Issue (1) has been a long-standing issue and a prolonged back and forth [0,1] between NVIDIA and Xorg/Wayland devs about implicit and explicit synchronisation protocols. It looks like the explicit sync protocol is in the process of getting merged upstream and the 555 series driver [1] will take advantage of this so hopefully things are looking better. Problem with wayland is that all of the driver, xwayland and every compositor must support the new protocol but it looks like mutter, kwin and wlr will eventually support it. That being said there are constantly new paper-cuts appearing with the NVIDIA driver and Wayland support so who knows what will break with the new driver. Definitely not a pleasant experience. I'm not saying that AMD is smooth sailing but at least you don't have to fight the driver at every new release.
I'm afraid (2) will probably never work properly :-(
PrinceXML is expensive but I feel it's worth the money. I've used it to layout several RPGs with Markdown source files and HTML and CSS for templates and styling. RPG layouts can be quite complex with stat blocks and the like and it's handled everything I've thrown at it.
Nothing all that exciting, I'm afraid. The new director of InfoSec must have watched a Cable News Show about supply chain attacks, or something, so suddenly anything with package management - pip, npm, gem, etc - was banned from the official Windows policy. Since his flunkies didn't want to get nailed, they just went ahead and flushed any associated environments/runtimes too. It wasn't super consistent. It was, however, generally a surprise - you'd log in one Monday and whoops! Where'd my Python tooling go?
Now, ok, funny thing. Engineering could just get bare metal laptops, whenever they wanted, then blow the thrice-blessed CentOS image on it, and then do whatever the hell. So what happened - and this probably sounds real predictable - they used the CentOS machines to make all sorts of nutty crap, boxed it up, and then sent it back to their "official" Windows machines, now as a locked-in-amber config that never updates, even if five years later it had like fifty zero days in it and none of the libraries were good anymore.
I understand it took a new director and a LOT of meetings to explain whitelist mirrors for package managers, but I was long gone by then, even if I had a tiny hand in rolling out the demo whitelist mirror on-prem. Man, I had no idea what I was doing . . it still makes me shudder when I think of the things they were asking me to do.
I think that's a relatively simplistic way of viewing this. Although I don't disagree with the core argument, Google will always implement and ship "standards" that fit their business model or their vision of the web. A Chrome API becomes a defacto standard regardless of the state of consensus between engine vendors. Chrome can bulldoze through the standards process because of the massive amount of Chrome installations (and derivatives).
There are standards that have never been fully accepted by Mozilla [0] or WebKit (famously webusb for instance, because of security implications) but they are still in Chrome and now Firefox or Safari are effectively a "worse" browser because they don't support "standard" X that never reached consensus but Chrome implemented anyway. It always starts as an "experimental" feature under a config flag while the supposed discussion is taking place "just to see how it works, promise" before Google decides to remove the experimental flag and ship it. WEI started to play out exactly in the same way but given the massive outrage they decided it was too damaging to keep pursuing it (they still sneakily implemented it in Android WebViews).
So although I don't disagree that, yes Google has certainly improved on some things when it comes to standard processes they have abused their powerful position and continue to do so to push forward whatever they think it benefits them.
If there were peers out there beyond Mozilla, Apple, and Edge, I'd agree more. Safari has long been the web's boat anchor that keeps it from going anywhere. Mozilla has lots of good moments, but they also have been snotty meanspirited aggressive press hounds talking mad shit about sensor support, web USB, web midi, and other really amazing capabilities.
Google has no peers who are pro web. So them not having full consensus on what they do try bothers me not the slightest.
More RAM is always nice but I'm secretly hoping we'll start to see more ECC support in the future. With these humongous modules and even with a teeny tiny bitflip probability corruption chance becomes non insignificant.
Oh yes, I understand that. I only wish that ECC support in general starts getting more traction in consumer electronics. Nowadays (unless you go to super noisy super expensive server hardware) maybe with an AMD processor maybe a motherboard manufacturer will have a 20-links-deep document that says that these ECC modules may be supported, proceed at your own risk, might set your flat on fire, kill kittens etc. When you had a couple of gigs of ram it was probably irrelevant but if you have multiple TB of RAM caching file access ECC should become normalised.
Yea, the biggest downfall of ECC in computers was Intel intentionally disabling ECC in dies uses for the consumer processors and leaving it only for Xeons. As a way of forcefully keeping the market segregated.
AMD otoh has brought ECC to the table in Ryzens without the same shenanigans
I know some people won’t be happy until every laptop has ECC RAM and is super cheap, but the reality is that the demand for ECC RAM is very low. The majority of users would choose the extra battery life and lower price if given the option.
I looked and it's hard. Had to resort to reddit recommendations.
Nice circular reasoning. But nothing will change till we're not vocal enough about ECC benefits and shady pricing. I assure you though, it's not about my happiness :)
There’s lots of off the shelf laptops available with ECC memory, some even in slim form factors.
For desktops the entire Thinkstation lineup has ECC available to option or as standard.
For the higher priced models you cant even order them with non-ECC memory.
I think inline ECC (the module performs the ECC) is mandatory with LPDDR4 (the error rates on current silicon are too high to leave it out), but link ECC (between the CPU and the module) is optional.
Note that link ECC + inline ECC don't give you end-to-end protection, since the controller in the memory module can still flip bits. DDR5 is moving to on-die ECC (which, unlike DDR <= 4's side-band ECC) also isn't end-to-end.
I'd like to see side-band ECC continue to exist, but I think it is going to be phased out entirely.
This article defines all the terms, but is very vague about what things are mandatory, or how reliable the error correction schemes are. For instance, it carefully doesn't say that SECDED schemes detect all two bit errors, instead it says they detect at least some:
> I'd like to see side-band ECC continue to exist, but I think it is going to be phased out entirely.
I doubt it will be phased out for servers. I haven't seen anyone reporting that on-die ECC in DDR5 has a reporting mechanism, and reporting on ram errors is important for server reliability.
I really wish we’d just get in-band ECC on normal consumer platforms. That way we’d need no special DIMMs, in applications where ECC was desired it could be enabled and the capacity penalty would be paid, in other applications it could be disabled and no capacity would be lost.
I like this idea. 64gb of ram non-ecc, 48gb in ecc. Dynamic, succinct, and enables more supply chain cross over for not having two (three?) separate DIMM types.
On AMD ECC support is pretty much standard on every chip they make, and always has been. Even my shitty 4-core phenom from over ten years ago on an el-cheapo motherboard supported swapping it's regular DIMMs for ECC ones. You're never going to get ECC "for free" but it would be totally possible for everyone to pay the cost once and just move to ECC-only for everything from now on.
Except intel, the company that brought software-locked hardware features to x86, love to price-differentiate.
Having physical memory segments be different logical sizes at runtime depending on the ECC setting does not sound fun.
Having your system’s available memory fluctuate up and down based on how many segments are currently set to ECC also doesn’t sound fun.
Having developers manually turn ECC off for regions where it’s unimportant sounds like a lot of complexity for a relatively rare use case.
There is in-band ECC in some newer Intel designs, but it’s all or nothing. Adding extremely complexity to memory management to selectively disable it sounds like a lot to ask.
I think your reading depends on thinking "application" means "process", while another reading would be that an application is a particular deployed system, where this setting can be altered e.g. at the BIOS level.
It does, but this particular implementation is local to the module, and cannot be used for secondary purposes in addition to error correction, such as storing tag bits.
As a consumer does that matter? I understand server grade hardware wants the extra monitoring/diagnostic gizmos, but will the memory be corrected with the same efficiency as DDR4 ECC or is it an entirely neutered implementation?
I'm not sold on on-die DDR5 ECC providing protecting.
On-die ECC allowed DDR5 to be competitive with DDR4. Is it really protecting your data at rest if the DDR5 die is running at such tolerances that it's correcting single bit errors from internal signalling issues every transaction? It's only single bit ECC, if something else outside of the die(Cosmic Ray, sudden voltage change, sudden temperature change) induces a bit to flip while the internal circuitry causes a different bit to flip your data is now corrupt.
Is there any intuition about how frequently data-at-rest errors occur vs data-in-flight? Would the native DDR5 ECC get me 90% of the way there or is it so minor as to be effectively meaningless?
I assume it is going to take another decade to fully unwind Intel's ECC market segmentation. Trying to get a sense on if I should pay the ECC tax for my next build. Of course noting that as a consumer, I will probably never notice a flipped bit.
Runtime asserts and invariant checks in software can also help a lot with isolating bitflip errors. With a nice addition of also isolating effects of software bugs.
I don't know if it is significant. Runtime checks tend to focus on small but critical part of the data, like size fields. It usually doesn't check bulk data, like decompressed image data, or code, and it also may not be effective if data is in cache. Furthermore, it will only detect errors, not correct them. Also the performance cost is, I think, much higher than the extra RAM chip. Good coding practice for critical path in software, but clearly, it doesn't substitute for dedicated hardware.
I have had defective RAM, and I got quite a bit of corruption before the first crashes, it is hardly noticeable when it is just a pixel changing color in a picture, but it is still something you don't want. ECC would have prevented that.
I know there is software resistant on random bitflips, like for satellites exposed to cosmic rays, but it is a highly specialized field. It is also a field where they use special chips, typically with coarser (and therefore less efficient) dies that are more resistant to radiation. You leave a lot on the table for that.
ECC is better handled in hardware: most of the time it won’t happen, and the hardware can more easily interrupt the processor so the kernel can correct the problem or signal a fault if it’s not a correctable corruption.
Those only help isolate somewhat predictable errors. Which is rare for what ECC is designed to protect against.
If it’s a random, once in several billion reads/writes issue, it can just stop/identify the bad data from further propagating. Sometimes. That data is still lost.
ECC does forward error correction, which is extremely rare for the type of data protection you’re talking about. and if the data is corrupted in RAM (say when initially loaded/read) before the software can apply FEC, there is nothing the software can do.
I thought that the current wave of compiler correctness checking, zero-cost abstractions, JIT compilers and speculative processor behaviour were all about removing those "unnecessary" runtime asserts and invariant checks to get better performance.
But it does not have a means of reporting ECC triggers to the user from my understanding, which is really one of the most important parts.
When ECC starts tripping on a device outside of completely random times is when you should look into what's going wrong. You may have overheating or failing hardware.
Wikipedia: Unlike DDR4, all DDR5 chips have on-die ECC, where errors are detected and corrected before sending data to the CPU. This, however, is not the same as true ECC memory with extra data correction chips on the memory module.
So I'm not sure how this works, because I'm not sure if "true" ECC is better/worse/same as on-die ECC. A casual googling shows on-die to have more advantages.
You do not and you cannot. It was written in stone once Chrome dominated the browser market. What Chrome (Google) wants, Chrome (Google) gets. Despite all the good engineering Google wants to sell ads, that's all there is to it. And the result is this proposal.
> The saving grace here might be that Firefox won't implement the proposal.
It's irrelevant and we are an irrelevant minority. Unless people switch to FF in droves the web is Chrome. And they won't because at the end of the day people just want to get home from their shitty jobs and stream a show. As long as that works everything else is a non-issue.
We could at least get everyone here to use Firefox. There's really no excuse for a technically minded person to still be using Chrome for their day to day browsing.
If you do eventually run into a poorly crafted webpage that doesn't work on Firefox you have the wherewithal to decide if you are simply not going to use that site or hop over to chrome just this once.
But the important thing is checking in automatically as a Firefox user in the logs of every other site online. Push Firefox marketshare up and at least some places will be hesitant to write off Firefox as irrelevant.
> We could at least get everyone here to use Firefox.
That would accomplish nothing.
> But the important thing is checking in automatically as a Firefox user in the logs of every other site online.
No, that's not important. HN users are a tiny minority compared to the billions of people that use the web daily.
I'm sorry, there's no easy way to say this: Firefox is never coming back. The web of old is never coming back. It's over. Even if this particular proposal gets defeated somehow, a future similar proposal will make it through. There is nothing you or I can do about it. Google is more powerful than most governments, and they are vastly more powerful than any random group of like-minded people who get together on the Internet in the belief that they can accomplish something.
A defeatist attitude like this certainly predicts the future... If you're playing by the rules. And the rules were set by Google, so it's in your best interest to break them by actively harming Google. Restrictions in choice happen because people don't oppose the narrowing enough to make the corporations lose money. This might be one of the few times where targeted malware could be beneficial if it destroys Google's services and makes them too much of a risk to use. If somebody puts a latent trigger into a Javascript library that's widely used like Node.js that makes Chromium and only Chromium break then that would start a cascade effect of Chromium locking itself up more and more until it's impossible to use. You could even make cookie bombs, where you have two cookies, and when one expires before the other it triggers the surviving poisoned cookie to ruin Chrome's functionality by poisoning the browser agent. Google wouldn't be able to trust anything they didn't make themselves. You can force Google to barricade themselves in until it's impossible to reach them, and have them do it so fast that updating systems for developers and users would be too much of a pain to constantly keep up with. The downside is once you use a tactic like this then it's not just Google that wouldn't trust anything they didn't make themselves.
Firefox came into the mainstream because of power-user recommendations and the browser ballots.
It should be illegal for a significan platform (say 10mln users) to make its own browser, or any really, the unquestioned default. Users should be prompted on first use, giving a randomly ordered selection of any capable browser. If users can just click through it the choice should be random.
This is the only way to maintain healthy competition and ensure independent yet functional standards. Otherwise incentives will continue to centralize power.
You're describing the old Firefox before they became Google's controlled opposition. Since 2011 all they have done is continuously stripped out every useful power user feature in a bid to turn into a shitty copy of Chrome; the last straw was gutting their powerful XUL/XPCOM extension system in favor of Chrome's far limited web extensions because muh security (and since then there's been more, not less cross browser malware). Today you can't even write your own extension for use on the main build thanks to forced extension signing (which ended up disabling everyone's extensions a few years ago due to an invalid certificate).
And that's before all their unethical tracking, in browser advertising and privacy violation over the years, that requires various 'hardening' about:config changes out of the box, or the erosion of configurable features with almost every release. Mozilla are woke hypocrites today, financially dependent on Google while claiming to be privacy champions and squandering their money on multiple other projects instead of focusing on Firefox.
The only browser that continues to be the old Firefox in spirit - the one that upended Microsoft's IE monopoly - is its hard fork, Pale Moon (which gets derided as oLd aNd iNSeCuRe by Mozilla fanboys). Doesn't need any 'hardening' because it doesn't snoop on you to begin with, and the latest versions have massively improved web compatibility while retaining support for the original powerful XUL extension system.
It may well be too late, given Google has absolute control over web standards and their policy of introducing draft features in Chrome and then making them part of the standard. Unless an anti-trust case is brought against them which explicitly mentions their browser engine and standards monopoly, and correctly points out that every other browser today is just a skin around Chrome while Firefox is controlled opposition. Every case against them seems to obsess on the search engine monopoly.
>Firefox came into the mainstream because of power-user recommendations and the browser ballots.
But it was a completely different situation.
- There was a huge influx of new internet users who were all asking their techy friends which browser to use. This is not the case now. People mostly stick with what they know.
- FF was the better product for pretty much all use cases. If this proposal does go through, this will not be the case. It's nice that FF can block ads, but it's ultimately useless if the average user won't be able to access Netflix/Youtube/Facebook/their bank account. It will be an objectively worse browser.
Browsers are increasing in importance even today, not decreasing.
And as I said, the sustainable solution is browser ballots back by the force of law. It's worked where it's been tried.
Anti-trust based solely on narrow definitions of consumer harm on the other hand, serve only the capital owners. And they'll leverage and co-opt any and every popular and useful innovation: open source, community contributions, open standards, patterns light or dark, etc.
See that's where I disagree. Rich governments like the EU or the US can and do have power to push regulations if they wanted to. Pretending we the people (in a broad sense), i.e. the state, have no power whatsoever to control the terms under which these companies operate within the state, is defeatist.
Bringing up "We, the people" here is ridiculous, regardless of the "sense". We have zero power. Zero. Protests, revolts, riots ... all make no difference anymore and making a cross on a piece of paper once every couple years, aka voting, doesn't give us power. Anyone believing that is a fool.
It certainly allows us to avoid the worst of 2 evils in any case and nudge the ship of state away from obvious rocks where extremist positions cause politicians to lose elections. Furthermore many states have a means for individuals to directly make law on matters that directly concern enough sufficient voters.
Sounds like defeatism. By writing such comments you only help Google and make people resign from doing anything. Good job...
It won't be easy, but it is not impossible to change the world. There are many, many intelligent people around. We just need to work together to achieve our goals.
BTW EU has shown, multiple times, that it is powerful enough to impose regulations on tech giants like Google, Facebook or Apple.
(3) has enough coherence to actually do something about it
It's not obvious to me that any of these apply. The EU is pushing -- in fits and starts -- towards self-reliance in its computing infrastructure, but at a slow pace.
Of these, number 1 is probably the most doubtful. The EU, however boring that line of thinking is, is still quite bureaucratic, and it's doubtful that measures to control this, might not be a priority of bureaucrats. After all, the regs I mention later are in the name of "less e-waste" (which is good, but besides the point). So something like "control web DRM" might not be as blatant and easily solved (your point No.3).
For number 2, the EU's new regulations above more easily replacable batteries, mandatory USB-C ports and such, in my eyes prove -- though not doubtlessly -- that they do care about walled gardens in tech.
Number 3 though, again, as I've alluded to before, doubtful. But possible in my eyes. Urgency is another thing you've mentioned, and -- let's say it again -- bureaucrats are not particularly known for solving a problem in the right time.
NB: don't misenterpret my use of 'bureaucrat[ic]' as a negative comment, it is just a fact, however boring.
I use Vivaldi (not chrome itself but another Chromium browser) because I want PWA support on my Linux machine so I can have an app for outlook with notifications and Chromium browsers make that far more convenient than Firefox.
Essentially this doesn’t work because every email client I tried can’t handle the specific way my work email account does authorization and the login always fails. They also blocked POP/IMAP so that’s not an option either. No one else in a team of software engineers figured out a better way to access email so for now this is the best option
It is extremely disingenuous to claim the only browser to still refuse to block third party cookies by default, because it helps their ad partners, is "more secure".
The only way in which Chrome is more secure at anything appears to be securely forcing you to view ads via this API. And a shocking amount of malware fails to work when you use a running environment that 95% of society are not using.
So as someone who deals with enterprise software: Network effects.
Where I work, we treat Chrome as the malware it is: It's banned both by technical measures and security policy. We deploy Firefox, and begrudgingly deal with Edge when people insist on a Chromium-based browser. (At least Microsoft added some modicum of privacy settings here.)
Here's what I've learned over the past several years: Web developers are lazy. We're commonly told such and such app or service "only works on Chrome" or they'll "only support on Chrome". When we call for support, half the time we'll get told it's because we're not on Chrome, and I have to actually prove to them on an isolated machine that the issue occurs on Chrome so they'll shut the heck up and do their job. "Oh, I found an issue on our server" after I spent two hours trying to convince them their app works fine on Firefox.
In most cases, things "not working on Firefox" entails exempting a site from the popup blocker. In 2023, troubleshooting alternative browsers is usually... roughly that easy. But blaming your web browser is easy and lets them shift blame, so that's what they do.
But enterprise software companies have completely turned Chrome into the modern Internet Explorer: The only browser they'll even deal with. And since a lot of people buy Google's marketing that they know security and aren't completely clueless how security works (they are), people have by and large given in and installed Chrome.
I was there too. People always say this, but just because a thing changed once does not mean it will happen again. In this case, the population scale alone has changed by over an order of magnitude.
Just doing some quick searching - the first numbers that come up when you search for "how many people used the internet in the year 2000" are on the order of 350 million or so. Comparatively, now, in 2023, Reddit alone has some 450 million users. It would seem right now that Tiktok has about three times the number of active users than there were total Internet users 23 years ago.
Additionally, there are literally hundreds of billions of dollars now resting on Chrome remaining the dominant browser.
Short of government intervention (or absolutely monumental fuckup on Google's part somehow), Chrome is here to stay.
Yes. The solution is very simple: uninstall Chrome and Chromium.
We are the people with the most influence on the tech. We are prescriptors. We are legion.
– Yes but Chrome is a tad faster and I have my bookmarks and my favorites extension and blablablabla…
— Then you are the root cause of the problem. If you are not ready to sacrifice an ounce of comfort to save the web, then you are the one killing the web.
Simple: install Firefox. Now.
(oh, and, by the way, also removes google analytics and all google trackers from the websites under your control. That’s surprizingly easy to do and a huge blow in Google monopoly. There are plenty of alternatives)
Please explain what you mean. It sounds like you have an important point that can only be found if people sit and carefully read several pages. Important points deserve to be stated more plainly.
The entire point of this spec is that your alternative browser wouldn't be able to attest to its "integrity" unless it was exactly as locked down as the other ones. If you have some kind of rebuttal to the shared context we all otherwise have, maybe you should be the one forced to state it more plainly.
> The solution is very simple: uninstall Chrome and Chromium.
No. Firefox, beyond being slower, also keeps constantly displaying ads… for itself. Want to open a new tab? “Big Browser cares about your privacy, read how!” I just want to open a new tab!!! I’m working! Restarting? “Discover what’s new with Firefox”, “Hohoho, we care about your privacy, LOOK HOW MUCH WE CARE! ALSO WE HAVE NO ADS!” Worse, they suggest to solve privacy that I use Mozilla VPN. VPNs don’t solve privacy. Also, it’s a paid ad for a paid product.
Mozilla had also a staunch political slant, going as far as firing a CEO for a donation he made to the opposing group years ago. There is nothing neutral here, if you are not a leftist, it’s dangerous to use or even give your participation to that ecosystem.
Mozilla has failed to become the no-ads, better-ethics, privacy-aware navigator (pun intended). They keep performing worse actions than Google all the time.
There isn't a moral dimension attached to loving the right kind of people and gay and straight people are equally moral in pursuing relationships with significant others. On the other hand there is a moral dimension to trying to take away our fellow citizens rights. The CEO as the face of the org became unsuitable to his role when he acted publicly and objectively immorally in support of those who would gut the rights of his fellows
He wasn't on the wrong side of a political issue he was on the wrong side of decency and morality. This ought not to be a leftist position nor should we fear that the tyranny of excessive concern for others may be imposed upon us. Should we decide to use Firefox for evil as it were the privacy both endorsed and adhered to by Mozilla precludes them discovering it let alone stopping us.
The position of user of Firefox and public face of Firefox are inherently different positions and come with different reasonable expectations but I think you knew that.
> it’s dangerous to use or even give your participation to that ecosystem.
Please describe precisely the threat model you fill most applicable
> keeps constantly displaying ads
For a definition of constantly redefined to mean rarely when a new major version comes out.
> They keep performing worse actions than Google all the time.
The context here is that google tracks everything you do and regularly shares it with the government including under terms that are obviously abusive of user privacy and including to repressive governments, are in the middle of attempting to destroy ad blocking by pushing locked down environments in the name of security. A move likely to have massive implications that will be impossible to manage or control in repressive dictatorships even if Google themselves do nothing to directly assist with mass surveillance in Orwellian states. Merely building general purpose tools virtually guarantees bad usage by repressive regimes. By contrast Mozilla has? Tried to pimp their VPN to you as part of their new version notification...
It really sounds like the Brenden Eich debacle has colored your perception of the situation and perhaps you need to step back and evaluate the situation objectively.
Brendan Eich getting fired was like watching the original internet get murdered by progressives. Everything since then has been about how I thought that would go.
A guy gave a $3100 dollars to a political cause of his choice that was on the ballot, and people with this ideology drove him out of the company he founded that fought very hard for internet freedoms.
Since then, Mozilla/Firefox has largely become irrelevant and absolutely no longer has the same privacy concerns and respects.
He donated money in opposition of a law he didn't want to pass. He didn't take anyone's rights away.
I surely do mean exactly that particular Waterfox. I've had my fair share of concerns back in the day when System1 acqui(hi)red Waterfox, but I haven't seen any suspicious behaviour whatsoever so I'm pretty confident it's fine for the time being.
Of course, if you know a better browser (that is not Chromium-based), I'll be happy to hear your suggestions!
>I was there too. People always say this, but just because a thing changed once does not mean it will happen again.
The problem is that the web standards have now grown so much that it is impossible to write a complete new web browser from scratch. Firefox is not coming back, because Mozilla seems to prioritize other things than code quality and the actual usability of their software.
And yes, I know that the SerenityOS developers are trying to do it, but while some very advanced things work "good enough" in their browser so that Twitter and Discord's web client works to some extent, the more basic things are so broken that their browser cannot even render basic HTML 3.2 sites properly.
Google's end goal is probably to "deprecate" HTTP 1.x and force everyone into using their own replacement for the protocol. Their protocol is going to be like the thing they call "HTTP2", an insanely complex protocol that is impossible to implement by a small developer team. In the end their own protocol becomes a "rolling release" protocol that only works with Google's own app, at which point they can completely stop releasing RFCs for it.
I was there too, in the 1.0 days, and still am. But these days are gone, Firefox is not coming back. Back then Firefox was immensely better than IE. As long as the other alternatives are just as good, there is no reason for the mythical "average user" to change over. Why bother if you can do everything in Chrome? We may understand the differences, ideological or technical, but good luck explaining that out there. There's a massive disconnect between user and technology and as a result people will live in the perfectly curated technological bubble that's been served to them.
the adblock "endgame" will be a self-hosted DNS system that blocks requests to ad-server urls (or return benign responses).
Then the game will switch to encrypted proxied traffic that you cannot block.
Then the adblocking software will switch to the GPU layer, and use machine learning and AI to wipe the region of memory in the GPU containing the ads (and replace it with something benign).
Then the next logical step from likes of google is a fully trusted computing environment - aka, you as an end user no longer control your own machine.
The browser... or the javascript running in it, served from the primary domain you are browsing will just do DNS over HTTP from within the browser, completely avoiding your dns filter
It was fun while it lasted though, finally news sites that could be read on an average German mobile data connection.
For the uninitiated: Germany's mobile phone network has been ridiculously expensive and unreliable for decades. Everyone else in Europe has done it better, because no one else thought they could extort 60 billion euros from the providers for RF spectrum licenses - we're still paying for that blatant debt-shifting today.
There's a degree of saying no and opting out and controlling your own shit that you can do.
Some, like owning a phone and getting tracked to many degrees is inevitable but others, like software on a computer, is quite easy to think about.
You don't need to be a majority to go a different path. Linux users everywhere know this. We never needed the "year of the Linux desktop".
There's usually ways around the designated box. Obviously, get ready to be called names for not bowing down to authority... But you can ignore them and move on.
Whatever happened to legislation? I bet most people here would have said the same about Apple's App Store monopoly on iOS, and yet the EU passed the DMA and the matter was closed.
There's no reason why the same can't happen here. The defeatism attitude helps with nothing and is part of the reason why this happens in the first place.
EU passing the DMA is literally the specific reason why google is unstoppable. They finally cracked the last significant holdout against chrome/chromium market dominance, now there is nobody left to oppose them in the browser market.
Chrome/Chromium is already above 75% marketshare and the EU doesn’t care, and is taking moves that will actively increase consolidation and monopoly control.
We’re literally in the thread where we’re talking about the anti-consumer moves that are resulting from that consolidation. This is what it looks like when Google flexes that monopoly control and tells you how it’s going to be. EU doesn’t seem to care.
> Chrome/Chromium is already above 75% marketshare and the EU doesn’t care, and is taking moves that will actively increase consolidation and monopoly control.
It took roughly 15 years for the EU to react to Apple's practices, and they have been anticompetitive from day one.
Chrome has caused no competitive damage to consumers or competitors (yet), give it time.
