Google Chrome Requires TSYNC Support Under Linux

An anonymous reader writes Google's Chrome/Chromium web browser does not support slightly older versions of the Linux kernel anymore. Linux 3.17 is now the minimum requirement. According to a thread on the Debian mailing list, a kernel feature called TSYNC is what makes the difference. When a backported patch for the Debian 8 kernel was requested, there were hostile replies about not wanting to support "Google spyware."

First

First comment.
Awwww y

Re:First

I think troll's conquered even Slashdot.

So much for Debian 8, then...

[Jay+Maynard]

Not that I was going to use a system that kowtows to RMS by calling itself GNU/Linux anyway, but the OS is there to support the software I use, and I use Chrome on Linux. If the OS won't support it, then I won't use it.

Re:So much for Debian 8, then...

[Eunuchswear]

Not that I was going to use a system that kowtows to RMS by calling itself GNU/Linux anyway, but the OS is there to support the software I use, and I use Chrome on Linux. If the OS won't support it, then I won't use it.

So, you tell us you are not going to use a system that you weren't going to use.

And we should give a fuck, why?

Re:So much for Debian 8, then...

You'll be so missed.

But seriously, if you don't care about your privacy to the point of using Chrome, you probably won't care about using Windows either.

Re:So much for Debian 8, then...

[Jay+Maynard]

Actually, I use Linux Mint and OS X. Yes, I know Mint's an indirect Debian derivative, but 1) they derive directly from Ubuntu, which pays better attention to users, and 2) they don't call it GNU/Linux.

And Google has all of my details anyway; I switched from an iPhone to Android this last upgrade (a second-gen Moto X) because it integrates better with the stuff I was already using: Gmail, Google Voice, Google Calendar...

You know what? I'm not paranoid about Google. They don't care about me individually, and I opt out of their ad targeting. The rest I just don't care about.

Re:So much for Debian 8, then...

[Jay+Maynard]

Because it's yet another reason not to use them.

Re:So much for Debian 8, then...

[Eunuchswear]

Frankly, I'm not associated with the Debian project, but, if I were, hearing that yet another lunatic troll was promising not to use their system would make me very happy.

Re:So much for Debian 8, then...

[Jay+Maynard]

To each his own.

However, for folks who want their OS to actually pay attention to their needs, it's yet another nail in Debian's coffin.

Re:So much for Debian 8, then...

[Runaway1956]

I haven't even looked to see why Chromium needs to make a kernel call that no other browser needs to make. But - I'm rather skeptical of TSYNC before I even look at it. TFS already suggests that it might be spyware. Glad I no longer run Chromium - SRWare Iron is the same as Chromium, but stripped of all the intrusive bullshit.

http://www.srware.net/en/softw...

Re:So much for Debian 8, then...

[Runaway1956]

"1) they derive directly from Ubuntu, which pays better attention to users,"

Seriously? WTF was Unity? I dumped Ubuntu as soon as they started tooting Unity's horn, and the wife dumped Ubuntu when her version with Mate desktop lost support. Pays attention to it's users? What users are those, exactly? The users who migrated from Windows, and wish to continue along the same path that Microsoft is going?

Nope, you don't get away with that one. You may state that Ubuntu satisfies all your wants and needs in a desktop, and I'll just roll my eyes, and keep my mouth shut. You may NOT proclaim that Ubuntu pays attention to it's users. THAT is a lie!

Re:So much for Debian 8, then...

And Google has all of my details anyway; I switched from an iPhone to Android this last upgrade (a second-gen Moto X) because it integrates better with the stuff I was already using: Gmail, Google Voice, Google Calendar...

You know what? I'm not paranoid about Google. They don't care about me individually, and I opt out of their ad targeting. The rest I just don't care about.

I think your name might actually be Maynard G Krebs. You're clearly as intelligent.

Re:So much for Debian 8, then...

[Gr8Apes]

You know what? I'm not paranoid about Google. They don't care about me individually, and I opt out of their ad targeting. The rest I just don't care about.

You're can't be paranoid about google, paranoia is thinking that someone's watching you, with Google, they boldly state they're watching you and in your case you're aware of that. I personally do care what Google knows and have taken steps to limit that significantly, by using as little of their services as possible and making tracking me much more difficult. A random Jane or John at Google shouldn't be able to tell you you're on your period this week, for instance.

Re:So much for Debian 8, then...

Sometimes I could almost like you if you weren't one of ESR's lunatic gunfondler libertoonian butt-buddies.

Re:So much for Debian 8, then...

[rubycodez]

How about us people who used to think Debian was the very best Linux server system in existence, and who evangelized its use and put it in businesses and donated to SPI. But now we shun it as garbage, and actively remove it from our company's servers? Do you think that makes the Debian project happy?

Re:So much for Debian 8, then...

[Jay+Maynard]

You say that as though it's a bad thing.

Re: So much for Debian 8, then...

Shame, but why would anyone want to run Google Chrome on a company Linux server? To test if your antispyware is working?

Re:So much for Debian 8, then...

[Jay+Maynard]

Better attention to its users than Debian is a low bar to clear. I'll agree that Ubuntu has its own problems in that area.

Re:So much for Debian 8, then...

[Jay+Maynard]

"TSYNC is a new sandboxing flag for seccomp that was recently added to the Linux kernel." -- from the description of the change to Chromium

Sounds like more browsers should be using it.

Re:So much for Debian 8, then...

That's your prerogative, but keep in mind you're throwing a tantrum over a issue that does not affect the server market. No one in their right mind install a GUI on a Linux server, so again, not a issue for the server market.

It is no secret that Debian uses older software versions that most distributions, so this shouldn't be any surprise. If OP wants TSYNC no one is stopping him from downloading the kernel source and compiling a kernel with support.

Re:So much for Debian 8, then...

[Improv]

Your browser, right or wrong. Doesn't matter that the Chrome people are being ridiculously brain-damaged here, you've decided that the OS people are always wrong in any conflict.

Re: So much for Debian 8, then...

[rubycodez]

The issue not google chrome, but SystemD bloatfest

Re:So much for Debian 8, then...

[rubycodez]

Not referring to chrome issue, rather that giant greasy dump by Poettering into the open source pool known as SystemD

Re:So much for Debian 8, then...

[Jay+Maynard]

No, not at all. In this case, though, it's not going in because of the animosity of one developer to all things Google. He didn't even bother to see what the change was about before shooting it down in flames.

The OS people are quite often right. Not this time, though.

Re:So much for Debian 8, then...

[Runaway1956]

No, you're still not making an accurate representation.

DEBIAN'S USERS are groups such as Ubuntu, Mint (which uses both Ubuntu and Debian on different distros) Sparky, I think CrunchBang - that is, subordinate distros use Debian.

At this point in time, Sparky is paying attention to what I want, and supplying what I want in a working environment, all powered by the latest Liquorix kernel. I've seldom installed and/or assembled a desktop directly from Debian. However, Mint's LMDE had my attention for quite some time after Ubuntu abandoned it's users.

Since then, the Enlightenment desktop has grown bigger and stronger, so I've wandered further afield into Arch-Linux land, but keep bouncing back into Debian land. (basically, I'm following the best support for Enlightenment - if Ubuntu would deign to work on E, I might even give them another try. Then again - maybe not.)

Re:So much for Debian 8, then...

"TSYNC is a new sandboxing flag for seccomp that was recently added to the Linux kernel."

And what does that mean in English?

Re:So much for Debian 8, then...

[marcello_dl]

> How about us people who used to think Debian was the very best Linux server system in existence, and who evangelized its use and put it in businesses and donated to SPI.

Fakedebianist pls, I don't think there are that many of you that don't know what a stable release is.

Jessie is about to be debian stable, which means that the packages have undergone "some" QA testing, which provides the quality that made debian what it is.

Somebody asking to backport stuff to jessie at this stage, after the problem was known months in advance or so TFS says, is either ignorant or malicious.

The correct way to handle this is to ship a tested version of chrome, which implies no kernel patching, and apply security patches as usual. Those itching to run the latest chrome can run a newer kernel, run a backported chrome + kernel patch (maybe package it in a module and use the dkms system which works for my 3d drivers very well), run chrome in a VM (which is what I'd do if I was concerned about what data flows between chrome and google).

The debian dev rejecting the request has been rude, but he ends up being right.

Re: So much for Debian 8, then...

[Pathwalker]

why would anyone want to run Google Chrome on a company Linux server?

Automated regression tests on the development build of a web application is one reason. Web pages can and should be tested, just like the unit tests for the code that backs them.

Re:So much for Debian 8, then...

[Lennie]

Here is the kernel commit message:

seccomp: implement SECCOMP_FILTER_FLAG_TSYNC
Applying restrictive seccomp filter programs to large or diverse
codebases often requires handling threads which may be started early in
the process lifetime (e.g., by code that is linked in). While it is
possible to apply permissive programs prior to process start up, it is
difficult to further restrict the kernel ABI to those threads after that
point.

This change adds a new seccomp syscall flag to SECCOMP_SET_MODE_FILTER for
synchronizing thread group seccomp filters at filter installation time.

When calling seccomp(SECCOMP_SET_MODE_FILTER, SECCOMP_FILTER_FLAG_TSYNC,
filter) an attempt will be made to synchronize all threads in current's
threadgroup to its new seccomp filter program. This is possible iff all
threads are using a filter that is an ancestor to the filter current is
attempting to synchronize to. NULL filters (where the task is running as
SECCOMP_MODE_NONE) are also treated as ancestors allowing threads to be
transitioned into SECCOMP_MODE_FILTER. If prctrl(PR_SET_NO_NEW_PRIVS, ...) has been set on the calling thread, no_new_privs will be set for
all synchronized threads too. On success, 0 is returned. On failure,
the pid of one of the failing threads will be returned and no filters
will have been applied.

The race conditions against another thread are:
- requesting TSYNC (already handled by sighand lock)
- performing a clone (already handled by sighand lock)
- changing its filter (already handled by sighand lock)
- calling exec (handled by cred_guard_mutex)
The clone case is assisted by the fact that new threads will have their
seccomp state duplicated from their parent before appearing on the tasklist.

Holding cred_guard_mutex means that seccomp filters cannot be assigned
while in the middle of another thread's exec (potentially bypassing
no_new_privs or similar). The call to de_thread() may kill threads waiting
for the mutex.

Changes across threads to the filter pointer includes a barrier.

https://git.kernel.org/cgit/li...

Re:So much for Debian 8, then...

"TSYNC is a new sandboxing flag for seccomp that was recently added to the Linux kernel." -- from the description of the change to Chromium

Sounds like more browsers should be using it.

... when the feature is present.

Re:So much for Debian 8, then...

[IamTheRealMike]

It means it makes Chrome more secure.

This sort of thing is why Debian is so often seen as a realm of knee jerk lunatics. Debian isn't keeping up with features Chrome needs to be more resistant to browser exploits (which are used to install ACTUAL spyware) and the answer is "Chrome gathers statistics on how it's used so it's evil and we don't care if it breaks". WTF?

Re:So much for Debian 8, then...

[epyT-R]

Depends what you mean by needs. If google is misusing tsync for 'spyware' as claimed, then debian is acting in your interest by not supporting user hostile software.

Re:So much for Debian 8, then...

[sclark46]

Not that I was going to use a system that kowtows to RMS by calling itself GNU/Linux anyway, but the OS is there to support the software I use, and I use Chrome on Linux. If the OS won't support it, then I won't use it.

Thats bassackwards!

Re:So much for Debian 8, then...

[Improv]

"Accept this kernel patch because some web browser unwisely introduced a dependency on a kernel feature two years before it would be sane to do so"

"That's crazy, hell no"

I think you've misidentified the side that's in the wrong here. Software developers, when they see a new feature in some library they use or in a kernel or whatever, should be thinking "That'll be nice to use someday, I'll start playing with it in a bit, make it an option in a year if that's workable, and maybe make it a dependency in two years". Deciding "OMG yes NOW NOW NOW" is moronic.

Re: So much for Debian 8, then...

[Rich0]

Maybe save it for the next systemd article then? To boost income, slashdot only has about 5 of them each week... :)

Re:So much for Debian 8, then...

[Aighearach]

Popularity sucks, I always hope less people will choose the same tech as me. If it is popular then the lowest common denominator is guaranteed to be average. I want software with a community that is higher on the curve than that.

So which distro am I using? I say, don't ask, don't tell.

Re:So much for Debian 8, then...

[jc42]

That's your prerogative, but keep in mind you're throwing a tantrum over a issue that does not affect the server market. No one in their right mind install a GUI on a Linux server, so again, not a issue for the server market.

Well, I can appreciate the reasons for this argument, but I also routinely do the opposite: I have many servers installed on my own "workstation" machines, which of course came with GUIs.

Of course, by "server" you were presumably referring to hardware, while for many of us software types, a "servers" is a piece of software that can run wherever we're able to compile it. So technically, we don't install GUIs on our servers; we install GUIs and other servers on our machines. They're really independent chunks of software, and they can easily cohabit on a single machine these days.

One basic reasoning behind all this, of course, is for testing purposes. After all, no one in their right mind installs untested web software on a client-facing server (machine). We install it on our workstations, where we have all the software (including browsers that require a GUI) to do thorough testing, and we test the hell out of it before inflicting it on unsuspecting Web visitors.

(Actually, who am I kidding? I install small edits on "live" web servers all the time. This is rarely a problem, it turns out. But YMMV. I did this numerous times in the past week, because the server admins - in their wisdom - were installing upgrades on the server without first testing them on hidden machines. You wouldn't believe all the web site's stuff that this broke. I found it better to actively watch the web stuff that I was responsible for, and when it broke, try some quick fixes - or apologetic top-of-page messages - for the duration. And I'm still on good terms with those admins, who appreciated my occasional emails about what was currently broken. ;-)

Re:So much for Debian 8, then...

and I opt out of their ad targeting.

ROFL.... the naïveté...

Re: So much for Debian 8, then...

+1

Re:So much for Debian 8, then...

As claimed? Did you even bother to read the mailing list?

There's no claims at all, there's no discussion on TSYNC, why it's used, or why it shouldn't be, the only responses are anti-google propaganda with no basis in fact, let alone any basis w.r.t. TSYNC.

Re:So much for Debian 8, then...

This needs some serious modding up. ... as a lead developer who was instrumental in moving us from debian (which until the last year or two, I had been evangelizing and supporting for almost a decade) to FreeBSD for over 10,000 servers (two entire clusters) and hundreds of workstations (test/dev machines of developers/scientists/etc).

We're starting to see similar things from our peers as well, debian/centos/rhel/ubuntu being dropped pretty rapidly within our circle of influence - they don't listen to users/customers (really bad RHEL wise, when you're paying them hundreds of thousands of dollars), they fail on security (something debian was once great at), and they're moving linux into a direction that's frankly - undesirable for serious servers, HPC, etc.

Debian is dead, stop giving it attention, we've all moved on - so should the conversations.

Re:So much for Debian 8, then...

[emj]

"Chrome gathers statistics on how it's used so it's evil and we don't care if it breaks". WTF?

That's not even remotely what the Debian devs said. The Google Devs choose to disable support for anyone who want to have a stable Linux experience, so Ubuntu LTS users won't have Chrome extensions until 2017.

Re:So much for Debian 8, then...

[emj]

Ah looks like Ubuntu fixed it, things change I guess :-)

Re:So much for Debian 8, then...

[HiThere]

Perhaps I read it after you did, but *one* maintainer said he wouldn't support it, and called it spyware. (I don't know whether it is or not.) Another said that if it turns out to be needed and someone submits a "quality patch" then he would submit it. (He also said that if Chromium needed it, he would revert the patch that made it a requirement, but that Chrome was a binary that he [and implicitly Debian] had no control over.)

Re:So much for Debian 8, then...

[HiThere]

Moved on to....

Re:So much for Debian 8, then...

A random Jane or John at Google shouldn't be able to tell you you're on your period this week, for instance.

Pretty sure everyone knows but you keep telling yourself its a secret.

Re:So much for Debian 8, then...

[trippin_efnet]

Moved on to....

I wish I could mod you up. I was curious about the same thing. So many people saying they've moved on from Debian but never ever saying which distro they moved to.

I seriously question any one who would complain about this. They really must not understand how Debian releases work. Debian Jessie is frozen, which means there is a stringent process to go through in order to add changes, we have known it was going to be frozen for months and months. Their testing releases always go through a freeze period before it moves into stable. Stable means that typically the only changes are security fixes. Expecting Debian, a distro which really doesn't like non open source software anyway, to unfreeze for something like Chrome is just an odd request. If you need bleeding edge, you should move to a bleeding edge distro, I can recommend Arch as being fantastic for bleeding edge, there are plenty of others as well. Stable/LTS releases are not ever bleeding edge. In fact, stable/LTS releases are usually significantly behind. Or even better, they can go back to Windows. Wouldn't even notice if they left.

Re:So much for Debian 8, then...

If you think a random Google engineer can look at your personal data, you are very mistaken. Even an engineer working on that specific project would not be technically able to look at your data (as in, they don't have physical permission), unless there is a specific reason they need to look at your data specifically, and they have to request that access explaining their reasons, which are logged. Pretty much nobody has blanket access to private data of any sort.

(I work at Google, but I am not officially authorized to say anything, so please don't sue me or Google and so on...)

Re:So much for Debian 8, then...

[mysidia]

That doesn't make sense. TSYNC is a security-enhancing feature.

