this post was submitted on 03 Jun 2024
397 points (96.5% liked)

Technology

59308 readers
5201 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

As read from my Mozilla Firefox....

top 50 comments
sorted by: hot top controversial new old
[–] deweydecibel@lemmy.world 217 points 5 months ago* (last edited 5 months ago) (3 children)

headlines have focused on the detrimental effect this will have on ad blockers, which will need to adopt a complex workaround to work as now. There is a risk that users reading those headlines might seek to delay updating their browser, to prevent any ad blocker issues; you really shouldn’t go down this road—the security update is critical.

It's almost like tying together feature updates with security updates was a deliberate choice by tech companies so that they could tell users shit exactly like this.

How can there be any real market choices when software literally tells users "for your own safety, you must abandon the things you want, and take the things we give you". How can consumers influence the direction of the product if they never have the option to decline that direction?

[–] tedu@azorius.net 24 points 5 months ago (1 children)

We're all trying to figure out where these headlines came from. The stable channel with all the fixes does not (at this time) bundle the warning. How is that users have become confused and believe the dev channel is the only way to get security fixes?

[–] madsen@lemmy.world 13 points 5 months ago

The headline is supposedly CISA urging users to either update or delete Chrome — it's not Chrome/Google itself. However, I'm having trouble finding the actual CISA alert. It's not linked in the article as far as I can tell.

[–] avidamoeba@lemmy.ca 14 points 5 months ago* (last edited 5 months ago) (1 children)

When it comes to open source software, market choices aren't nearly as necessary because new ones can be created at will and very low cost by forking. But in the abstract thech companies are definitely not interested in choices. Choices don't maximize profits.

[–] AProfessional@lemmy.world 5 points 5 months ago (1 children)

Maintaining a fork of Chromium would cost millions to do it responsibly.

[–] avidamoeba@lemmy.ca 9 points 5 months ago* (last edited 5 months ago) (6 children)

It depends on how fat the fork is. While I haven't worked on Blink, as a developer who works on other people's very large codebases, including one from Google, I disagree. There are free tools for build automation. That'll take care of being up-to-date with upstream in terms of security. Patching things can be done using conflict-minimizing strategies. I used to work at an Android OEM and I've seen it done with great success. Thinking of Blink specifically, there have been lots of forks during its WebKit days. If I remember correctly there are also thin forks of Firefox maintained by some open source developers. This is all to support thay I don't think it's that big of a deal. Especially if most of it is rebranding and restoring some deprecated or deleted functionality. Could be wrong. I think we'll see, because I have a feeling the cost of maintaining a Chromium fork could be cheaper than patching apps to work well on Firefox. Some corpos might even pitch in. Not to mention that it isn't at all obvious for how long Firefox will be developed by Mozilla. If they drop the ball at some point we'll be faced with implementing new features in Firefox vs patching features of Chromium. ⚖️

load more comments (6 replies)
load more comments (1 replies)
[–] tedu@azorius.net 97 points 5 months ago (1 children)

I'm going to go way out on a limb here and guess nothing will happen if I do neither.

[–] AlphaAutist@lemmy.world 105 points 5 months ago (4 children)

The article says that’s what the government is telling employees since there were several critical vulnerabilities found in chrome. It is very convenient that these vulnerabilities were patched in the same update that manifest v2 is removed though

[–] Audalin@lemmy.world 47 points 5 months ago (9 children)

CVEs are constantly found in complex software, that's why security updates are important. If not these, it'd have been other ones a couple of weeks or months later. And government users can't exactly opt out of security updates, even if they come with feature regressions.

You also shouldn't keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.

[–] deweydecibel@lemmy.world 33 points 5 months ago* (last edited 5 months ago) (2 children)

You also shouldn't keep using software with known vulnerabilities. You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox.

It's disgusting how this exact idea is used to push users away from things they want, and no matter what they claim, you can't convince me this isn't part of how they design certain updates. When the customer has no choice but to update, the company has no reason to make the update appealing. They can actively make it all worse and worse and worse, while continuing to scare users into accepting it.

I'm tired of companies hiding behind "security" to mask anti-consumer shit, and I'm tired of the security community helping them shovel that shit while acting like the consumer is a fool for not wanting to eat it.

load more comments (2 replies)
[–] reddig33@lemmy.world 7 points 5 months ago

Maybe that software doesn’t need to be so fucking “complex”. It’s a web browser. Stop cramming everything but the kitchen sink into it. Half of the crap in web browsers like WebGL and WASM should be plugins anyway.

[–] AbidanYre@lemmy.world 6 points 5 months ago (2 children)

You can find a maintained fork of Chromium with continued Manifest V2 support or choose another browser like Firefox

You can find them, but you're not getting them installed on your government issued work computer.

load more comments (2 replies)
load more comments (6 replies)
[–] aniki@lemm.ee 6 points 5 months ago

That's what I was thinking. It's mighty convenient...

[–] Neato@ttrpg.network 5 points 5 months ago

Government isn't telling employees shit. Federal users have no control over browser updates or most settings. At best this is a directive to push updates to it department head.

load more comments (1 replies)
[–] jabathekek@sopuli.xyz 77 points 5 months ago
[–] DaCrazyJamez@sh.itjust.works 73 points 5 months ago (1 children)

So google manufactured a (possibly false) security risk to force users into updating to manifest v3 software?