You can by not using Google products.
Change the search for ddg or kagi. Change your email for proton.
Use Dropbox instead. Remove Chrome, live with iceweasel or Firefox.
It is not like you'll be loosing much. This is the time to change, while we still have other players in the market.
No, you can't - not until you get a significant part of the world's population to join your protest.
The point is that if chrome implements this, netflix, amazon, facebook etc might decide they'll use this feature and only permit browsers who implement this to use this site.
Even if the only browser that does so is chrome, that's fine because chrome's market share is big enough that they can ignore the rest.
Have fun using Firefox if half of the web locks you out or treats you like a second class citizen.
It may not be that easy as now that stuff like banks and government services have embrance it. If they or your work/school apps need it, you are screwed
I'm already using a separate device for "official" stuff. It's a fully Google/Microsoft managed phone that runs my professional life (work profile, LinkedIn, etc.) and accesses government and some financial services. It mostly sits in a drawer outside work hours and don't use it to browse or talk to anyone outside of work. It has SimpleX installed so it can send anything I need (eg. financial statements) to my personal phone, without even needing to store my personal phone number.
My personal phone, and my personal laptop and PC, run open source OSes and are as privacy-focused as I can make thrm. They're the ones I use to browse and talk to people, both on public and private platforms. They're the ones that have my photos, my books, my passwords, my movies and my music. (I don't use streaming services, except for YouTube via Newpipe.)
I do make sure that I always have at least one bank account with a bank that doesn't require SafetyNet or similar, and can therefore be accessed without needing the "official" phone. So far, all but one of my financial service providers work fine from my personal devices.
I think the dual-device approach will quickly become the only realistic one for individuals who want privacy in their computer use (which will remain a minority). I will even say that, although Google is doing this purely for the sake of ads and profits, it is not unreasonable to expect citizens to have an "official" online presence in the form of a highly standardised Internet client, without prejudicing their ability to use other ones. In the same way that you have an official residential address, without prejudicing your ability to have other mailboxes or live on the road.
> netflix, amazon, facebook etc might ... lock you out
Is this supposed to be a bad thing? It's almost made to sound like surviving without them would be tantamount to starving, but frankly we might be better served without them.
I see Facebook locking you out (no great loss there) but I'm less convinced about Amazon or Netflix. They're not advertising-based businesses, so are not suffering with bots-consuming-ads problem.
Put another way, my site is unappealing to bots, and frankly I don't care about bot traffic, because I don't have ads. So I don't feel the need to support this server-side.
Equally Amazon makes money selling goods, not ads. They don't need to know if its human or bot, they just need a credit card. [1] Netflix is subscription based, again doesn't care if its a "trusted device" or not. They want you make sure their content is available not blocked because my TV is "untrusted".
Sure, you'll end up using Chrome to use Google properties. But I don't really see the incentive for the non-ad-based Web to bother implementing this.
[1] it won't move the needle for fraud, fraud is easily done via trusted devices.
>Equally Amazon makes money selling goods, not ads.
Amazon is one of the biggest ad networks on earth. They made $40bn from advertising last year using all the personal data they get from their paying customers.
>Netflix is subscription based, again doesn't care if its a "trusted device" or not.
Oh but they do care very much. Netflix requires DRM in desktop browsers and its own app on mobile platforms. And they launched and ad based plan recently.
It's a mistake to believe that advertising is the main problem and direct payments are the solution. Making a payment takes away more privacy than advertising alone ever could and hands personal data to payment schemes and banks on top of everything.
> they'll use this feature and only permit browsers who implement this to use this site
we as tech early adopters and "leaders" in this space, we need to be telling family and friends to complain to those sites about such required support. If enough people complain to amazon that they don't want to use this google branded browser, i think there will be some pushback and the companies would be hesitant to drop support for firefox.
>The point is that if chrome implements this, netflix, amazon, facebook etc might decide they'll use this feature and only permit browsers who implement this to use this site.
Works for me. I don't need those sites/services. If they want to be actively hostile to me, I can vote with my feet/wallet.
I can't (nor do I wish to) control what other people do. Just what I do.
As it stands now, I block the bulk of scripts/ads/trackers/other spyware on my devices, and those who don't like that are free to block me from accessing their sites.
Maybe I'm missing something important here, but I don't need anything from Alphabet, Netflix, Meta or any other rapacious corporation. They can do what they like, and I will do the same.
>Have fun using Firefox if half of the web locks you out or treats you like a second class citizen.
If the above folks are who you consider "half the web" then, at least for me, nothing of value would be lost, as I don't use that garbage anyway.
You can move away now or wait until they lock you out (and thereby lock you out of all you OAuth sites) with no recourse. The endless cries for help in /r/GMail/ says it all.
OAuth sites will let you change your OAuth provider or even better switch to a local account on their site and use a password manager so you don't tie everything to an OAuth provider unless the site will accept a self hosted one.
What's the harm in giving some sketchy site a unique, random password only used with that site? (In contrast to letting them have your Google profile and all that comes with it)
The need to retain one unique random password per site (as opposed to having one extremely secure Gmail password with two factor authentication attached to it).
It's the old twin airplane principal from the hacker's dictionary: the virtue of putting all your eggs in one basket if the basket is built very well.
Something to consider when you save your passwords in Google, you can "forget" and reset your Google account password and all your passwords are still there. Compare that to a proper password manager where if you forget the master password (assuming sufficient complexity) nobody is getting those passwords back ever. So Google has full access to your passwords whenever it feels like it.
As the other commenter said, there's zero risk giving a dodgy site a randomly generated password used only for that site, the randomly generated password gives them no information or pathway to any other web site.
I doubt Apple will be our savior here. Apple is in a great position to implement this spec: their secure enclave and the systems they've developed around it are practically the state of the art. Also Apple is in bed w/ traditional media. (Apple News, Apple TV, iTunes, etc.) Microsoft has been doing the same[1] for years w/ Pluton on the Xbox to protect their IP. Google has been doing this on Android using, dm-verity, SafetyNet, et al. Nintendo employs similar protections on the Switch with moderate success. (After the bootrom of the initial HAC-001 was patched on the production floor the only real option to attack a modern Switch is physically glitching the console.)
I suppose Apple may object on the grounds of being a "privacy focused" company, but I'll believe that when I see it. I'm not gonna sit here holding my breath for these megacorps to do the right thing.
> I doubt Apple will be our savior here. Apple is in a great position to implement this spec: their secure enclave and the systems they've developed around it are practically the state of the art.
You are probably right, but there is one self-interested reason why Apple might resist implementing this - Apple doesn’t like the web competing with apps, and this is basically giving the web a capability that right now only apps (effectively) have.
Perhaps you haven’t been paying attention but macOS Sonoma—currently in beta, shipping this fall—has the best web app support we’ve seen in a mainstream operating system.
You can put a web app on the Dock using the Finder’s “Save to Dock” command for virtually any website or web app.
Not only do you get service workers, push notification, web app manifest support, etc. web apps have first class support in the Finder, Spotlight, Spaces, Mission Control, etc. [1].
Screenshotting Apple TV+ works fine for me on desktop Chrome, even with hardware acceleration enabled. I don't recall doing anything to circumvent normal behavior (not really in the habit of screenshotting things I'm watching).
You only have to look at how they're (still) restricting PWAs to see they also have their own goals to preserve their walled garden and market share (as they should, it's a publicly listed company, but it's not the same as an open source alternative)
Yeah: the company that is all about locking down user devices and relishes in providing a DRM-ridden platform for developers to maintain complete control over their users is totally going to be against implementing this specification :/. I mean... it's possible? but any hope there is fully predicated on their hatred of Google and their distaste for the web.
If my goal is to try to avoid vendors locking down what I can do with my computer, I don't think switching from Linux to MacOS is going to be an improvement.
Doesn't Apple have some leverage here? They may not control the overall browser market but they mostly control the smartphone market (or at least the profitable segment of that market) and lots of those users prefer to use Safari.
I'm aware Apple implemented similar tech a while ago, but I have infinitely less confidence that Google would use it responsibly.
And lot of people here squeal like stuck pigs if you suggest anything other than the Chrome monopoly. HM is a constant barrage of demanding that legislators force the Chrome monopoly to be extended to iOS devices!
They closed the gates when their specific niche has been captured so that they can extract maximum value. As a result interoperability between services is dead. Fediverse is a valiant effort but the barrier to entry is relatively high, even for techies. It's time to accept that people just like the "comfort" of walled gardens.
Regardless of the DE preference I believe the Gtk/GObject/GLib ecosystem is quite well designed and it's relatively easy to reason around and get into developing with even without using C since there's a ton of available bindings. KDE development is tied to the Qt framework which is essentially C++ only (with Python bindings for the Qt libs). The language is based on pragmatic requirements and I can't see any correlation to the quality of the software.
It may happen eventually but they have no incentive to make it so. They've captured a significant part of the corporate market by bundling with O365 for Enterprise. Teams has fulfilled it's purpose just as Office did. At least Office is decent software.
Office is nice, as long as they dont hide Desktop downloaders on their website and try to force you to use their Web version which is like 1/3 of real desktop office.
I'm afraid (2) will probably never work properly :-(
[0] https://gitlab.freedesktop.org/xorg/xserver/-/issues/1317
[1] https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests...
[2] https://github.com/NVIDIA/egl-wayland/pull/104#issuecomment-...