Chrome: 72 hours to update or delete your browser. (www.forbes.com)
from BCat70@lemmy.world to technology@lemmy.world on 03 Jun 2024 22:09
https://lemmy.world/post/16150387

As read from my Mozilla Firefox…

#technology

threaded - newest

tedu on 03 Jun 2024 22:35 next collapse

I'm going to go way out on a limb here and guess nothing will happen if I do neither.

AlphaAutist@lemmy.world on 03 Jun 2024 22:43 collapse

The article says that’s what the government is telling employees since there were several critical vulnerabilities found in chrome. It is very convenient that these vulnerabilities were patched in the same update that manifest v2 is removed though

aniki@lemm.ee on 03 Jun 2024 22:45 next collapse

That’s what I was thinking. It’s mighty convenient…

Audalin@lemmy.world on 03 Jun 2024 22:52 next collapse

CVEs are constantly found in complex software, that’s why security updates are important. If not these, it’d have been other ones a couple of weeks or months later. And government users can’t exactly opt out of security updates, even if they come with feature regressions.

You also shouldn’t keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.

Lost_My_Mind@lemmy.world on 03 Jun 2024 23:02 next collapse

Hi. I’m using Netscape!

essteeyou@lemmy.world on 03 Jun 2024 23:13 next collapse

I’m using IE5.5 and a screen resolution of 800x600 because a website said that was the best way to view it 25 years ago.

Audalin@lemmy.world on 03 Jun 2024 23:20 next collapse

xkcd.com is best viewed with Netscape Navigator 4.0 or below on a Pentium 3±1 emulated in Javascript on an Apple IIGS at a screen resolution of 1024x1. Please enable your ad blockers, disable high-heat drying, and remove your device from Airplane Mode and set it to Boat Mode. For security reasons, please leave caps lock on while browsing.

Rhaedas@fedia.io on 04 Jun 2024 00:21 collapse

Never realized that was there. One of the ten thousand.

KISSmyOSFeddit@lemmy.world on 03 Jun 2024 23:24 collapse

ilsogno-hd.de

This website is optimized for Internet Explorer 6.0 and Firefox 1.5

Elgenzay@lemmy.ml on 04 Jun 2024 02:02 collapse

I’m using tilt controls!

reddig33@lemmy.world on 03 Jun 2024 23:33 next collapse

Maybe that software doesn’t need to be so fucking “complex”. It’s a web browser. Stop cramming everything but the kitchen sink into it. Half of the crap in web browsers like WebGL and WASM should be plugins anyway.

deweydecibel@lemmy.world on 03 Jun 2024 23:34 next collapse

You also shouldn’t keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.

It’s disgusting how this exact idea is used to push users away from things they want, and no matter what they claim, you can’t convince me this isn’t part of how they design certain updates. When the customer has no choice but to update, the company has no reason to make the update appealing. They can actively make it all worse and worse and worse, while continuing to scare users into accepting it.

I’m tired of companies hiding behind “security” to mask anti-consumer shit, and I’m tired of the security community helping them shovel that shit while acting like the consumer is a fool for not wanting to eat it.

0xD@infosec.pub on 04 Jun 2024 00:07 collapse

Yeah, go read a book or something.You have no idea what you are talking about.

unexpectedteapot@lemmy.ml on 04 Jun 2024 01:18 collapse

Backporting security and bug fixes is a responsible and reasonable measure taken by any software that actually respects its users ESPECIALLY when a new breaking update is released. You failed at bullying a stranger with valid concerns. Try to bring reason with you next time before you decide to be rude and condescending.

AbidanYre@lemmy.world on 04 Jun 2024 00:41 collapse

You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox

You can find them, but you’re not getting them installed on your government issued work computer.

catloaf@lemm.ee on 04 Jun 2024 01:31 collapse

Depends on the government org. Some give more flexibility than others.

AbidanYre@lemmy.world on 04 Jun 2024 02:07 collapse

Fair enough. My experience is mainly in and around the DoD.

tedu on 03 Jun 2024 22:57 next collapse

I don't know why you'd jump to the dev channel, though. Just apply the stable channel update.

Neato@ttrpg.network on 04 Jun 2024 02:46 collapse

Government isn’t telling employees shit. Federal users have no control over browser updates or most settings. At best this is a directive to push updates to it department head.

thejml@lemm.ee on 03 Jun 2024 22:47 next collapse

I choose to just continue not having it in the first place. I uninstalled it from my work PC a year ago and never put it on either personal install. Definitely haven’t missed it.

Lost_My_Mind@lemmy.world on 03 Jun 2024 23:03 collapse

But you’re missing out on all those privacy violations, and spying!

jabathekek@sopuli.xyz on 04 Jun 2024 01:02 collapse

Yeah, no one’s thinking of the exhibitionists! For shame!

deweydecibel@lemmy.world on 03 Jun 2024 23:22 next collapse

headlines have focused on the detrimental effect this will have on ad blockers, which will need to adopt a complex workaround to work as now. There is a risk that users reading those headlines might seek to delay updating their browser, to prevent any ad blocker issues; you really shouldn’t go down this road—the security update is critical.

It’s almost like tying together feature updates with security updates was a deliberate choice by tech companies so that they could tell users shit exactly like this.

How can there be any real market choices when software literally tells users “for your own safety, you must abandon the things you want, and take the things we give you”. How can consumers influence the direction of the product if they never have the option to decline that direction?

tedu on 04 Jun 2024 00:31 next collapse

We're all trying to figure out where these headlines came from. The stable channel with all the fixes does not (at this time) bundle the warning. How is that users have become confused and believe the dev channel is the only way to get security fixes?

madsen@lemmy.world on 04 Jun 2024 06:54 collapse

The headline is supposedly CISA urging users to either update or delete Chrome — it’s not Chrome/Google itself. However, I’m having trouble finding the actual CISA alert. It’s not linked in the article as far as I can tell.

avidamoeba@lemmy.ca on 04 Jun 2024 07:54 next collapse

When it comes to open source software, market choices aren’t nearly as necessary because new ones can be created at will and very low cost by forking. But in the abstract thech companies are definitely not interested in choices. Choices don’t maximize profits.

AProfessional@lemmy.world on 04 Jun 2024 11:55 collapse

Maintaining a fork of Chromium would cost millions to do it responsibly.

avidamoeba@lemmy.ca on 04 Jun 2024 13:28 collapse

It depends on how fat the fork is. While I haven’t worked on Blink, as a developer who works on other people’s very large codebases, including one from Google, I disagree. There are free tools for build automation. That’ll take care of being up-to-date with upstream in terms of security. Patching things can be done using conflict-minimizing strategies. I used to work at an Android OEM and I’ve seen it done with great success. Thinking of Blink specifically, there have been lots of forks during its WebKit days. If I remember correctly there are also thin forks of Firefox maintained by some open source developers. This is all to support thay I don’t think it’s that big of a deal. Especially if most of it is rebranding and restoring some deprecated or deleted functionality. Could be wrong. I think we’ll see, because I have a feeling the cost of maintaining a Chromium fork could be cheaper than patching apps to work well on Firefox. Some corpos might even pitch in. Not to mention that it isn’t at all obvious for how long Firefox will be developed by Mozilla. If they drop the ball at some point we’ll be faced with implementing new features in Firefox vs patching features of Chromium. ⚖️

mryessir@lemmy.sdf.org on 05 Jun 2024 05:00 collapse

It does not depend in how fat the fork is. You provide some reasons on your own.

Your assumption appears to be that open source software can be maintained with minimal costs by the community and sofware-aid assures an ongoing bug prevention of some sort.

In the end you still need at least a few full-time devs on it. It would be fair to pay them accordingly if they are maintaining behemoths of software.

Funfact: Infrastructure costs are x-times higher then IT Personel in my organization. A big chunk of it is energy and space; But its less then licensing costs…

avidamoeba@lemmy.ca on 05 Jun 2024 09:20 collapse

The Debian community already maintains a Chromium fork. How much does that cost?

The human time needed should grow with the number of patches that need to be applied to the upstream code base, because some will fail now and then. This is what I refer to as “fatness” of the fork. The more patches, the fatter. It should be possible to build, packege and publish a fork with zero patches without human intervention, after the initial automation work. Testing is done by the users as it always has been in Debian and its derivatives. You’re referring to a few full-time developers and I simply don’t see the need. Maybe I’m missing something obvious. 😅

mryessir@lemmy.sdf.org on 05 Jun 2024 11:32 collapse

The Debian community not already maintains a Chromium fork. How much does that cost?

I honestly can’t and wouldn’t judge: Time, Resources, implicit know-how etc. are unknown to me.

The human time needed should grow with the number of patches that need to be applied to the upstream code base, …

jupp

… because some will fail now and then.

Forks are done due to different reasons. Therefore it depends why to fork. It could be possible that one feature diverges so much that applying patches isn’t enough. Especially patches in a debian sense, neither .diff/.patch-patches.

This is what I refer to as “fatness” of the fork. The more patches, the fatter. It should be possible to build, packege and publish a fork with zero patches without human intervention, after the initial automation work.

For a brief period, until something rattles on the build system. Debian patches are often applied to remove binary blobs due to licensing - Imagine upstream chooses to include M$ Recall into the render engine. You would need to apply extraordinary amounts of work. Maybe even maintaining a complete separate implementation. This would also imply changes on the build systems, which needs to get aligned continiously between both upstreams, now.

Maybe I’m missing something obvious. 😅

With each version you have to very carefully review every commit if you want to maintain compatability with upstream, in order to merge patches into your fork.

When there are 50 devs working on upstream and you need to review every commit to assure requirement X, this alone is a hard path. If you need to also apply workarounds compatible with future versions of upstream, you need PROFESSIONALS. Luckily these are found in the FOSS community; But they are underpaid and worse: underappreciated.

// plus I could imagine that things like chrome may even not be coming with the full test suite. The test suite of a browser are surely so huge I can’t even comprehend the effort put into it. And then bug tickets… Upstream says: Not in my version. Now the fork has to address these themselves! :)

laurelraven@lemmy.blahaj.zone on 06 Jun 2024 08:21 collapse

Add into that, I’m betting googie will actively try to make downstream forks difficult to maintain without accepting the components they want to force on everyone like manifest v3

mryessir@lemmy.sdf.org on 06 Jun 2024 08:29 collapse

Don’t hate google too much…! They are an essential company to the west world; They contribute a lot to the community.

As long there is no business interest, the developers there are very competent and would defend their architectural choices I want to believe.

But yes, they - as a whole - have earned such a mistrust by now very much IMO.

laurelraven@lemmy.blahaj.zone on 07 Jun 2024 04:53 collapse

I have no interest in giving them the benefit of any doubt, they not only haven’t earned it but actively squandered and destroyed the trust they had earned in the past.

They’ll actually have to do something to make themselves trustworthy again, and even if they do, there will always be the threat of them reverting to what they are now or worse looming over every good thing they do.

They not only became what they set out to oppose, they’ve become so much worse.

Alpha71@lemmy.world on 05 Jun 2024 19:56 collapse

How can consumers influence the direction of the product if they never have the option to decline that direction?

They always have an option, they just don’t have the balls to actually do it.

Talaraine@fedia.io on 03 Jun 2024 23:41 next collapse

"Well, BYE!"

gdog05@lemmy.world on 04 Jun 2024 00:08 collapse

Great reference. Also, you can do gifs in Lemmy. Not sure if everyone knows that or not.

<img alt="" src="https://lemmy.world/pictrs/image/7345a2f8-314c-407f-966a-98d6f1d3e836.webp">

AceBonobo@lemmy.world on 04 Jun 2024 04:59 collapse

Ooo being fancy with .webp

tsonfeir@lemmy.world on 04 Jun 2024 00:35 next collapse

Which of you fools still use Google products?

PrincessLeiasCat@sh.itjust.works on 04 Jun 2024 02:52 next collapse

Sometimes we have to for work. That or Edge :(

tsonfeir@lemmy.world on 04 Jun 2024 03:34 collapse

Your IT department should be very concerned

Grippler@feddit.dk on 04 Jun 2024 10:36 collapse

The IT department are the morons enforcing that shit.

tsonfeir@lemmy.world on 04 Jun 2024 14:18 collapse

I have do doubt haha

jabathekek@sopuli.xyz on 05 Jun 2024 00:42 collapse

“it’s more profeshunal.”

tsonfeir@lemmy.world on 05 Jun 2024 00:43 collapse

I can feel the spray of saliva in that comment.

jabathekek@sopuli.xyz on 05 Jun 2024 02:05 collapse

can you smell the breath too

callmepk@lemmy.world on 04 Jun 2024 04:42 next collapse

I have to use for work, because all our customer only uses chrome or chrome-based browser :(

tsonfeir@lemmy.world on 04 Jun 2024 04:45 collapse

Show them the way!!! … to Firefox.

devilish666@lemmy.world on 04 Jun 2024 08:53 collapse

Well it’s me bc my job :

  1. YouTube Revanced for entertainment
  2. MicroG for account for apps that need google dependency for work
  3. Gmail for personal email although nowadays i rarely used it because my client rather used Telegram or WhatsApp
  4. GDrive for backup
eodur@lemmy.world on 04 Jun 2024 11:35 collapse

I highly recommend looking at something like Proton for 3 and 4. Or backblaze for 4 if it’s truly for backup.

devilish666@lemmy.world on 04 Jun 2024 11:46 collapse

Thx for recommendations bro
I already used proton but that’s only for truly personal stuff, a lot of things on my country only support Microsoft mail or google sadly that’s why I’m still using gmail for works, same thing like WhatsApp

Now i only need recommendations for YouTube apps that can sync playlist from my YouTube (like SpMp music player), bc i hate using YtRevanced patch every time YouTube roll out new apps

eodur@lemmy.world on 04 Jun 2024 12:27 collapse

Ah. I still have a “gmail” account but it’s entirely for the places that require a Google account now.

As for YouTube, I just stumbled across this thread: lemmy.zip/post/16741291

jabathekek@sopuli.xyz on 04 Jun 2024 01:03 next collapse

www.mozilla.org/en-GB/firefox/new/

:D

LinusOnLemmyWld@lemmy.world on 04 Jun 2024 02:40 next collapse

chrome, hahaha

DaCrazyJamez@sh.itjust.works on 04 Jun 2024 04:53 next collapse

So google manufactured a (possibly false) security risk to force users into updating to manifest v3 software?

umbrella@lemmy.ml on 05 Jun 2024 04:20 collapse

its not a false security risk, it really is unsecure to withhold updates.

the bullshit comes from what they are doing.

pewgar_seemsimandroid@lemmy.blahaj.zone on 04 Jun 2024 06:29 next collapse

delete…

TankovayaDiviziya@lemmy.world on 04 Jun 2024 09:10 next collapse

I always use Mozilla Firefox

sips hot chocolate

So that isn’t my concern.

Allero@lemmy.today on 05 Jun 2024 11:19 collapse

Add Linux on top to finish them all off

_sideffect@lemmy.world on 04 Jun 2024 12:20 next collapse

What a pos company

I really need to start to de-google my life

sugar_in_your_tea@sh.itjust.works on 04 Jun 2024 13:33 next collapse

Do it!

I’m still working on it, but I’ve cut out quite a bit. Start with Chrome, and work your way down.

When you get to email, Gmail has a very convenient forwarding feature so you can forward all email to the new one while you change accounts and whatnot. I made a new account elsewhere, and I have a separate folder for email from my old Gmail and my new email. Every so often I’ll go fix an account or two, so I’m making steady progress.

For me, docs/drive is the hardest, so I’m doing it last. I’m playing with self-hosted options, and am still in an adjustment period.

QuadratureSurfer@lemmy.world on 04 Jun 2024 15:37 next collapse

Getting away from Google Maps has been a tough one. There aren’t many options there, it’s either Google, Apple, Microsoft, or OpenStreetMap.

I’ve been contributing to OSM for my local area as much as possible to update businesses and their opening hours, website, etc., but it’s not a small task.

dan1101@lemm.ee on 04 Jun 2024 19:31 next collapse

For Google Maps, what about a dedicated phone for just running Maps? It would only get internet from hotspot on your real phone.

onion@feddit.de on 04 Jun 2024 22:04 next collapse

You can run multiple user profiles on one phone to isolate apps like Google Maps.

Tutorial/explaination:

www.youtube.com/watch?v=YB01HHFitFA

PipedLinkBot@feddit.rocks on 04 Jun 2024 22:05 next collapse

Here is an alternative Piped link(s):

https://www.piped.video/watch?v=YB01HHFitFA

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I’m open-source; check me out at GitHub.

sugar_in_your_tea@sh.itjust.works on 04 Jun 2024 22:30 next collapse

Yup, that’s what I do.

dan1101@lemm.ee on 05 Jun 2024 19:45 next collapse

Never considered something like that. Shame it’s only for GrapheneOS, which apparently only runs on Google Pixel phones.

onion@feddit.de on 10 Jun 2024 09:10 collapse

Graphene allows more profiles but it should work on stock android

r0ertel@lemmy.world on 05 Jun 2024 23:28 collapse

The irony of posting a YouTube link to a comment thread that started with the person looking to degoogle is delicious.

fine_sandy_bottom@discuss.tchncs.de on 05 Jun 2024 23:31 collapse

2 phones is a huge pain in the ass even when they have completely separate contexts like work & personal.

It’s a hard no if it’s just for maps.

onion@feddit.de on 04 Jun 2024 22:09 next collapse

I’ve been getting around quite well on OrganicMaps, but it does lack live traffic information

sugar_in_your_tea@sh.itjust.works on 04 Jun 2024 23:40 collapse

Honestly, the live traffic information is pretty bad in my area anyway. It’ll say a road has high traffic or an accident long after the traffic has cleared, or it’ll say it’s clear when it’s clearly not.

So if that’s your hangup, try going without it for a week or two and see if it really impacts you.

r0ertel@lemmy.world on 05 Jun 2024 22:23 collapse

Hello fellow OSM contributor! We’ve been doing driver’s ed at home and while I’m in the passenger seat, I’m poppin’ everything on Street Complete! The kid gets the required behind the wheel hours and I’m contributing to OSM.

JohnOliver@feddit.dk on 04 Jun 2024 22:20 next collapse

The biggest hurtle for me are Google maps, google photos and all the sites that i have signed up with google

sugar_in_your_tea@sh.itjust.works on 04 Jun 2024 23:42 next collapse

Yup, both are difficult. But you can at least use maps anonymously if you do it from a separate profile, which can help a little.

But just knock one out at a time and eventually it won’t seem as hard to switch to a competitor.

luckystarr@feddit.de on 05 Jun 2024 00:11 collapse

Try OrganicMaps. It’s the best OpenStreetMaps backed app I’ve ever used, and I’ve tried almost all of them for 10 years now.

Burn_The_Right@lemmy.world on 05 Jun 2024 15:29 next collapse

Sync.com was my solution to replacing Google Drive. It was the only one I could find that actually did everything Google Drive did (and is less expensive). They’re honest and communicative, unlike Dropbox or Google.

Rai@lemmy.dbzer0.com on 05 Jun 2024 22:28 collapse

I fully did it like eight years ago and I don’t miss it at all.

onion@feddit.de on 04 Jun 2024 22:06 collapse

Check out www.privacyguides.org, they have a bunch of useful info and recommendations.

Remember, it’s not an all-or-nothing situation, every step you take away from google helps. And you can always reevaluate later, and take time to figure out what works best for you.

_sideffect@lemmy.world on 05 Jun 2024 21:15 collapse

Will do, thanks!

demonsword@lemmy.world on 04 Jun 2024 12:51 next collapse

archived version

granolabar@kbin.melroy.org on 04 Jun 2024 21:09 next collapse

Why foes government allow spyware on its own hardware?

Dark_Dragon@lemmy.dbzer0.com on 05 Jun 2024 22:06 collapse

My govt website and other things allow only latest Microsoft edge and Google Chrome. Firefox isn’t allowed it seems.

Sam_Bass@lemmy.world on 04 Jun 2024 21:15 next collapse

Awfully convenient for this to come along to coincide with.chrome new manifest change

2kool4idkwhat@lemdro.id on 04 Jun 2024 23:00 next collapse

Meanwhile my school still uses Chrome v109 since that was the last version that supported Windows 8

Manzas@lemdro.id on 05 Jun 2024 12:02 next collapse

We still use it in biology ,but not in IT we have windows 10 or 11 on them I always install Firefox on them if it isn’t already there one time some Ukrainian kid set the language .

Presently42@lemmy.ca on 05 Jun 2024 15:38 collapse

Slava ukrayini

Manzas@lemdro.id on 06 Jun 2024 04:28 collapse

?

yournamehere@lemm.ee on 05 Jun 2024 17:03 collapse

i doubt windows 8 or 9 ever really existed

the_crotch@sh.itjust.works on 05 Jun 2024 02:21 next collapse

Ok I’ll delete it. Thanks Google.

chemicalwonka@discuss.tchncs.de on 05 Jun 2024 03:42 next collapse

I already did 5 years ago

Cryophilia@lemmy.world on 05 Jun 2024 11:25 next collapse

We get it guys, you use Firefox.

Hadriscus@lemm.ee on 05 Jun 2024 12:51 next collapse

Would you like to take a moment to talk about our lord and savior, Firefox ?

DAMunzy@lemmy.dbzer0.com on 05 Jun 2024 21:25 collapse

On Arch, btw

NutWrench@lemmy.world on 05 Jun 2024 12:39 next collapse

So . . . exactly what stealth crap is hidden in the Chrome “update?”

" . . . but it’s also the day Google started to pull the plug on many Manifest V2 extensions as its rollout of Manifest V3 takes shape."

Ahhhh, there we go. Manifest 3 will break almost all Chrome adblockers.

mechoman444@lemmy.world on 05 Jun 2024 12:49 next collapse

HOW CAN I DELETE SOMETHING I DON’T HAVE!!!

Screams in existential crisis

StaySquared@lemmy.world on 05 Jun 2024 15:33 next collapse

Amazing how these big corps hate freedom.

Raglesnarf@lemmy.world on 05 Jun 2024 22:16 collapse

why do I feel like this about the new ad block policy stuff