Announcement

Collapse
No announcement yet.

Chromium Browser Going Through Growing Pains In Ubuntu 14.04

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by phoronix View Post
    Chromium 34 landed in Ubuntu 14.04 a short time ago and it's in the process of breaking NPAPI plug-in support for handling the Adobe Flash player plug-in and other common web plug-ins.
    I'm running Chrome version 34 on Linux. Flash has been working perfectly. Flash is built into Chrome using the Pepper APIs and does not use NPAPI.

    Is the Phoronix article just completely wrong? Or were they referring to some edge case where people explicitly want the NPAPI version of Flash rather than the Chrome-bundled version of Flash?

    Comment


    • #32
      Originally posted by strcat View Post
      Chromium is an open-source browser, while Iron is a closed source binary blob built from it just like Chrome. In fact, the creator of Iron admits to creating it as a way to earn advertising revenue by taking advantage of the naive media in his country. There is no 'spying' in Chromium that it turns off. It does ship with different defaults (no search suggestions, no phishing/malware protection) but these are features included in Firefox too (via the same Google services!).
      I see. Thanks for the info.

      Comment


      • #33
        I can't ever seem to stick with Chrome based browsers. I hate the rounded tabs.
        But I did stick with Srware Iron for a while and if I had to use a Chromium based browser that would be it.

        Personally I prefer FF28 atm. Will stick with it till the end and then switch to whoever picks it up after Mozilla dumps it for Australis. No friggin way am I accepting that crap(Australis)

        Comment


        • #34
          Originally posted by DanLamb View Post
          I'm running Chrome version 34 on Linux. Flash has been working perfectly. Flash is built into Chrome using the Pepper APIs and does not use NPAPI.

          Is the Phoronix article just completely wrong? Or were they referring to some edge case where people explicitly want the NPAPI version of Flash rather than the Chrome-bundled version of Flash?
          Pepper Flash will continue to work fine in Chrome and in Chromium. Ubuntu even has a package for it in their repositories, but they can't ship it in a working state out-of-the-box, it needs to download it after the package is installed. The transition to Aura is going to break NPAPI plugins (Java, the out-of-date/unsandboxed non-Pepper Flash, etc.) on Linux since they use GTK2. Google plans on removing support for NPAPI by the end of the year anyway, so they're not going to reimplement it for Linux only to remove it again. Windows and OS X will retain the support longer.

          Comment


          • #35
            Right now I don't know of ANY non-Tor browser that is safe by default

            Originally posted by strcat View Post
            Firefox has Google auto-suggestions on by default. I'm not aware in differences in how it makes use of the Google anti-malware/anti-phishing API, so you elaborate on what you mean?
            I have to tweak all kinds of "about:config" options to kill leakage of unintended information: prefetch, geo, keyword all turned off, search engine list shortened to just duckduckgo and maybe Wikipedia, plus sandboxing it as aggressively as possible in Apparmor to cut off as much access to things like hardware information as I can. I have also stopped at Firefox 26, originally to keep out the default "partner" history tiles, now to keep out Australis. Looking forward to a fork, at least Mozilla can't erase their existing code from the Internet. Hell, last I recall DSL still uses a 2.xx version of Firefox.

            I don't use anti-phishing lists, but then again, I also would never bank or shop online, meaning I can guarantee that any email from any bank has to be phish, all of the time. If I had to purchase something online for unavoidable reasons, it would have to be by prepaid debit card to confine any losses to the value on the card. I've yet to see any way around that except social engineering tactics like the "London passport/airport scam," which comes from someone else's stolen account. Anyone getting such an email from me would know I never cross borders legally, nor use transit that searches bags, thus such an email would have to be phish.

            I would use Rekonq for everything, but it's just too easily fingerprinted. Fingerprinting also forces delays of any browser updates until after that version is common, but now I would not want to update Firefox at all unless 28 is still available and offers a security advantage over 26. Firefox 26 supports gstreamer H264 playback by default, preventing anyone from logging that Firefox is a version that does not support H264 but has been set to support it, an uncommon combination easily recorded by any site offering video.

            If it was not for brower fingerprinting, the answer would be to use a "minor project" lightweight browser distributed by authors not seeking to monetize their work, only offering for public use a browser they wrote for their own use. If nothing else zero-day exploits would be much less widely distributed, just as is the case with Linux on the desktop 99% of the time (heartbleed was a rare exception). Also, as in all software, the more features, the more bloat, so anti-features that serve only to monetize the browser slow initial loading of the browser even if they are all turned off. Maybe digging through the source and deleting all unwanted "features," then compiling would be the way to go? Hell, Torbrowser is just a hacked Firefox designed to crash if not connected to Tor and to be as hard as possible to track by fingerprinting, etc. When it counts I use Torbrowser, an example keeping Google from building a search history vulnerable to subpeona.

            Comment


            • #36
              No custom language suport after upgrade?

              Has anybody else encountered this problem?

              I have just updated to version 34 (Aura) in Ubuntu 14.04 and it seams that displaying in my native language is no longer available even if I have the language packages install. Spell checking works fine btw in both Romanian and English. It's just the interface that is in English only now...

              I also have to add that the theming sucks right now with aura but at least some of the old problems (like the bad font rendering and spacing for bookmarks entries, ugly bookmark icons or bad font size for text in the search bar) seem to be gone.
              Last edited by Adriannho; 17 April 2014, 07:11 PM.

              Comment


              • #37
                Originally posted by DanLamb View Post
                I'm running Chrome version 34 on Linux. Flash has been working perfectly. Flash is built into Chrome using the Pepper APIs and does not use NPAPI.

                Is the Phoronix article just completely wrong? Or were they referring to some edge case where people explicitly want the NPAPI version of Flash rather than the Chrome-bundled version of Flash?
                The article is referring to Chromium, not Chrome.

                Chromium is open source code, and has no binary plugins shipped with it. You can't get the PPAPI version of flash in it, except by downloading Chrome, extracting the plugin, and then copying it over into Chromium.

                Which works, but it's kind of messy.

                Comment


                • #38
                  That old "botnet" saw again? Here? Really??

                  Originally posted by Pyra View Post
                  Read further down in your own link.

                  "The challenge was to show Chromium is a botnet and he just showed some tracking"
                  (from the same Thread -- No. 39834062)
                  this behavior is effectively blocked with Abine's Chromium/Chrome Add-on called DoNotTrack Me. It's available from the Google Play Store, but it blocks most Google "spyware". There is no "botnet" inside of Chrome or Chromium.

                  Comment


                  • #39
                    No botnet, but still an extra server subject to subpeona or just plain sale of data

                    Originally posted by rc primak View Post
                    Read further down in your own link.

                    "The challenge was to show Chromium is a botnet and he just showed some tracking"
                    (from the same Thread -- No. 39834062)
                    this behavior is effectively blocked with Abine's Chromium/Chrome Add-on called DoNotTrack Me. It's available from the Google Play Store, but it blocks most Google "spyware". There is no "botnet" inside of Chrome or Chromium.
                    A botnet is a malicious example of distributed computing, not a tracking system. Hell I'd rather have an opponent using 20% of my GPU to mine bitcoin (as part of a botnet) than tracking my entire browsing history. Being part of a spam sending botnet is worse than being exploited to mine bitcoin, but still not as bad as having a copy of your entire surfing history exist ANYWHERE.

                    That kind of tracking generates records vulnerable to everything from a subpeona to just plain sale to the highest bidder. If Google has a record of your surfing history and you have a Google account, full access is just a subpeona away, even in a divorce case. Twitter's geolocation records have been taken by subpoena and used in court against Occupy Wall Street, proving that this sort of thing is a threat. If you do NOT have a Google account, they would have this with a random number identifier that might be hard to subpeona, but bulk data collection could be cross-referenced against email accounts and you could be identified that way.

                    If you don't what third parties getting your entire browsing history, you need to block things like "safebrowsing" and anything else that uses an online database for comparsion instead of a locally downloaded copy, You also need to block social network sharing buttons, or Facebook will have your entire surfing history except for those sites that have no Facebook elements within them. Even if you don't have an account with them they might be able to work out who you are by content of other pages. Needless to say I have never had a Facebook account, I agree with Stallman's advice to boycott them.

                    Comment


                    • #40
                      No, I do NOT use Facebook or carry a running cell phone

                      Originally posted by rikkinho View Post
                      who cares?, you use facebook? or g+? or have a cellphone?
                      All of these are no-nos when privacy comes first. I only use a dumbphone for outgoing calls, batteries out rest of the time as you never know if "off" is really off. No Facebook or Google accounts, in fact I block them in /etc/hosts so only Torbrowser can reach them to protect against links to them. Ghostery and NoScript stop their sharing buttons.

                      Comment

                      Working...
                      X