Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 43

Thread: Chromium Browser Going Through Growing Pains In Ubuntu 14.04

  1. #31
    Join Date
    Feb 2013
    Posts
    239

    Default

    Quote Originally Posted by phoronix View Post
    Chromium 34 landed in Ubuntu 14.04 a short time ago and it's in the process of breaking NPAPI plug-in support for handling the Adobe Flash player plug-in and other common web plug-ins.
    I'm running Chrome version 34 on Linux. Flash has been working perfectly. Flash is built into Chrome using the Pepper APIs and does not use NPAPI.

    Is the Phoronix article just completely wrong? Or were they referring to some edge case where people explicitly want the NPAPI version of Flash rather than the Chrome-bundled version of Flash?

  2. #32
    Join Date
    Oct 2007
    Posts
    1,311

    Default

    Quote Originally Posted by strcat View Post
    Chromium is an open-source browser, while Iron is a closed source binary blob built from it just like Chrome. In fact, the creator of Iron admits to creating it as a way to earn advertising revenue by taking advantage of the naive media in his country. There is no 'spying' in Chromium that it turns off. It does ship with different defaults (no search suggestions, no phishing/malware protection) but these are features included in Firefox too (via the same Google services!).
    I see. Thanks for the info.

  3. #33
    Join Date
    Apr 2014
    Posts
    178

    Default

    I can't ever seem to stick with Chrome based browsers. I hate the rounded tabs.
    But I did stick with Srware Iron for a while and if I had to use a Chromium based browser that would be it.

    Personally I prefer FF28 atm. Will stick with it till the end and then switch to whoever picks it up after Mozilla dumps it for Australis. No friggin way am I accepting that crap(Australis)

  4. #34
    Join Date
    Mar 2011
    Location
    Canada
    Posts
    105

    Default

    Quote Originally Posted by DanLamb View Post
    I'm running Chrome version 34 on Linux. Flash has been working perfectly. Flash is built into Chrome using the Pepper APIs and does not use NPAPI.

    Is the Phoronix article just completely wrong? Or were they referring to some edge case where people explicitly want the NPAPI version of Flash rather than the Chrome-bundled version of Flash?
    Pepper Flash will continue to work fine in Chrome and in Chromium. Ubuntu even has a package for it in their repositories, but they can't ship it in a working state out-of-the-box, it needs to download it after the package is installed. The transition to Aura is going to break NPAPI plugins (Java, the out-of-date/unsandboxed non-Pepper Flash, etc.) on Linux since they use GTK2. Google plans on removing support for NPAPI by the end of the year anyway, so they're not going to reimplement it for Linux only to remove it again. Windows and OS X will retain the support longer.

  5. #35
    Join Date
    May 2013
    Posts
    618

    Default Right now I don't know of ANY non-Tor browser that is safe by default

    Quote Originally Posted by strcat View Post
    Firefox has Google auto-suggestions on by default. I'm not aware in differences in how it makes use of the Google anti-malware/anti-phishing API, so you elaborate on what you mean?
    I have to tweak all kinds of "about:config" options to kill leakage of unintended information: prefetch, geo, keyword all turned off, search engine list shortened to just duckduckgo and maybe Wikipedia, plus sandboxing it as aggressively as possible in Apparmor to cut off as much access to things like hardware information as I can. I have also stopped at Firefox 26, originally to keep out the default "partner" history tiles, now to keep out Australis. Looking forward to a fork, at least Mozilla can't erase their existing code from the Internet. Hell, last I recall DSL still uses a 2.xx version of Firefox.

    I don't use anti-phishing lists, but then again, I also would never bank or shop online, meaning I can guarantee that any email from any bank has to be phish, all of the time. If I had to purchase something online for unavoidable reasons, it would have to be by prepaid debit card to confine any losses to the value on the card. I've yet to see any way around that except social engineering tactics like the "London passport/airport scam," which comes from someone else's stolen account. Anyone getting such an email from me would know I never cross borders legally, nor use transit that searches bags, thus such an email would have to be phish.

    I would use Rekonq for everything, but it's just too easily fingerprinted. Fingerprinting also forces delays of any browser updates until after that version is common, but now I would not want to update Firefox at all unless 28 is still available and offers a security advantage over 26. Firefox 26 supports gstreamer H264 playback by default, preventing anyone from logging that Firefox is a version that does not support H264 but has been set to support it, an uncommon combination easily recorded by any site offering video.

