browsers up there (517 points, only Chrome 56 for Windows scores better because it supports speech synthesis).
Packages for Slackware 14.2 and -current are now available from my repository. No ETA for Slackware 14.1 packages, and perhaps it is time for people still using Chromium on 14.1 to upgrade to 14.2?
Google updated their Chrome/Chromium with mention of some security fixes. I had to finish compiling LibreOffice first, and also it takes a while for the official chromium source tarball to appear on Google’s servers. But the weekend started uneventful so it was easy to build you some new packages for the chromium browser inbetween baking some tasty sourdough bread. Accompanied by packages for the widevine plugin (a closed-source non-free plugin which allows you to watch Netflix in particular).
The security fixes in chromium 45.0.2454.101 have CVE numbers:
[$TBD] High CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski.
[$TBD] High CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski.
Get my chromium (and widevine plugin) packages in one of the usual locations: