As read from my Mozilla Firefox…
headlines have focused on the detrimental effect this will have on ad blockers, which will need to adopt a complex workaround to work as now. There is a risk that users reading those headlines might seek to delay updating their browser, to prevent any ad blocker issues; you really shouldn’t go down this road—the security update is critical.
It’s almost like tying together feature updates with security updates was a deliberate choice by tech companies so that they could tell users shit exactly like this.
How can there be any real market choices when software literally tells users “for your own safety, you must abandon the things you want, and take the things we give you”. How can consumers influence the direction of the product if they never have the option to decline that direction?
We’re all trying to figure out where these headlines came from. The stable channel with all the fixes does not (at this time) bundle the warning. How is that users have become confused and believe the dev channel is the only way to get security fixes?
The headline is supposedly CISA urging users to either update or delete Chrome — it’s not Chrome/Google itself. However, I’m having trouble finding the actual CISA alert. It’s not linked in the article as far as I can tell.
When it comes to open source software, market choices aren’t nearly as necessary because new ones can be created at will by forking. But in the abstract thech companies are definitely not interested in choices. Choices don’t maximize profits.
Maintaining a fork of Chromium would cost millions to do it responsibly.
It depends on how fat the fork is. While I haven’t worked on Blink, as a developer who works on other people’s very large codebases, including one from Google, I disagree. There are free tools for build automation. That’ll take care of being up-to-date with upstream in terms of security. Patching things can be done using conflict-minimizing strategies. I used to work at an Android OEM and I’ve seen it done with great success. Thinking of Blink specifically, there have been lots of forks during its WebKit days. If I remember correctly there are also thin forks of Firefox maintained by some open source developers. This is all to support thay I don’t think it’s that big of a deal. Especially if most of it is rebranding and restoring some deprecated or deleted functionality. Could be wrong. I think we’ll see, because I have a feeling the cost of maintaining a Chromium fork could be cheaper than patching apps to work well on Firefox. Some corpos might even pitch in. Not to mention that it isn’t at all obvious for how long Firefox will be developed by Mozilla. If they drop the ball at some point we’ll be faced with implementing new features in Firefox vs patching features of Chromium. ⚖️
It does not depend in how fat the fork is. You provide some reasons on your own.
Your assumption appears to be that open source software can be maintained with minimal costs by the community and sofware-aid assures an ongoing bug prevention of some sort.
In the end you still need at least a few full-time devs on it. It would be fair to pay them accordingly if they are maintaining behemoths of software.
Funfact: Infrastructure costs are x-times higher then IT Personel in my organization. A big chunk of it is energy and space; But its less then licensing costs…
The Debian community already maintains a Chromium fork. How much does that cost?
The human time needed should grow with the number of patches that need to be applied to the upstream code base, because some will fail now and then. This is what I refer to as “fatness” of the fork. The more patches, the fatter. It should be possible to build, packege and publish a fork with zero patches without human intervention, after the initial automation work. Testing is done by the users as it always has been in Debian and its derivatives. You’re referring to a few full-time developers and I simply don’t see the need. Maybe I’m missing something obvious. 😅
The Debian community not already maintains a Chromium fork. How much does that cost?
I honestly can’t and wouldn’t judge: Time, Resources, implicit know-how etc. are unknown to me.
The human time needed should grow with the number of patches that need to be applied to the upstream code base, …
jupp
… because some will fail now and then.
Forks are done due to different reasons. Therefore it depends why to fork. It could be possible that one feature diverges so much that applying patches isn’t enough. Especially patches in a debian sense, neither .diff/.patch-patches.
This is what I refer to as “fatness” of the fork. The more patches, the fatter. It should be possible to build, packege and publish a fork with zero patches without human intervention, after the initial automation work.
For a brief period, until something rattles on the build system. Debian patches are often applied to remove binary blobs due to licensing - Imagine upstream chooses to include M$ Recall into the render engine. You would need to apply extraordinary amounts of work. Maybe even maintaining a complete separate implementation. This would also imply changes on the build systems, which needs to get aligned continiously between both upstreams, now.
Maybe I’m missing something obvious. 😅
With each version you have to very carefully review every commit if you want to maintain compatability with upstream, in order to merge patches into your fork.
When there are 50 devs working on upstream and you need to review every commit to assure requirement X, this alone is a hard path. If you need to also apply workarounds compatible with future versions of upstream, you need PROFESSIONALS. Luckily these are found in the FOSS community; But they are underpaid and worse: underappreciated.
// plus I could imagine that things like chrome may even not be coming with the full test suite. The test suite of a browser are surely so huge I can’t even comprehend the effort put into it. And then bug tickets… Upstream says: Not in my version. Now the fork has to address these themselves! :)
Add into that, I’m betting googie will actively try to make downstream forks difficult to maintain without accepting the components they want to force on everyone like manifest v3
How can consumers influence the direction of the product if they never have the option to decline that direction?
They always have an option, they just don’t have the balls to actually do it.
I’m going to go way out on a limb here and guess nothing will happen if I do neither.
The article says that’s what the government is telling employees since there were several critical vulnerabilities found in chrome. It is very convenient that these vulnerabilities were patched in the same update that manifest v2 is removed though
CVEs are constantly found in complex software, that’s why security updates are important. If not these, it’d have been other ones a couple of weeks or months later. And government users can’t exactly opt out of security updates, even if they come with feature regressions.
You also shouldn’t keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.
You also shouldn’t keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.
It’s disgusting how this exact idea is used to push users away from things they want, and no matter what they claim, you can’t convince me this isn’t part of how they design certain updates. When the customer has no choice but to update, the company has no reason to make the update appealing. They can actively make it all worse and worse and worse, while continuing to scare users into accepting it.
I’m tired of companies hiding behind “security” to mask anti-consumer shit, and I’m tired of the security community helping them shovel that shit while acting like the consumer is a fool for not wanting to eat it.
Yeah, go read a book or something.You have no idea what you are talking about.
Maybe that software doesn’t need to be so fucking “complex”. It’s a web browser. Stop cramming everything but the kitchen sink into it. Half of the crap in web browsers like WebGL and WASM should be plugins anyway.
You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox
You can find them, but you’re not getting them installed on your government issued work computer.
Depends on the government org. Some give more flexibility than others.
Fair enough. My experience is mainly in and around the DoD.
Hi. I’m using Netscape!
I’m using IE5.5 and a screen resolution of 800x600 because a website said that was the best way to view it 25 years ago.
xkcd.com is best viewed with Netscape Navigator 4.0 or below on a Pentium 3±1 emulated in Javascript on an Apple IIGS at a screen resolution of 1024x1. Please enable your ad blockers, disable high-heat drying, and remove your device from Airplane Mode and set it to Boat Mode. For security reasons, please leave caps lock on while browsing.
Never realized that was there. One of the ten thousand.
This website is optimized for Internet Explorer 6.0 and Firefox 1.5
That’s what I was thinking. It’s mighty convenient…
Government isn’t telling employees shit. Federal users have no control over browser updates or most settings. At best this is a directive to push updates to it department head.
I don’t know why you’d jump to the dev channel, though. Just apply the stable channel update.
So google manufactured a (possibly false) security risk to force users into updating to manifest v3 software?
“Well, BYE!”
Great reference. Also, you can do gifs in Lemmy. Not sure if everyone knows that or not.
Ooo being fancy with .webp
Ok I’ll delete it. Thanks Google.
Which of you fools still use Google products?
Sometimes we have to for work. That or Edge :(
Your IT department should be very concerned
The IT department are the morons enforcing that shit.
I have to use for work, because all our customer only uses chrome or chrome-based browser :(
Show them the way!!! … to Firefox.
What a pos company
I really need to start to de-google my life
Check out https://www.privacyguides.org, they have a bunch of useful info and recommendations.
Remember, it’s not an all-or-nothing situation, every step you take away from google helps. And you can always reevaluate later, and take time to figure out what works best for you.
Will do, thanks!
Do it!
I’m still working on it, but I’ve cut out quite a bit. Start with Chrome, and work your way down.
When you get to email, Gmail has a very convenient forwarding feature so you can forward all email to the new one while you change accounts and whatnot. I made a new account elsewhere, and I have a separate folder for email from my old Gmail and my new email. Every so often I’ll go fix an account or two, so I’m making steady progress.
For me, docs/drive is the hardest, so I’m doing it last. I’m playing with self-hosted options, and am still in an adjustment period.
Getting away from Google Maps has been a tough one. There aren’t many options there, it’s either Google, Apple, Microsoft, or OpenStreetMap.
I’ve been contributing to OSM for my local area as much as possible to update businesses and their opening hours, website, etc., but it’s not a small task.
I’ve been getting around quite well on OrganicMaps, but it does lack live traffic information
Honestly, the live traffic information is pretty bad in my area anyway. It’ll say a road has high traffic or an accident long after the traffic has cleared, or it’ll say it’s clear when it’s clearly not.
So if that’s your hangup, try going without it for a week or two and see if it really impacts you.
For Google Maps, what about a dedicated phone for just running Maps? It would only get internet from hotspot on your real phone.
You can run multiple user profiles on one phone to isolate apps like Google Maps.
Tutorial/explaination:
Yup, that’s what I do.
Here is an alternative Piped link(s):
https://www.piped.video/watch?v=YB01HHFitFA
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source; check me out at GitHub.
Never considered something like that. Shame it’s only for GrapheneOS, which apparently only runs on Google Pixel phones.
Graphene allows more profiles but it should work on stock android
The irony of posting a YouTube link to a comment thread that started with the person looking to degoogle is delicious.
2 phones is a huge pain in the ass even when they have completely separate contexts like work & personal.
It’s a hard no if it’s just for maps.
Hello fellow OSM contributor! We’ve been doing driver’s ed at home and while I’m in the passenger seat, I’m poppin’ everything on Street Complete! The kid gets the required behind the wheel hours and I’m contributing to OSM.
I fully did it like eight years ago and I don’t miss it at all.
Sync.com was my solution to replacing Google Drive. It was the only one I could find that actually did everything Google Drive did (and is less expensive). They’re honest and communicative, unlike Dropbox or Google.
The biggest hurtle for me are Google maps, google photos and all the sites that i have signed up with google
Try OrganicMaps. It’s the best OpenStreetMaps backed app I’ve ever used, and I’ve tried almost all of them for 10 years now.
Yup, both are difficult. But you can at least use maps anonymously if you do it from a separate profile, which can help a little.
But just knock one out at a time and eventually it won’t seem as hard to switch to a competitor.
I choose to just continue not having it in the first place. I uninstalled it from my work PC a year ago and never put it on either personal install. Definitely haven’t missed it.
But you’re missing out on all those privacy violations, and spying!
Yeah, no one’s thinking of the exhibitionists! For shame!
So . . . exactly what stealth crap is hidden in the Chrome “update?”
" . . . but it’s also the day Google started to pull the plug on many Manifest V2 extensions as its rollout of Manifest V3 takes shape."
Ahhhh, there we go. Manifest 3 will break almost all Chrome adblockers.
I always use Mozilla Firefox
sips hot chocolate
So that isn’t my concern.
Add Linux on top to finish them all off
Meanwhile my school still uses Chrome v109 since that was the last version that supported Windows 8
We still use it in biology ,but not in IT we have windows 10 or 11 on them I always install Firefox on them if it isn’t already there one time some Ukrainian kid set the language .
Slava ukrayini
?
i doubt windows 8 or 9 ever really existed
chrome, hahaha
delete…
I already did 5 years ago