[–] umbrella@lemmy.ml 10 points 5 months ago

its not a false security risk, it really is unsecure to withhold updates.

the bullshit comes from what they are doing.

[–] TankovayaDiviziya@lemmy.world 48 points 5 months ago (1 children)

I always use Mozilla Firefox

sips hot chocolate

So that isn't my concern.

load more comments (1 replies)
[–] _sideffect@lemmy.world 48 points 5 months ago (2 children)

What a pos company

I really need to start to de-google my life

[–] onion@feddit.de 24 points 5 months ago* (last edited 5 months ago) (1 children)

Check out https://www.privacyguides.org, they have a bunch of useful info and recommendations.

Remember, it's not an all-or-nothing situation, every step you take away from google helps. And you can always reevaluate later, and take time to figure out what works best for you.

load more comments (1 replies)
[–] sugar_in_your_tea@sh.itjust.works 19 points 5 months ago (6 children)

Do it!

I'm still working on it, but I've cut out quite a bit. Start with Chrome, and work your way down.

When you get to email, Gmail has a very convenient forwarding feature so you can forward all email to the new one while you change accounts and whatnot. I made a new account elsewhere, and I have a separate folder for email from my old Gmail and my new email. Every so often I'll go fix an account or two, so I'm making steady progress.

For me, docs/drive is the hardest, so I'm doing it last. I'm playing with self-hosted options, and am still in an adjustment period.

[–] QuadratureSurfer@lemmy.world 15 points 5 months ago (10 children)

Getting away from Google Maps has been a tough one. There aren't many options there, it's either Google, Apple, Microsoft, or OpenStreetMap.

I've been contributing to OSM for my local area as much as possible to update businesses and their opening hours, website, etc., but it's not a small task.

[–] onion@feddit.de 5 points 5 months ago (1 children)

I've been getting around quite well on OrganicMaps, but it does lack live traffic information

load more comments (1 replies)
load more comments (9 replies)
load more comments (5 replies)
[–] Talaraine@fedia.io 44 points 5 months ago (1 children)
[–] gdog05@lemmy.world 20 points 5 months ago (1 children)

Great reference. Also, you can do gifs in Lemmy. Not sure if everyone knows that or not.

load more comments (1 replies)
[–] the_crotch@sh.itjust.works 37 points 5 months ago

Ok I'll delete it. Thanks Google.

[–] tsonfeir@lemmy.world 35 points 5 months ago (6 children)

Which of you fools still use Google products?

[–] PrincessLeiasCat@sh.itjust.works 20 points 5 months ago (1 children)

Sometimes we have to for work. That or Edge :(

[–] tsonfeir@lemmy.world 12 points 5 months ago (1 children)

Your IT department should be very concerned

[–] Grippler@feddit.dk 11 points 5 months ago (4 children)

The IT department are the morons enforcing that shit.

load more comments (4 replies)
[–] callmepk@lemmy.world 9 points 5 months ago (1 children)

I have to use for work, because all our customer only uses chrome or chrome-based browser :(

[–] tsonfeir@lemmy.world 11 points 5 months ago

Show them the way!!! … to Firefox.

load more comments (4 replies)
[–] thejml@lemm.ee 31 points 5 months ago (1 children)

I choose to just continue not having it in the first place. I uninstalled it from my work PC a year ago and never put it on either personal install. Definitely haven’t missed it.

[–] Lost_My_Mind@lemmy.world 17 points 5 months ago (1 children)

But you're missing out on all those privacy violations, and spying!

[–] jabathekek@sopuli.xyz 6 points 5 months ago

Yeah, no one's thinking of the exhibitionists! For shame!

[–] NutWrench@lemmy.world 28 points 5 months ago

So . . . exactly what stealth crap is hidden in the Chrome "update?"

" . . . but it’s also the day Google started to pull the plug on many Manifest V2 extensions as its rollout of Manifest V3 takes shape."

Ahhhh, there we go. Manifest 3 will break almost all Chrome adblockers.

[–] 2kool4idkwhat@lemdro.id 23 points 5 months ago (4 children)

Meanwhile my school still uses Chrome v109 since that was the last version that supported Windows 8

load more comments (4 replies)
[–] LinusOnLemmyWld@lemmy.world 18 points 5 months ago

chrome, hahaha

[–] chemicalwonka@discuss.tchncs.de 16 points 5 months ago

I already did 5 years ago

[–] Sam_Bass@lemmy.world 14 points 5 months ago

Awfully convenient for this to come along to coincide with.chrome new manifest change

[–] mechoman444@lemmy.world 13 points 5 months ago

HOW CAN I DELETE SOMETHING I DON'T HAVE!!!!

Screams in existential crisis

[–] granolabar@kbin.melroy.org 11 points 5 months ago (1 children)

Why foes government allow spyware on its own hardware?

load more comments (1 replies)
[–] StaySquared@lemmy.world 8 points 5 months ago

Amazing how these big corps hate freedom.

load more comments
view more: next ›