Killed by Google
-
Killed by Google: extensions that just happen to collide with its business model:
Extensions for Google Chrome use Manifest V2, a kind of rulebook that highlights what extensions can and can't do, or Manifest V3, an updated version. Google made major changes to Manifest V3, which limited certain kinds of extensions. Content blockers, such as uBlock Origin, were affected by the announced changes negatively.
Google claims up to today that the changes have nothing to do with limiting content blockers. The company's main source of revenue comes from advertising. Instead, Google says that the changes improve privacy and security.
-
Google claims something that blocks downloading content from the internet improves privacy and security. Impressive thinking.
-
@Zecc if you dig into the bowels of the change, it’s about extensions being able to tap into requests being made as they’re being made.
v2 allowed dynamic modifications to requests as they were being made and the argument is “this can be abused” but it’s also very very effective for filtering because you can do dynamic filters to strip tracking parameters out of URLs and stuff like that.
v3 clamps down on how much dynamic stuff can do (which could in theory have a performance impact) but improves some of the static stuff.
You can make the argument legitimately that it could improve security and privacy but in order to do so you also have to presume the Chrome Store is even worse at filtering crap extensions than they want to admit (which it is) and that you also have to take it in good faith that this is about security and privacy more than ad blocking.
-
@Arantor It might be a kneeling warthog. Anything you block by manifest is something you do not have to police in other, more expensive ways. It is theoretically possible they were blocking a lot of malicious addons which had in common that they doctored outgoing requests.
-
@PleegWat said in Killed by Google:
@Arantor It might be a kneeling warthog. Anything you block by manifest is something you do not have to police in other, more expensive ways. It is theoretically possible they were blocking a lot of malicious addons which had in common that they doctored outgoing requests.
Require pages with a manifest to be only able to load resources exactly as described by the manifest, including transitively via iframes and so on. That makes them much safer... and nearly useless for how most ad systems work so that's a win too.
-
@PleegWat said in Killed by Google:
@Arantor It might be a kneeling warthog. Anything you block by manifest is something you do not have to police in other, more expensive ways. It is theoretically possible they were blocking a lot of malicious addons which had in common that they doctored outgoing requests.
That’s their argument for this move. The fact it just so happens to knee-cap every major addon blocker plug-in is purely convenient for
Google.
-
@Arantor said in Killed by Google:
The fact it just so happens to knee-cap every major addon blocker plug-in is
purely convenient for Googlean unexpected and involuntary side-effect, your Honor.
-
@Arantor said in Killed by Google:
you also have to take it in good faith
There aren't enough s in the visible universe for that.
-
-
the co-founders of Fitbit will also be leaving
Between this and the direction Google were already taking Fitbit, I assume Fitbit will end up in this thread sooner rather than later.
-
@loopback0 said in Killed by Google:
the co-founders of Fitbit will also be leaving
Between this and the direction Google were already taking Fitbit, I assume Fitbit will end up in this thread sooner rather than later.
Maybe then Google will finally get the YouTube app to work well on Apple Watch
-
@izzion said in Killed by Google:
get the YouTube app to work well
on Apple Watch
-
@izzion said in Killed by Google:
YouTube ... on Apple Watch
-
@izzion said in Killed by Google:
Maybe then Google will finally get the YouTube app to work well on Apple Watch
if you see the ads, it's working well
-
-
@Zerosquare the Graveyard says 2012-2013 though.
-
-
Killed by Google: their own phones.
https://www.bleepingcomputer.com/news/google/google-pixel-phones-unusable-after-january-2024-system-update/
-
The issue is being reported by owners of numerous Pixel models, including the Google Pixel 5, 6, 6a, 7, 7a, 8, and 8 Pro,
But not the 7 Pro? Maybe I dodged the bullet. Or maybe my phone just hasn't installed that update, yet.
-
-
@Zerosquare said in Killed by Google:
Killed by Google: their own phones.
https://www.bleepingcomputer.com/news/google/google-pixel-phones-unusable-after-january-2024-system-update/The issue is being reported by owners of numerous Pixel models, including the Google Pixel 5, 6, 6a, 7, 7a, 8, and 8 Pro, suggesting that it isn't confined to a particular hardware architecture.
Oh, whew. I've got a Pixel 2.
Google Play system update
August 1, 2021
-
Google introduced Play system updates in Android 10 as a way to deliver crucial security updates and system component enhancements and protections in devices not running the latest patch level and those that have reached the end of support by the OEM.
Supposedly the Pixel 2 was updated as late as Android 11, so it would've had the update to allow it to continue receiving security patches. Ah well, not my circus not my monkeys
-
@hungrier said in Killed by Google:
Google introduced Play system updates in Android 10 as a way to deliver crucial security updates and system component enhancements and protections in devices not running the latest patch level and those that have reached the end of support by the OEM.
Supposedly the Pixel 2 was updated as late as Android 11, so it would've had the update to allow it to continue receiving security patches. Ah well, not my circus not my monkeys
Yeah:
Android version: 11
Android security updated: October 5, 2020
-
laughs over here on a 2018 model of iPad, introduced around the same time as the Pixel 2, still receiving iOS 17 updates.
-
at this point.... if it wern't for the fact that i need a TOTP authenticator app.... and work is forcing microsoft authenticator down my throat..... i would be seriously looking into getting a dumb phone. or just.... not having one at all. email works fine. the number of times i make phone calls in a year was..... seven in 2023. and five of those were span calls i picked up because they spoofed a number that looked a lot like a friend's.
-
@accalia said in Killed by Google:
if it wern't for the fact that i need a TOTP authenticator app
Those exist on desktop. (I tend to use the one built into KeePassXC, but there are certainly others.) And even on mobile/tablet, you don't necessarily need it to be the same device you use for anything else, or (if pure TOTP) one that has network access at all as long as you keep the time on it somewhat in sync. Basically rolling your own hardware token, which can be pretty cheap to free if you're looking for an old device that doesn't get updates anymore.
@accalia said in Killed by Google:
and work is forcing microsoft authenticator down my throat
Well, I just told mine I don't have a phone and they got me a hardware token.
@accalia said in Killed by Google:
getting a dumb phone. or just.... not having one at all
There are dozens of us! Just a dumb phone in the car for emergencies, and VoIP at home & office.
-
@pcooper said in Killed by Google:
Those exist on desktop.
if it was just that i'd probably get a hardware device. they exist too.... but desktop versions are also valid.
@pcooper said in Killed by Google:
Well, I just told mine I don't have a phone and they got me a hardware token.
I currently use a TOTP app and that's worked fine for the past five years.... and if i get locked out my response is likely to be "Look if you're making me get an app on my phone to access work you're fucking buying me a phone and data plan for that cause work shit aint' going on my personal phone. you got away with hanging out on my TOTP authenticator app cause that is passive and has no web connectivity.... you aint' getting away with an app that needs one byte of network traffic"
-
@pcooper said in Killed by Google:
Well, I just told mine I don't have a phone and they got me a hardware token.
I hear some people here told corporate that and they were told to install the windows app. Which doesn't work on linux.
I made my cost center buy me a new smartphone. Which I was already going to do because they're making us do oncall. All options medium high end and the samsung one came with dual sim.
The silly thing is I already have a 6-digit TOTP hardware token and two yubikeys, all from work, with one of the yubikeys still in active use. But for this it's apparently not good enough and they definitely need a full suite of Made in India crapps.
-
@pcooper said in Killed by Google:
Well, I just told mine I don't have a phone and they got me a hardware token.
My old phone was too old to run the authenticator app, so they gave me a hardware token. It needs to be replaced in the next couple of months, and since I have a new phone, they may force me to use the app instead. I don't know; I have to answer a questionnaire to determine whether I still need the token, and I haven't looked at it yet.
-
@accalia said in Killed by Google:
you're fucking buying me a phone and data plan for that cause work shit aint' going on my personal phone.
This!
(But without the typos. )
-
@HardwareGeek said in Killed by Google:
(But without the typos. )
:calping_hnads:
...
reluctantly :capling_hansd:
-
@accalia said in Killed by Google:
@pcooper said in Killed by Google:
Those exist on desktop.
if it was just that i'd probably get a hardware device. they exist too.... but desktop versions are also valid.
@pcooper said in Killed by Google:
Well, I just told mine I don't have a phone and they got me a hardware token.
I currently use a TOTP app and that's worked fine for the past five years.... and if i get locked out my response is likely to be "Look if you're making me get an app on my phone to access work you're fucking buying me a phone and data plan for that cause work shit aint' going on my personal phone. you got away with hanging out on my TOTP authenticator app cause that is passive and has no web connectivity.... you aint' getting away with an app that needs one byte of network traffic"
I understand the sentiment and the idea of fundamentally not giving an inch out of principle.
But in this case I'd much rather make my own life easier. I don't want a work phone. I don't want to carry a second phone that I don't otherwise need, which has the compute power of people's gaming chairs, probably runs Android, and will just end in a landfill at some point.
-
@topspin this is why we advocate for a TOTP solution that can also work with a desktop app or similar, so most of the benefits with less of the wastage, and ideally none of the personal liability.
-
@Arantor said in Killed by Google:
@topspin this is why we advocate for a TOTP solution that can also work with a desktop app or similar, so most of the benefits with less of the wastage, and ideally none of the personal liability.
I just looked it up and found that keepass-compatible apps (e.g. keepassium) offer TOTP functionality, but:
For security reasons, you should not keep your passwords and TOTP tokens in the same database.
-
@topspin sure, you generally shouldn’t. But that doesn’t stop you having a second database…
Or something like a Yubikey.
Maybe there’s even dedicated TOTP devices that could be used, scrubbed and repurposed after an employee leaves.
I get the desire to minimise waste but there is a very real need to separate personal and professional, at least in my experience. If credentials never cross that border, there’s never any potential to cry foul later.
-
@Arantor said in Killed by Google:
I get the desire to minimise waste but there is a very real need to separate personal and professional, at least in my experience. If credentials never cross that border, there’s never any potential to cry foul later.
Yup. And you don't want to install company-mandated software on your personal phone. Software that includes features such as remotely deleting everything.
-
@Zerosquare I don’t even want a generic brand authenticator app if it has company 2FA codes on it, let alone company mandate anything.
-
Killed by : viewing the cached version of results
-
@Zerosquare said in Killed by Google:
Killed by : viewing the cached version of results
-
@Zerosquare Aw, I used to use those to copy/paste magnet links from IP-blocked websites.
-
@topspin said in Killed by Google:
I don't want to carry a second phone
... what do you mean, "carry"?
I'd sure as hell not lug that thing around, it could stay at my desk which would be the only place I'd need it.
-
@ixvedeusi said in Killed by Google:
@topspin said in Killed by Google:
I don't want to carry a second phone
... what do you mean, "carry"?
I'd sure as hell not lug that thing around, it could stay at my desk which would be the only place I'd need it.
and if work or school is going to dictate i need an app on my phone to access my work then they will have to fucking buy me a phone to put the app on cause that shit ain't gonna go on my personal device and demand local admin and lockout and remote wipe of my PERSONAL phone.
I'll let you get away with a TOTP code in my authenticator app because i had that app anyway and it uses zero communication or network to do its thing, but a bespoke piece of
shitwareapplication? fuuuuuuck no is that going on my personal phone. i ain't even letting that onto my personal network. it's going on the guest wifi which is isolated to be able to talk to the internet and NOTHING else, just like the work laptop do. (Thanks IP KVMs and Manageable VLANS on my router.)
-
@accalia At least for accessing my work stuff from home (or elsewhere) I can just use a Chrome profile tied to my work account and that’s that. They can send me an SMS for 2FA if I try to log in from a new device, though.
-
@accalia :this_is_the_way.apng:
-
@Arantor said in Killed by Google:
@accalia :this_is_the_way.apng:
it's not that i dont' trust my coworkers not to click on a cryptolocker link and infect my network through the VPN..... but i dont' trust my coworkers not to click on a cryptolocker and utterly hose the work network.
so the work laptop stays air gapped, able to talk to the internet but none of my other PCs. sure, none of them are running linux nor serving SMB shares so any locker or malware prooooobably wouldn't get in, but why risk it?
-
@Atazhaia said in Killed by Google:
@accalia At least for accessing my work stuff from home (or elsewhere) I can just use a Chrome profile tied to my work account and that’s that. They can send me an SMS for 2FA if I try to log in from a new device, though.
SMS for 2FA is also acceptable...... until they sell the number or start spamming me..... it hasnt' happened yet, but i'm expecting it to happen soon....
-
So Google are making a new IDE to compete with VS Code, and it's called IDX.
What are the chances it has a year, maybe two, once launched?
Though it is cloud based so maybe it has a longer shelf-life if Google can convince people to pay for it.
-
@Arantor said in Killed by Google:
What are the chances it has a year, maybe two, once launched?
Hey! No spoilers!
-
@Arantor said in Killed by Google:
So Google are making a new IDE to compete with VS Code, and it's called IDX.
What are the chances it has a year, maybe two, once launched?
Though it is cloud based so maybe it has a longer shelf-life if Google can convince people to pay for it.
You expect it to get launched?
-
@izzion it's already in limited preview - you know, the GMail style early beta.