    If it was not for brower fingerprinting, the answer would be to use a "minor project" lightweight browser distributed by authors not seeking to monetize their work, only offering for public use a browser they wrote for their own use. If nothing else zero-day exploits would be much less widely distributed, just as is the case with Linux on the desktop 99% of the time (heartbleed was a rare exception). Also, as in all software, the more features, the more bloat, so anti-features that serve only to monetize the browser slow initial loading of the browser even if they are all turned off. Maybe digging through the source and deleting all unwanted "features," then compiling would be the way to go? Hell, Torbrowser is just a hacked Firefox designed to crash if not connected to Tor and to be as hard as possible to track by fingerprinting, etc. When it counts I use Torbrowser, an example keeping Google from building a search history vulnerable to subpeona.

  6. #36
    Join Date
    Mar 2014
    Posts
    30

    Default No custom language suport after upgrade?

    Has anybody else encountered this problem?

    I have just updated to version 34 (Aura) in Ubuntu 14.04 and it seams that displaying in my native language is no longer available even if I have the language packages install. Spell checking works fine btw in both Romanian and English. It's just the interface that is in English only now...

    I also have to add that the theming sucks right now with aura but at least some of the old problems (like the bad font rendering and spacing for bookmarks entries, ugly bookmark icons or bad font size for text in the search bar) seem to be gone.
    Last edited by Adriannho; 04-17-2014 at 08:11 PM.

  7. #37
    Join Date
    Oct 2008
    Posts
    3,219

    Default

    Quote Originally Posted by DanLamb View Post
    I'm running Chrome version 34 on Linux. Flash has been working perfectly. Flash is built into Chrome using the Pepper APIs and does not use NPAPI.

    Is the Phoronix article just completely wrong? Or were they referring to some edge case where people explicitly want the NPAPI version of Flash rather than the Chrome-bundled version of Flash?
    The article is referring to Chromium, not Chrome.

    Chromium is open source code, and has no binary plugins shipped with it. You can't get the PPAPI version of flash in it, except by downloading Chrome, extracting the plugin, and then copying it over into Chromium.

    Which works, but it's kind of messy.

  8. #38
    Join Date
    Jul 2014
    Posts
    1

    Default That old "botnet" saw again? Here? Really??

    Quote Originally Posted by Pyra View Post
    Read further down in your own link.

    "The challenge was to show Chromium is a botnet and he just showed some tracking"
    (from the same Thread -- No. 39834062)
    this behavior is effectively blocked with Abine's Chromium/Chrome Add-on called DoNotTrack Me. It's available from the Google Play Store, but it blocks most Google "spyware". There is no "botnet" inside of Chrome or Chromium.

  9. #39
    Join Date
    May 2013
    Posts
    618

    Default No botnet, but still an extra server subject to subpeona or just plain sale of data

    Quote Originally Posted by rc primak View Post
    Read further down in your own link.

    "The challenge was to show Chromium is a botnet and he just showed some tracking"
    (from the same Thread -- No. 39834062)
    this behavior is effectively blocked with Abine's Chromium/Chrome Add-on called DoNotTrack Me. It's available from the Google Play Store, but it blocks most Google "spyware". There is no "botnet" inside of Chrome or Chromium.
    A botnet is a malicious example of distributed computing, not a tracking system. Hell I'd rather have an opponent using 20% of my GPU to mine bitcoin (as part of a botnet) than tracking my entire browsing history. Being part of a spam sending botnet is worse than being exploited to mine bitcoin, but still not as bad as having a copy of your entire surfing history exist ANYWHERE.

    That kind of tracking generates records vulnerable to everything from a subpeona to just plain sale to the highest bidder. If Google has a record of your surfing history and you have a Google account, full access is just a subpeona away, even in a divorce case. Twitter's geolocation records have been taken by subpoena and used in court against Occupy Wall Street, proving that this sort of thing is a threat. If you do NOT have a Google account, they would have this with a random number identifier that might be hard to subpeona, but bulk data collection could be cross-referenced against email accounts and you could be identified that way.

    If you don't what third parties getting your entire browsing history, you need to block things like "safebrowsing" and anything else that uses an online database for comparsion instead of a locally downloaded copy, You also need to block social network sharing buttons, or Facebook will have your entire surfing history except for those sites that have no Facebook elements within them. Even if you don't have an account with them they might be able to work out who you are by content of other pages. Needless to say I have never had a Facebook account, I agree with Stallman's advice to boycott them.

  10. #40
    Join Date
    May 2013
    Posts
    618

    Default No, I do NOT use Facebook or carry a running cell phone

    Quote Originally Posted by rikkinho View Post
    who cares?, you use facebook? or g+? or have a cellphone?
    All of these are no-nos when privacy comes first. I only use a dumbphone for outgoing calls, batteries out rest of the time as you never know if "off" is really off. No Facebook or Google accounts, in fact I block them in /etc/hosts so only Torbrowser can reach them to protect against links to them. Ghostery and NoScript stop their sharing buttons.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •