Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

121 comments

Yeah! (1, Offtopic)

bfmorgan (839462) | about a year and a half ago | (#42378703)

Thank you

c0cKg0BbLEr (-1)

Anonymous Coward | about a year and a half ago | (#42378773)

you're a fucking AIDS infested faggot. FOAD!

Re:Yeah! (4, Informative)

BitZtream (692029) | about a year and a half ago | (#42378779)

Whats to get excited about, this just causes problems for legitimate extensions.

Fact: Dirty/Malware extensions can work around it by just sitting whatever flags need to be set where ever they need to be set to make Chrome think they are approved.

Fact: Legit extensions installed with other software will now at the minimum need an annoying popup to allow them, or worse, digging through menus to figure out how to term them on instead of 'just working'.

Fact: Google will exempt itself from this practice.

As someone who wrote extensions for Firefox until we got tired of supporting its broken every release API, it was trivial to work around this sort of crap with firefox, the same will be true of Chrome.

Re:Yeah! (5, Insightful)

dreamchaser (49529) | about a year and a half ago | (#42378845)

You're so right. We should also leave all of our doors and windows unlocked because face it, a determined intruder will just find a way in, and we could be blocking legitimate friends and family. We might actually have to get up and answer the door!

Re:Yeah! (3, Insightful)

jhoegl (638955) | about a year and a half ago | (#42378903)

There is such a thing as user fatigue.
If you keep harping at the user about every little thing they will just accept without reading and move on.
So in what way have you empowered the broad user base by adding this?
Treating the symptoms instead of finding the cause is the problem. Although there is no easy way to solve this particular riddle, the solutions provided do nothing to educate and help the user.

Re:Yeah! (4, Insightful)

Johann Lau (1040920) | about a year and a half ago | (#42379071)

SOME users experience fatigue and click themselves into deep shit, others pay attention and click themselves out of it.

If you keep harping at the user about every little thing they will just accept without reading and move on.

And what is lost compared to not even having the choice? That's like initializing user_fatigue with the maximum value.

So in what way have you empowered the broad user base by adding this?

As I just said, you give each user the choice how much of an idiot they want to be, instead of forcing ALL users to be idiots.

Re:Yeah! (5, Interesting)

Albanach (527650) | about a year and a half ago | (#42379269)

SOME users experience fatigue and click themselves into deep shit, others pay attention and click themselves out of it.

How many extensions do you think the average user wants/needs? I really don't see fatigue being much of an issue with browser extensions. A user should only be seeing a couple of warnings a year.

If the click through presents a warning and defaults to No, then users are much more likely to opt-out, clicking themselves to safety. Even better if there's a 'don't let this site bother me again' option.

Re:Yeah! (4, Interesting)

Johann Lau (1040920) | about a year and a half ago | (#42379337)

How many extensions do you think the average user wants/needs? I really don't see fatigue being much of an issue with browser extensions.

Same here, so don't ask me :P

I think saying "user fatigue!" is really just the last FUD straw of someone who doesn't like that Google made an innocent good move for a change. There is nothing wrong with this change, which is why the "arguments" against it are so desperate and funny. I can sympathize with that, I'm all for being unfair to Google haha, but this is too much of a stretch.

Fuck "user fatigue" - unless you mean being tired of users, then more power to you, of course. Look out for the disabled, for those who need help, and of course streamline stuff where it makes sense. But fuck catering to lazyness and mindlessness. If most people are lazy then most people are obsolete. I don't think they are, but that's what I respond to that argument. Ignore them now before they feel even more entitled. Personally, I'd be all for hunting them down (not being lazy and all that), but I am willing to compromise.

Re:Yeah! (2)

hairyfeet (841228) | about a year and a half ago | (#42380349)

How about simply having a checkbox that says "trust installs by this publisher" and call it a day? why not that? on the one hand i don't want to be clicking my ass off and on the other hand i don't want shit installing silently, so why not a compromise?

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42379341)

Sadly, I've heard this exact approach to security in numerous work environments.

Re:Yeah! (4, Insightful)

cbiltcliffe (186293) | about a year and a half ago | (#42379351)

When your "lock" consists of a lever with a little sign saying "push this lever if you're supposed to be here" you might as well leave it unlocked....

Re:Yeah! (1)

satuon (1822492) | about a year and a half ago | (#42380347)

Yes, but the lever would be on the INSIDE side of the door.

Re:Yeah! (2)

Vegemeister (1259976) | about a year and a half ago | (#42379701)

Windows users still install programs by downloading executables from the internet and running them as root. It doesn't matter what we do to our windows and doors when one wall of our house is missing.

Re:Yeah! (1)

wvmarle (1070040) | about a year and a half ago | (#42381705)

That's sensible, for the lack of anything resembling a Linux distribution's repository for Windows. I've before been told here on /. that "Google is your repository/app centre" - i.e. search for the software on Google and download it. That's just the way it goes in the Windows world. And to get Firefox, I happen to know to go to getfirefox.com but if I need say a pdf reader (not that bloated pos from Acrobat) then I'd also just go to Google, and select one or two of the top rated results, download it, run it, and hope for the best.

And Windows users have learned in the past that everything needs to be root to run properly... well that's by know more or less solved, still many users will run as root just because that's what they're used to, and it's convenient of course.

Re:Yeah! (1)

Tim Ward (514198) | about a year and a half ago | (#42380299)

Well, you could always follow the NRA's advice and get a gun and shoot everyone who walks through the door. You gotta gun, you don't need locks.

Re:Yeah! (5, Insightful)

symbolset (646467) | about a year and a half ago | (#42378847)

Fact: silent browser extension installation is like a browser version of Microsoft's AutoRun. There is no reason why a legitimate extension needs to install without asking the operator for permission any more than a program on a disk or share needs to autorun on mounting the volume.

Re:Yeah! (1, Funny)

Anonymous Coward | about a year and a half ago | (#42378923)

Fact: saying fact before a statement makes it an inarguable universal truth.
Pro-tip: use the Fact: prefix before making stating any opinion in an online forum.

FWIW I happen to agree. But for $DEITY's sake, just state your case.

Re:Yeah! (2)

Maow (620678) | about a year and a half ago | (#42379473)

Fact: saying fact before a statement makes it an inarguable universal truth.
Pro-tip: use the Fact: prefix before making stating any opinion in an online forum.

FWIW I happen to agree. But for $DEITY's sake, just state your case.

Try reading the GP comment for the reason.

Hint: he (Symbolset) is responding to that poster's arrogance.

Hint #2: the GP's comment states 3 "facts" as though stating such that makes them inarguable truths.

FWIW, I agree that it's bad form, but it was a response-in-kind that you replied to.

Cheers

Re:Yeah! (5, Funny)

1u3hr (530656) | about a year and a half ago | (#42379651)

Pro-tip: use the Fact: prefix before making stating any opinion in an online forum.

And adding the "Period" suffix after your opinion makes it a universal truth. Period.

Re:Yeah! (2)

nogginthenog (582552) | about a year and a half ago | (#42380633)

This. Adding 'this' always makes the parent true.

Re:Yeah! (1)

nitehawk214 (222219) | about a year and a half ago | (#42381167)

This. Adding 'this' always makes the parent true.

"Yields falsehood when preceded by its quotation" yields falsehood when preceded by its quotation.

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42380641)

Pro-tip: use the Fact: prefix before making stating any opinion in an online forum.

And adding the "Period" suffix after your opinion makes it a universal truth. Period.

I don't believe you.
Fact: Your statement was not prefixed with the appropriate "Fact:" flag and is therefore untrustworthy. End of.

Re:Yeah! (1)

nitehawk214 (222219) | about a year and a half ago | (#42381153)

Pro-tip: use the Fact: prefix before making stating any opinion in an online forum.

And adding the "Period" suffix after your opinion makes it a universal truth. Period.

I don't believe you.
Fact: Your statement was not prefixed with the appropriate "Fact:" flag and is therefore untrustworthy. End of line.

Adding end of line at the end of your line makes you sound like you are the MCP. End of line.

Re:Yeah! (1)

S.O.B. (136083) | about a year and a half ago | (#42381387)

Fact: Using Fact and Period makes your point even more universally true. Period.

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42378997)

What about not legit ones? You're missing the boat there. Malware makers can come along and abuse it and probably have, hence why google is taking action (albeit only now).

Re:Yeah! (2)

girlinatrainingbra (2738457) | about a year and a half ago | (#42379571)

Same problem with auto-update on Firefox. At some point, I was running version X of Firefox off of a live-boot-usb-stick, and I hadn't configured Firefox completely, and I forgot to do it for a day. Next afternoon, my version of Firefox had updated to X+2 and then the next day it was updated to Firefox 17 with all of the googley-crap put back into the search box and all of the javascript options I had disabled being re-enabled and all of my addons such as adblock and noscript were disabled because the versions I had installed with saved .xpi files were not compatible with FF17. DAMN IT! If I wanted to fucking upgrade my version of FF I'd have done it myself. And upgrading the whole f*cking browser is fuckloads of worse shit than just sneaking in browser extensions. (Can you tell that I was pissed off? Still am, aren't I? Apologies to those with tender ears)

Re:Yeah! (1)

Anonymous Coward | about a year and a half ago | (#42379859)

So install the old version again? Really, not that hard. Of course, the old version most likely doesn't have security fixes, and the extensions you have can easily be updated, but where's the fun in that?

Re:Yeah! (1)

girlinatrainingbra (2738457) | about a year and a half ago | (#42379891)

Actually, I could just reboot the live stick, then run my reset script with my archived settings. But this one particular archive had been saved before I remembered to disable the autoupdate features in FF. Read VortexCortex's comment below, which I wholeheartedly agree with. A sane default option is to "opt in" to auto-updates; it is insane and irrational to require "opting out" of auto-updates. That is the batshit insanity which Firefox has been setting up lately, just like MS Internet Explorer had been doing and the same idiotic crap that chrome was pulling allowing automatic updates to extensions without having the user make that selection. So my complaint is NOT about having to spend the time on installing the old version again. My complaint is the same as VortexCortex: wasn't this shit already solved decades ago and isn't the sensible option "opting in" rather than automatically allowing for updates and forcing people to find the third-subtab on the right-most tab of the "preferences" or "options" menu item of Firefox (which has variously appeared on the "Tools menu" or on the "Edit menu" on the FF menu-bar). Got it yet, madamoiselle anonymous coward?
;>p

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42379917)

You have anger issues.

Anger issues. (0)

Anonymous Coward | about a year and a half ago | (#42379993)

Anger issues? C'est vrai! Semms obvious to me. I think the tongue thrust out ( like so :>p ) and the fucking this and fucking that pretty much can be interpreted that way. Maybe the training isn't going well?

Re:Yeah! (1)

hairyfeet (841228) | about a year and a half ago | (#42380599)

Mind some advice? Install Comodo Dragon on the stick instead. Not only does it have all the same extensions Chrome has (since they both use the Chromium base) but there is but a single checkbox in options that says "do not check for updates" and once it is checked it will do just that, never check for updates. it also has the Privalert built in which lets you block tracking crap with a single click and the option of Comodo Secure DNS which will block many sites that have been infected from loading. Oh and no need to hunt down a "portable" version since they ALL have the option of being portable on install, just check the box that says you want it portable and point it at your stick.

I switched my portable FF for Dragon over a year ago and I'm quite happy with it, doesn't hardly ever touch the stick, has low rights mode which FF still hasn't adding even after 5 years, its just a really nice little browser. Oh and if you DO decide some day you want to update it Comodo almost never changes its UI, in fact since Dragon 5 (currently on V23) the only thing they moved was the dragon's eye from the right side to the left, that's it. so nice for those of us that hate having to play Where's Waldo with all the damned UI changes.

Re: Comodo Dragon (1)

girlinatrainingbra (2738457) | about a year and a half ago | (#42380955)

Thanks for the advice and the info about Comodo Dragon. I had not heard of it before your post. I may install it and give it a spin...
.
The wikipedia page on it ( http://en.wikipedia.org/wiki/Comodo_dragon [wikipedia.org] ) has more info about chromium vs. comodo though the last two items look like they were respun by someone who prefers google chromium, while comodo's page ( http://forums.comodo.com/help-cd/how-is-dragon-better-t67998.0.html [comodo.com] ) points out that google keeps track of the time it was installed (the better to track/identify you with?) and spins the usage of comodo's dns servers as a positive (hmmm....) rather than pointing out that the tracking aspects are just being transferred from google to the comodo group. Wikipedia page about Comodo has some interesting information about ( at http://en.wikipedia.org/wiki/Comodo_Group#2010_Affiliate_Registration_Security_Breach [wikipedia.org] ) a couple of problems with SSL certificate verification.

Re: Comodo Dragon (1)

hairyfeet (841228) | about a year and a half ago | (#42381267)

There is one MAJOR difference between Chrome and Dragon when it comes to Dragon and it is this: If you don't want to use Comodo Secure DNS? It asks you on install, simply say "no" and that is that. You can also switch it on and off at will in the options whereas last I checked there is NO easy way to just switch off the phone home in Chrome.

Now that said in the end you have to trust somebody somewhere to give you DNS, unless you are gonna run your own DNS server and not only is the Comodo Secure DNS pretty dang fast but I've seen plenty of times where it has stopped a page from loading because it had been infected with malware. Sure enough I would fire up a test box at the shop and let the page load and it was malware city.

But at the end of the day you can use as much or as little of Comodo's services that you want, its all easily switchable in seconds, and it fixes the two problems you were complaining about with FF while giving you some nice extras you can take or leave. If you prefer the Gecko engine they even have their own spin on FF called Comodo IceDragon. Its nice and has similar security features but it still uses more CPU and memory than Dragon proper.

At the end of the day I'm just a little shop guy that tripped over Comodo AV one day when AVG wasn't cutting the mustard and decided to see if they had more free stuff and found they had a ton and most of it was really good. Give it a spin, if you don't care for it just toss it in the recycle bin, no muss and no fuss. Oh and if you have to deal with infected boxes like I do might want to check out Comodo Cleaning Essentials, its free, gets rid of more nasties than malwarebytes IMHO, and also runs great on a stick, its a great tool to add to your toolbox.

Frankly the only real complaint I have about any of the Comodo stuff is they no longer support Comodo Time Machine, if you can find a copy it still works great on anything up to Windows 7 (as long as you don't have a dual boot, it won't screw anything up, just won't install on a dual boot) but they quit supporting it. Frankly if you deal with virus prone people its like a gift from the Gods, it lets you set up a hidden partition with daily snapshots (you can even lock a snapshot so you can have your very own OEM hidden partition, with all the drivers and software preloaded) so if they fuck it up beyond even booting you can tell them just push the home key on boot and in 20 minutes they are back up like nothing happened. great tool, damned shame they don't support it any longer as I haven't found anything that will let you make your own hidden OEM partition like that easily.

Re:Yeah! (4, Insightful)

VortexCortex (1117377) | about a year and a half ago | (#42379785)

There is no reason why a legitimate extension needs to install without asking the operator for permission any more than a program on a disk or share needs to autorun on mounting the volume.

Then explain Chrome's silent updates? By your logic there should be no reason why an application would update itself without operator permission -- Why, if it were small part of a larger system it could even bring the entire intranet down. What I see is friction between notification of updates and desire to have less notification noise. IMO, the best answer when there is a choice to make that involves users' usage is to let them decide:
An update for Chrome is available.
( ) Skip this update.
( ) Download the update and ask again later.
(o) Download and Install Automatically

[x] Remember this choice and don't ask again.
____

A plugin update is available for: NotScript
( ) Skip this update.
( ) Download the update and ask again later.
(o) Download and Install Automatically.

[_] Remember my choices for future updates.
[x] Make this the default for all plugins.
____

Status Notification:
42 Updates are being downloaded and installed. [Options...]

I thought we solved this shit in the 70's? You know, with our rocket science... The answer is almost never: Less Choice; It's almost always: Sane defaults & Discoverable options.

See also above comment by: girlinatrainingbra (2738457)

Re:Yeah! (3, Funny)

symbolset (646467) | about a year and a half ago | (#42379849)

Well I guess the only reasonable response to this is: don't eat lead-based paint chips. Your post has nothing to do with my post.

Re:Yeah! (1)

Anonymous Coward | about a year and a half ago | (#42380365)

There is no reason why a legitimate extension needs to install without asking the operator for permission any more than a program on a disk or share needs to autorun on mounting the volume.

Then explain Chrome's silent updates?

Chrome specifically asks to install itself (and make subsequent updates). Your argument makes no sense.

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42381361)

Then explain Chrome's silent updates?

When _you_ installed Chrome manually (!) you agreed also to silent updates. (Either right then or later through the update settings.)

It's not nearly the same thing as some extension installing itself without you knowing.

Re:Yeah! (1)

maxwell demon (590494) | about a year and a half ago | (#42379021)

The malware extensions only can do anything if they are already running. I'd expect Chrome to check the extensions before starting them.

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42379069)

I hope you're not developing extensions for browsers anymore.

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42379653)

OK, Dwight. Fact: using "Fact:" more than once per reply flags you as overly excited.

Re:Yeah! (1)

mwvdlee (775178) | about a year and a half ago | (#42380305)

Fact: Google will exempt itself from this practice.

Fact: TFA doesn't say this. Please back up your personal believes before stating them as if they were facts.

More importantly; this is all a trust issue. Chrome is Google's browser. Assuming Google trusts itself, I can see why they would exempt themselves.

I have a lock on my door to keep unwanted people out, but I have given myself a key to get in whenever I want because I trust myself not to steal from myself.

Re:Yeah! (1)

ericloewe (2129490) | about a year and a half ago | (#42380335)

It's a matter of principle. Windows doesn't automatically allow something to be run if it's signed by Microsoft, neither does OS X, as far as I've seen.

Re:Yeah! (1)

Chelloveck (14643) | about a year and a half ago | (#42381517)

Fact: Legit extensions installed with other software will now at the minimum need an annoying popup to allow them, or worse, digging through menus to figure out how to term them on instead of 'just working'.

"Legit extensions installed with other software"... Like that bullshit Ask Toolbar that got silently installed into Chrome when I loaded some crappy unrelated shareware the other day? Yeah, the world is sure going to lose out when that kind of anti-social behavior is made more difficult.

I can't think of any legitimate extensions that would be harmed by having Chrome open up with, "Hey, there's a new extension here, do you want to use it?" The only things that are going to suffer are the unwanted advertising / data mining extensions that survive only because people don't bother to uninstall them. Which they shouldn't have to do anyway, because the extension should never have been installed in the first place!

Re:Yeah! (0)

Anonymous Coward | about a year and a half ago | (#42381545)

There's no such thing as a silently installed legitimate extension.

Check out the Chrome 82 Beta (1)

EmagGeek (574360) | about a year and a half ago | (#42378727)

It's pretty awesome.

I'm on Chrome LightSpeed (1)

Anonymous Coward | about a year and a half ago | (#42378753)

Chrome 299729548 is even better.

Re:I'm on Chrome LightSpeed (1)

Anonymous Coward | about a year and a half ago | (#42378917)

Colonel Sandurz: Prepare ship for light speed.
Dark Helmet: No, no, no, light speed is too slow.
Colonel Sandurz: Light speed, too slow?
Dark Helmet: Yes, we're gonna have to go right to ludicrous speed.

Re:Check out the Chrome 82 Beta (0)

Anonymous Coward | about a year and a half ago | (#42378827)

I'll stick with Chrome "69" mouth 2 ass. It has /etc/host support => http://news.slashdot.org/comments.pl?sid=3336385&cid=42378727 [slashdot.org]

APK

Impossible (5, Insightful)

KiloByte (825081) | about a year and a half ago | (#42378729)

How exactly can they block silent installs if the process that wants to add the extensions has the same rights as Chrome -- or strictly higher? The other program can emulate whatever way Chrome uses to mark something as legitimately installed.

It's only a feel-good measure, that can stop only "nice" extensions which would play by the rules in the first place, and does nothing against malware or the operating system itself (looking at you, Microsoft).

Re:Impossible (1, Insightful)

BradleyUffner (103496) | about a year and a half ago | (#42378777)

Because the solution isn't perfect we should do nothing at all instead.

Re:Impossible (1)

grim4593 (947789) | about a year and a half ago | (#42378795)

Chrome could hash the extensions files upon proper installation and have an encrypted list of all valid extension hashes. That way an elevated process could move the files to the right folder locations but Chrome can choose not to evoke them if they aren't on the list.

Re:Impossible (3, Insightful)

larry bagina (561269) | about a year and a half ago | (#42378843)

An elevated process can also update the encrypted list.

Re:Impossible (0, Flamebait)

Anonymous Coward | about a year and a half ago | (#42378927)

An elevated process can also update the encrypted list.

Not if it's a super double-secret list behind 7 proxies!

Re:Impossible (0)

Anonymous Coward | about a year and a half ago | (#42379103)

Not if they don't have the encryption keys. It's basically DRM implemented for a good cause.

Re:Impossible (1)

someones (2687911) | about a year and a half ago | (#42379699)

we learned allready, that DRM will and CANNOT possibly work ;)

Re:Impossible (1)

KiloByte (825081) | about a year and a half ago | (#42380431)

They do have all encryption keys Chrome could possibly have -- and if they'd be stored remotely, they are in the same position wrt asking Google's servers.

Re:Impossible (0)

Anonymous Coward | about a year and a half ago | (#42378851)

Chrome could hash the extensions files upon proper installation and have an encrypted list of all valid extension hashes. That way an elevated process could move the files to the right folder locations but Chrome can choose not to evoke them if they aren't on the list.

Where is this encrypted list and its key stored? The other process can, since it has the same privileges, access both and modify the list (even if encrypted) the same way Chrome would.

Re:Impossible (4, Insightful)

ohnocitizen (1951674) | about a year and a half ago | (#42378801)

Stopping "nice" extensions is a step forward. This will make it difficult for 3rd party app developers who wanted to sneak extensions into Chrome to continue business as usual. Microsoft and malware authors will probably find ways to work around it, true. But reigning in bad behavior by people who otherwise play by the rules is still progress.

Re:Impossible (3, Interesting)

Anonymous Coward | about a year and a half ago | (#42378823)

One way is to keep record of installed plugins by user interaction on google server and recall the list and compare extension lists on startup.

Another way is to sign the extensions with a special per user key that is kept on google server. If key may also be kept on the user pc but needs a public private key signing system. The signing and reading key needs to be created on user plugin installation with all plugins re-signed with new signing key and then that key is destroyed leaving only the reading key. Trying to write over the reading key would make old plugin unreadable (or a special check file for cases with no plugins) and you can't create a signed plugin without the signing key. This still leave attacks left for listening but it's should be pretty rare for plugin installation, anyways kinda moot if a malware has great access to your pc.

Re:Impossible (2)

larry bagina (561269) | about a year and a half ago | (#42379053)

If Chrome can post a message to Google's server, Evil Plugin Installer can also post a fake message to Google's server. Your second choice sounds like a walled garden, which isn't bad, but it'll be messy to clean up after all those heads are blown...

Re:Impossible (0)

Anonymous Coward | about a year and a half ago | (#42379799)

I would think that the more steps that "Evil Plugin Installer" has to take, the better. Having anti-tampering within Chrome and using key exchange can provide more of a moving target that's a bit harder to hit.

Re:Impossible (4, Insightful)

TheLink (130905) | about a year and a half ago | (#42379059)

This is setting a new intended default behaviour - e.g. extensions should ask permission. If you bypass this it makes it harder to argue that your extension isn't malware.

Most people and the Courts treat things differently depending on whether you broke a lock to enter a place or the door wasn't even latched in the first place.

Re:Impossible (1)

KiloByte (825081) | about a year and a half ago | (#42380445)

Except that your average malware toolbar does ask for permission when whatever software it is attached to is being installed. It will just helpfully save you from having to do another step, after you click "ok" to "install and enable XXX?".

Re:Impossible (1)

Johann Lau (1040920) | about a year and a half ago | (#42379083)

Why would malware in the system itself bother with a Chrome extension? What does that give you that you don't already have? Honest curiosity.

can stop only "nice" extensions which would play by the rules in the first place

Nah. There are plenty of "hey, it's just some ads/game/whatever, we from value add corp LOVE our customers!" extensions. Of course they're not "nice", but they otherwise use the standard process for extensions, and aren't malware by any stretch of the imagination.

Re:Impossible (3, Insightful)

techno-vampire (666512) | about a year and a half ago | (#42379203)

...and aren't malware by any stretch of the imagination.

I don't know about you, but personally I find it hard to believe that any extension that installs itself without notifying the user has that user's best interests at heart. Even if they're not actually malware, they're probably doing something their author doesn't want us to know about and that's enough to make sure that I, for one, would never trust them.

Re:Impossible (1)

Johann Lau (1040920) | about a year and a half ago | (#42379293)

That still doesn't make them malware in the stricter sense (all malware is evilware, but not all evilware is malware) Certainly when talking about bypassing the browser via having the OS infected.. if you have *that*, you can do anything; sure it'd be *nicer* to have an extension that makes grabbing web passwords super simple, but you don't really *need* it; you can already monitor all traffic, take screencaps, log keys, do whatever.. so what's the point of using root to install a chrome extension?

I honestly wonder if I have missed something, or caught a completely bullshit argument at +5... what could Chrome do about any of that, anyway? How is this move worse than any other they could have done instead? One might as well say this doesn't help in the cases where the user is forced to click "yes" at gunpoint: that would be correct, but more importantly an idiotic argument. And I kinda hate Google, fuck their browser and the fucked up "web middleman" ads for it; this is still a good move with no real downsides, so wtf.

Re:Impossible (1)

KiloByte (825081) | about a year and a half ago | (#42380421)

The typical scheme on Windows is, one of ten "Ok" dialogs during installing an unrelated piece of software instead says "install Bonzi Buddy Toolbar", and you need to read them all carefully and press "cancel" instead, which most people fail to do. Or often, it's just a pre-checked check box on a long page.

All that will change is that the question instead of "install BBT?" will be "install and enable BBT?".

Re:Impossible (2)

mysidia (191772) | about a year and a half ago | (#42379661)

You can't. But this will interfere with network Administrators implementing a technical policy of pre-deploying specified extensions for all users.

The only solution I can think of right now is to ban Chrome; and only allow IE or Firefox; which will allow admin-deployed extensions.

Re:Impossible (1)

jopsen (885607) | about a year and a half ago | (#42380813)

It's only a feel-good measure, that can stop only "nice" extensions which would play by the rules in the first place, and does nothing against malware or the operating system itself (looking at you, Microsoft).

Most of the crap toolbars people install for internet explorer are semi legitimate... They can be removed, often, you install program X it'll ask you if you wish to add toolbar Y to IE. The guys behind these toolbars pray on the fact that people forget to click, don't install this useless crap toolbar...
Raising the bar and forcing people to make the actual choice is a good idea.

Most of these toolbars are not removed by Anti virus, because they are perfectly legal, Yahoo toolbar is a good example.

Granted I haven't used windows for years, but back then it was a problem with IE, I wouldn't be surprised if Google wants to avoid that situation for Chrome... After all they used to make Google toolbar for IE, which is just as bad, so they should know what they are doing...

hey (-1)

Anonymous Coward | about a year and a half ago | (#42378749)

Just wanted to poke my head in here and say that I unequivocally support Adolf Hitler's polices especially with regard to the so-called "holocaust".

Thanks for your time in reading this!

Good day!

I'm not sure I understand... (1)

Slyfox696 (2432554) | about a year and a half ago | (#42378763)

I'm not sure if I fully understand the ramifications here...what exactly will this mean for my Firefox?

Re:I'm not sure I understand... (0)

Anonymous Coward | about a year and a half ago | (#42378783)

Means you have to update the version number.

I suggest adding a 3000.

Because that's cooler.

Re:I'm not sure I understand... (1)

rudy_wayne (414635) | about a year and a half ago | (#42378891)

Means you have to update the version number.

I suggest adding a 3000.

Because that's cooler.

Actually, you've hit on a good idea. Just like Netscape Navigator skipped from version 4.7 to 6 so they could jump ahead of Internet Explorer 5, Firefox should return to that practice. The next version of Firefox should be 29. Then they will be forever cooler and more modern than Chrome.

I'm serious.

Re:I'm not sure I understand... (1)

maxwell demon (590494) | about a year and a half ago | (#42379003)

Actually, they could restrict version numbers to be prime numbers afterwards, then they will appear to progress much faster.
Although ... thinking about it, they probably would soon reach primes so large that they would face export restrictions from the version number alone. :-)

Re:I'm not sure I understand... (0)

Anonymous Coward | about a year and a half ago | (#42379007)

No, no, no. All versions of every application should be 11.

Re:I'm not sure I understand... (1)

someones (2687911) | about a year and a half ago | (#42379721)

no. 42 or 1337

Re:I'm not sure I understand... (1)

Zontar The Mindless (9002) | about a year and a half ago | (#42380497)

Actually, you've hit on a good idea. Just like Netscape Navigator skipped from version 4.7 to 6 so they could jump ahead of Internet Explorer 5...

I'm guessing you weren't around at the time, because there were in fact two versions of Netscape 5.0 [wikipedia.org] , which you could download and play with (and I did; and I therefore take serious issue with the implication by the Wikipedia article that no binaries were ever built/released).

In any case, you're wrong. NS 5.0 was scrapped because they junked the the old codebase. NS 6.0/Mozilla (the latter of which eventually became Firefox) was a complete rewrite.

That UI is getting tired. Anyone agree? (1)

bogaboga (793279) | about a year and a half ago | (#42378781)

While I love the Google's Chrome browser, it is my opinion that its UI is getting tired. Anyone agree? A refresh wouldn't do any harm at this point. Would it?

Re:That UI is getting tired. Anyone agree? (3, Insightful)

Anonymous Coward | about a year and a half ago | (#42378831)

Have you learnt nothing?

Re:That UI is getting tired. Anyone agree? (1)

Seumas (6865) | about a year and a half ago | (#42379073)

To be frank, I don't know what other UI you could implement. It's a web browser. It has some tabs and some forward and back buttons and a giant viewport.

Re:That UI is getting tired. Anyone agree? (2)

Nimey (114278) | about a year and a half ago | (#42379169)

No. I'm not wild about the three-bar option button, but the rest is OK.

Re:That UI is getting tired. Anyone agree? (0)

Anonymous Coward | about a year and a half ago | (#42379875)

I wish they would just stop incompetently rolling their own UI. When you've got no taste you shouldn't be designing UIs in the first place, and moreover if the user has changed the system colours or installed a different theme it's crass not to use it.
(Yes, I'm aware you can install custom theme's in Chrome. But they're really limited, for example the window buttons in the top-right will always look like crap, as will many other things in the browser. Default behaviour should be to draw everything using the system theme.)

I'm done with Chrome. (0, Flamebait)

Jackie_Chan_Fan (730745) | about a year and a half ago | (#42378791)

Firefox and even IE10 are both far better

IE10 needs an extension to block flash ads though.

Trolls are everywhere!!! (4, Insightful)

Anonymous Coward | about a year and a half ago | (#42378841)

Someone needs to get a handle on these trolls on this site or I'm calling the POLICE!!!!!

I think malda himself might be trolling and I'm SICK OF IT!!!

Re:Trolls are everywhere!!! (-1)

Anonymous Coward | about a year and a half ago | (#42378879)

Someone needs to get a handle on these trolls on this site or I'm calling the POLICE!!!!!

I think malda himself might be trolling and I'm SICK OF IT!!!

Dear Sir or Madam:

I have read your complaint and I fully emphathise with your plight. At this time, we have only one response: niggers!

Yours Truly,
Betty Humpter

Re:Trolls are everywhere!!! (0)

Anonymous Coward | about a year and a half ago | (#42381557)

And you don't think Malda -wasn't- trolling the site when he was in charge? What the fuck do you think people like Jon Katz and michael were doing here? To piss you off and keep you visiting so that he'd collect more ad revenue. Then he came up with the brilliant idea of making the articles themselves advertisements, though veiled ones...after a while he gave up on trying to hide it and a lot of the posts here were just out and out spam for X company of the week.

You might be sick of it to the point of holding down a key on your keyboard for an extended period of time!!!!!, EVEN USING CAPS!!!!, but the fact is this place wouldn't be around if it weren't for the trolls. They're what keep this joke of a site running, that and the people stupid enough to respond to them. There's no positive discussion here any more, there's no creativity or sense of community, there's just trolls and the people who take the bait. If you want anything more than that Slashdot really isn't the place you ought to be visiting.

What ? (-1)

Anonymous Coward | about a year and a half ago | (#42378971)

Why is GooG the most Gay company on planet Earth ?

XD

Adware? (0)

Anonymous Coward | about a year and a half ago | (#42379107)

Will this block auto installing adware such as Babylon and MyWebSearch?
Those infest almost every computer out in the open, installed with Firefox or Chrome.
People tend to click on DownloadLinks which are carefully crafted to look like legitimate downloads for the things they were looking for in the first place.

Re:Adware? (4, Interesting)

Todd Knarr (15451) | about a year and a half ago | (#42379347)

It should. The add-ons can be dumped into the folders, but the browser will leave them disabled and non-functioning until you manually enable them. At least until the adware makers start figuring out how to dig into the internals of the browser config files and modify things directly to convince the browser the add-ons have already been enabled. That's doable but not simple, so I expect it'll take a while for that to become common. And there's simple methods the browser can use to make that modification even more difficult, eg. tagging each enabled extension with an encrypted hash of the extension's file so that the adware would have to find the browser's encryption key before it could successfully modify the configuration.

Note that none of these will do anything about add-ons that convince the user to manually install them.

You can always (0)

Anonymous Coward | about a year and a half ago | (#42379177)

unplug the speakers

Chrome has versions? (0)

Anonymous Coward | about a year and a half ago | (#42379207)

I mean, I know Chrome is the reason that Mozilla went all crazy with their version numbering. But I gotta say, I've never once noticed just what version I'm running at any given time. And given the... unique design compared to classic browsers, I don't even know how I'd check.

Re:Chrome has versions? (1)

thaylin (555395) | about a year and a half ago | (#42379343)

"Customize and control Google Chrome" in the top right, the icon with the 3 bold lines, right below the Close X Then chose "about Google Chrome" It is basically the same as with any browser.

Version 25? (1)

rolfwind (528248) | about a year and a half ago | (#42379547)

What the hell. Since 2008?

Who the hell does their versioning? That's just pathetic.

Re:Version 25? (0)

Anonymous Coward | about a year and a half ago | (#42379621)

Does version 1.25 sound nicer? The version 1 dot does not add anything to this.

Re:Version 25? (1)

someones (2687911) | about a year and a half ago | (#42379745)

i am still in for versionschemes like this: yyyymmdd.hhmm-optionaltext/branch/whatever

Re:Version 25? (1)

Anonymous Coward | about a year and a half ago | (#42380511)

Fortunately, it's just you.

Re:Version 25? (1)

boarder8925 (714555) | about a year and a half ago | (#42379757)

I agree. They should adopt Android's naming scheme for Chrome. If they had to come up with a stupid moniker for a release every two months, I think they'd at least consider slowing their cycle.

Re:Version 25? (0)

Anonymous Coward | about a year and a half ago | (#42380543)

Parent must be modded Insightful by now by all the muppets who keep repeating this non-issue (IT IS A NUMBER, if you feel it is a fucking issue, divide it by 10) when it concerns Firefox.

why the fuck.... (0)

Anonymous Coward | about a year and a half ago | (#42379689)

were silent installs allowed in the first place?

Sounds like Productivity death for Chrome. (0)

Anonymous Coward | about a year and a half ago | (#42380153)

But what else isn't totally is going to crap these days? Hey I know I have this ten year, debugged, seasoned operating system working flawlessly and controlling 100 million dollars a year. Let's format that bitch and put windows 8 on, after all it's only $14.95. Who cares about 100 million a year....
Click to download "Crippled Chrome (El Diablo Snuf) for WIN (20MB installer) , MAC (34 MB sit file) , LINUX (10 MB tar.gz)
Here's my predicted Future for Chrome.

the SETTINGS in Chrome.
Settings | Extensions | Delete All Extensions
or about:extensions

Settings | Advanced | Randomly Delete and Turn on/off Extensions

the Chrome Nightly Devs
Settings | Advanced | Uninstall Chrome
or just about:uninstall

Hey I know, if I FIREWALL CHROME off from the web, it can't get updates!!
PERFECT!! Actually better yet, remove the possibility of using Extensions at all. e.g. No Extensions to begin with Close the source code and kiosk it so only people drooling will use it

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...