Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Google Starts Blocking Extensions Not In the Chrome Web Store

mgiuca Re:Developer Mode still can install (225 comments)

Disclosure: I am a full-time engineer on the Google Chrome team. Sorry, but your solutions don't work -- believe me, we didn't want to do this but it was done to prevent malware injections and not to stop users from installing software they want (which is why we only block it on Windows, and we don't block it on Dev or Canary channels).

a) Block the extensions that don't come through the app store, but let the user enable them one by one -- without scary 'developer mode' (and opening up the floodgates)

Unfortunately, if we just let the user manually override the blocking, we would have to store that choice in a preference file. Malware on your computer could easily install a bad extension and set the override flag in the preference file, making the blocking effectively useless.

This is why the only way the user can opt in to side-loading (by turning on developer mode) prompts scary warnings every time you open Chrome -- so that if malware does this, users will know something is up. We can't let you opt in to side-loading and be silent at the same time.

b) Reputation systems -- allow 'reputable' extensions; revert to a) above for the rest. Google and the AV vendors don't want to get their hands dirty classifying useless shit nobody wants as the useless shit nobody wants, fine let the 'community' handle the reputation.

The reputation system just moves the responsibility around, but still fundamentally has the same problem. Now you need to run a full-time service that records the reputation for each extension, and needs to be resilient to gaming (for example, having a malware author controlling a botnet spam the reputation server with good reviews to increase their score).

And for anyone who really wants it, they can manually enable it.

That is exactly what the "developer mode" switch is for. Again, we can't have a preference to enable side-loading without also letting malware turn it on for unsuspecting users, unless it gives a scary warning. There are other ways to enable side-loading without having to see the warning every time you start Chrome:
- Use Mac OS or Linux.
- Use Dev or Canary channel.
- Use Chromium instead of Chrome.
I hope one of these solutions are acceptable.

about 2 months ago
top

Chrome 33 Nixes Option To Fall Back To Old 'New Tab' Page

mgiuca Re:Also in Chrome 33: Welcome to Walled Garden (125 comments)

This is simply not true. I've been an extension developer for quite a long time, and I've always hosted a beta version of my extension outside CWS, with auto-update, using update_url key in the manifest.

Ah OK. I didn't know about this feature. Then yeah, I guess your users won't be able to use that unless they're on dev.

about 5 months ago
top

Chrome 33 Nixes Option To Fall Back To Old 'New Tab' Page

mgiuca Re:Also in Chrome 33: Welcome to Walled Garden (125 comments)

(Disclosure: I am a Google Chrome engineer.)

It's not like I don't understand the problem, I've seen rampant Chrome crapware on clueless people's computers. But this is heavy-handed.

I'm glad you understand the severity of the problem. We took no joy in introducing these restrictions, but I think we made a good compromise between security and user freedom. If you don't want the extension side-loading policy, you have a number of options:

  • Use Mac or Linux.
  • Use Dev channel (but have potentially unstable code).
  • Load your extensions unpacked (but have Chrome warn you every time you start up).
  • Use Chromium (missing various features, but the option is there).

None of these options are ideal, but there are numerous escape hatches for people determined to side-load. The point is to stop side-loading in the default case only, where people are getting unknowingly infected. I would call this as far from "heavy-handed" as possible while still being effective.

or are content with loading extensions unpacked, with no auto-update.

Non-Web-Store extensions never had auto-update to begin with. The only difference between loading unpacked and side-loading is that it's a bit trickier to install unpacked, and Chrome will warn you every time you start up.

about 5 months ago
top

Valve Working on GNU/Linux Native Open Source OpenGL Debugger

mgiuca Re:Open Source! At least it isnt DRM laden like St (88 comments)

I actually wonder why GOG doesn't improve their downloader app into a full Steam competitor, which automatically downloads, installs and keeps your games up to date. It wouldn't imply adding DRM -- you could still download the stand-alone .exe installers, and the GOG client could have a "save as .exe" button. Because as it stands, I have to keep making this trade-off between properly DRM-free games (GOG, and Humble Store for that matter, which is also nice in that it supports Linux) and the convenience of having a one-click download/install and always-up-to-date experience (Steam).

about 6 months ago
top

Adware Vendors Buying Chrome Extensions, Injecting Ads

mgiuca Re:Great (194 comments)

Hi, thanks for the details. Would you be able to file a full bug report by going to:
http://crbug.com/new
Just fill in the required fields (such as operating system, Chrome version, etc) and then paste what you told me here. Thanks.

about 6 months ago
top

Adware Vendors Buying Chrome Extensions, Injecting Ads

mgiuca Re:Great (194 comments)

Is the extension installed from the Web Store, or side-loaded? Either way, if you are sure there is no malware, I would appreciate a detailed bug report, because this is certainly not the intended behaviour. Thank you in advance.

about 6 months ago
top

Adware Vendors Buying Chrome Extensions, Injecting Ads

mgiuca Re:Great (194 comments)

Chrome developer here. If you are deleting your extensions and they are showing back up in a few minutes, you have malware on your system that is actively re-installing them (I have seen this in action).

Under normal circumstances, deleting an extension on one machine (assuming you have extensions sync turned on) will cause it to be deleted in your central account, and this delete will propagate to your other machines. Chrome won't push an extension back to your machine that you just deleted. Also, side-loaded extensions (ones that you didn't get from the Web Store) are never synced.

The problem is that many users have malware running in their system that continually installs a particular extension into Chrome, so if you delete it, it goes right back (through no fault of Chrome's). The only solution for now is to find and disable the malware. On Windows, we will soon be blocking side-loaded extensions to prevent this sort of thing from happening.

about 6 months ago
top

Valve Working on GNU/Linux Native Open Source OpenGL Debugger

mgiuca Re:Open Source! At least it isnt DRM laden like St (88 comments)

The difference with GOG is that with Steam games -- even those that don't use Steamworks -- you need to use Steam AND have a working Internet connection to install the game, so you are not truly separated from Valve's ecosystem. With GOG, you can download all the games you own, back them up to a portable hard drive, and then you can play all the games regardless of your Internet connectivity or GOG's continued existence, even if you change or wipe your computer. With Steam, you can only play these "DRM-free" games until you next need to re-install them for whatever reason.

Back in, say, 2000--2004, a game that needed the Internet to phone home during installation (but not every time you play the game) would have been considered an unacceptably intrusive form of DRM by some. It's funny how the public perception of DRM has changed so much that phone-home-on-install is no longer considered to be DRM at all. Well, it still is, because it's a server that controls your ability to use a product you have already paid for. Granted, it's relatively mild DRM, but it's still DRM.

I suppose that once you install a non-Steamworks game, you could manually grab the files and zip them up and archive them, but Steam doesn't make it easy. If you had, for example, used Steam's "back up game" feature, you would find that it requires a phone-home to restore the backup. In addition, Steam doesn't make it easy to play these non-Steamworks games without using Steam. All the Start Menu and Desktop shortcuts launch Steam with a particular game ID, not the game .exe directly, so using these shortcuts either requires that you are signed in to Steam, or have explicitly put Steam into offline mode. It's actually quite difficult for the average user to figure out how to run these so-called "DRM-free" games without Steam. So yes, GOG.com is absolutely more entitled to be praised as offering DRM-free games.

about 6 months ago
top

Myst Creators Announce Obduction

mgiuca Re:looks like one of the buildings on Myst island (103 comments)

Nope. After Myst was a huge success, Cyan put some of the money into building their own dream office from the ground up. The Cyan office is vaguely reminiscent of Myst, and not the other way around.

about 9 months ago
top

The W3C Sells Out Users Without Seeming To Get Anything In Return

mgiuca Re:Why all the fuzz... (348 comments)

You're missing the point. DRM is not bad for independent site authors (of course they can ignore it). It's bad for users because it restricts the set of browsers / operating systems they are allowed to use. That is not the point of the Web -- the point of the Web is that anybody can implement a free web browser using open tools and information. If this goes through, then I will have to use Hollywood-approved browsers to access the web. I won't have any "problems" as long as I use browsers Hollywood trusts with their keys. That is NOT how the Web is supposed to work.

Well, if you object to having DRM in the standard, then you should also have to object to anything in the standard that replaces stuff like silverlight and flash..

If you object to Hitler, you should also object to anybody else who has a moustache....

This is not like Silverlight and Flash, because those are not part of the web, they are separate plugins. True, a fully open system cannot access their content. But at least it's limited to content that loads up in a box in a plugin. Inviting DRM into the HTML standard means we could soon start seeing images that can't be saved to disk, text that can't be copied, etc, by simply using the same EME technology already established for video. Basically, I am worried that a lot MORE content will become DRM-encumbered now that the W3C has said it is okay.

about 9 months ago
top

The W3C Sells Out Users Without Seeming To Get Anything In Return

mgiuca Re:What to get? Copy protection only. (348 comments)

What do you mean "all it does is prevent copying"? You do realise that everything that a computer does is copying, right? Watching a video is copying, therefore, DRM prevents watching videos unless certain specific circumstances are met. You said it yourself:

All this mechanism should do is restrict a container of content to one or more specified devices.

How is that an appropriate mechanism for the Web? The Web is supposed to work on all devices. If there is a device that the Web doesn't work on (assuming it is technically powerful enough), I should be able to implement a Web browser on that device to make it work. I should not need permission from any company to do so. That is the whole point of the Web, and it's the reason it is better than all of the other proprietary Internet services (like AOL, MSN) that came before it.

about 9 months ago
top

Nvidia Removed Linux Driver Feature For Feature Parity With Windows

mgiuca Re:Thus: (237 comments)

I'd love to know whether that's a real quote from the Windows logo rules. Unfortunately, a Google search for the text returns only one result: this comment. [Citation needed]

about 10 months ago
top

Tim Berners-Lee, W3C Approve Work On DRM For HTML 5.1

mgiuca Re:MOD PARENT UP (307 comments)

Chromebooks come with instructions on how to both:
a) unlock the bootloader and boot into a version of ChromeOS that gives you access to the Linux file system, allowing you to run arbitrary binaries including a modified kernel or Chrome executable, and
b) install alternative operating systems including Ubuntu, as well as running Ubuntu in a chroot (see: Crouton) so you can switch between ChromeOS and Ubuntu without rebooting.

There is nothing user-hostile down about Chromebook's boot protection. They just come with the security enabled by default (and make it a bit tricky to disable it so that an ordinary user does not accidentally flip the switch off). That is totally different from hardware that physically does not let the user install custom binaries.

about 10 months ago
top

Ouya Android Game Console Launches, Quickly Sells Out

mgiuca Re:Xbox One (279 comments)

Every game on the OUYA can be tried for free. You don't have to put a credit card in to start downloading apps from the store.

Actually, it seems about half of the Kickstarter backers (myself included) are being forced to enter their credit card info just to get to the console's main menu.

My OUYA is sitting on my shelf, unused at the moment, because I refuse to put my credit card into it as I wait for a response from OUYA support. I have no idea why some people are getting in for free, and others of us are being forced to enter credit card info, but there had sure be a good explanation.

1 year,28 days
top

Is It Time To Enforce a Gamers' Bill of Rights?

mgiuca Re:Better off enforcing an EA boycott (469 comments)

+1 Thankyou for a clear and detailed description of Minecraft authentication. Makes sense that it's not DRM.

about a year ago
top

Is It Time To Enforce a Gamers' Bill of Rights?

mgiuca Re:Better off enforcing an EA boycott (469 comments)

I haven't tried Minecraft myself (I was turned off by the DRM). But I've read a lot of online discussions where someone claims there is online activation and they can't play while the server is down, and other people quickly come on to say it's not that bad. But it seems like there is DRM and while you can play single player offline, you cannot connect to servers even if they are local LAN. If that's true, it sounds disingenuous to say there is no DRM.

See: https://getsatisfaction.com/mojang/topics/why_is_there_drm_in_this_game_when_it_is_advertised_as_drm_free

Are you saying otherwise?

about a year ago
top

Is It Time To Enforce a Gamers' Bill of Rights?

mgiuca Re:Better off enforcing an EA boycott (469 comments)

Although Minecraft is DRM free, it still requires server-side activation.

That sounds like an oxymoron to me. All game developers like to tell you that their product is DRM-free. A "DRM-free" product means you'll get people like GP using your product as positive examples in debates about DRM. EA don't say that their product has DRM, they say it has exciting multiplayer capabilities, and that allowing offline support would ruin the game.

about a year ago
top

Valve: Linux Better Than Windows 8 for Gaming

mgiuca Re:Just greed. (768 comments)

What if it's too late by then? What if Microsoft wait until it's gotten to the point where every major software vendor is selling through the Windows Store and then cuts out sideloading? Why don't you ditch Windows now and be part of the solution, and not the problem?

about a year and a half ago

Submissions

mgiuca hasn't submitted any stories.

Journals

mgiuca has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...