Chrome uses seccomp-bpf for Sandboxing.... that is isolating certain threads from the system.

TSYNC facilitates software correctness with regards to the security. Without TSYNC, there is a greater likelihood of problems in the application leading to system compromise.

So I'm quite satisfied by Google's choice to refuse to run their browser on kernels that don't support current security features.

Firefox, Konqueror, Midori, Epihani, Opera, Arora, etc, should do the same.

Of course, they will have to implement multi-threaded Sandboxing functionality first.

Re:So much for Debian 8, then...

[mysidia]

Following the release; I anticipate good security reasons not to run old versions that require TSYNC, to reject the patch requiring it is a lot like rejecting a patch that fixes a buffer overflow or other typical RCE. The TSYNC feature impacts security, and the lack of the feature might eventually result in system compromise.

Re:So much for Debian 8, then...

[mysidia]

It seems that SystemD has become an industry standard however..... seeing as Redhat already adopted it first. Unless you're willing to go to an old release; it seems difficult to find a distribution that has not already gone SystemD-only.

Re: So much for Debian 8, then...

Freebsd. He already said that. He's leaving Linux entirely. If you're going to be smarmy at least bother to read first

Re:So much for Debian 8, then...

[Eunuchswear]

One distribution that has not gone systemd only is, of course, Debian.

Re:So much for Debian 8, then...

[tomknight]

I'm instead amazed by Google's arrogance in stating that RHEL 6 is "too old" for Google Chrome. It's been that way since at least last summer, so my RHEL teaching cluster and workstations just don't have chrome installed.

Actually, that's not quite true - one user manged to get Chrome working, but it regularly consumes all system resources and crashes the PC. Result.

All in all, I'm happy to do without Chrome on RHEL 6. Will I try to get it working when I roll out RHEL 7 this summer? Possibly, but moves like this make me wonder if Google's a company whose products I want to install at all. Firefox ESR may have its faults, but it basically works, and I can trust it'll stay working.

Re:So much for Debian 8, then...

Hmm... Ben is the upstream linux LTS 3.10 maintainer. You can bet he knows exactly what the change is about. I did just from the name showing up in a certain linux magazine a few months ago, and I only take care of a messy driver utterly unrelated to seccomp.

This thing was not accepted (or even proposed) to the upstream stable/long-term-service kernels. Why would it be acceptable for a frozen distro long-term-service kernel during release deep freeze?

Although I do wonder about the way Ben was snippy, he isn't usually like that, so it would pay to check for previous [bad] history between whomever asked for it and Ben.

Re:So much for Debian 8, then...

[tlambert]

The OS people are quite often right. Not this time, though.

We (OS people) are always right. Always. And if you don't like it, "patches welcome" or lump it.

Re:So much for Debian 8, then...

[cant_get_a_good_nick]

Reread the message. Google Chromium is called spyware. They don't want to add TSYNC to support this software bundle they consider spyware.

Re:So much for Debian 8, then...

[JackieBrown]

He meant that Chrome was spyware not tsync

Re:So much for Debian 8, then...

[JackieBrown]

This is a pretty good point. Now so many applications are being designed as server apps to make them more portable and universal and are on systems that typically would have a gui.

Some examples include sickbeard and sabnzb

Re:So much for Debian 8, then...

[Gr8Apes]

The point is whether Google should even have this information. Some of us say no as the potential for abuse is large no matter what today's policy is . (you get my point, I hope, that the policy is merely words on paper with no binding value since there's a clause that says said policy may be updated unilaterally by Google with your only recourse being to not use the service(s) in question?)

Re:So much for Debian 8, then...

[Shirley+Marquez]

Not entirely true. Ubuntu releases a new hardware support package for the most recent LTS release at about the same time as they release a new version of the distro; that's a backport of the kernel used by the new version. In the case of 12.04 they basically FORCED people to install the new kernel after the release of 14.04; they are no longer doing security updates for the old one. There are also sometimes X server updates for LTS systems that have a GUI installed; there is one for 12.04 that uses the X server from 14.04 and is similarly mandatory.

So... you will be able to have new versions of Chrome and Chromium on 14.04... IF you install the hardware update. You won't be able to have them on 12.04 because the 14.04 hardware support is the last version that release will get. Nor can you have them on 10.04, which is near end of life and scheduled to go out of support next month.

Re:So much for Debian 8, then...

[lpevey]

GP answered that question: FreeBSD

Re:So much for Debian 8, then...

[HiThere]

OK. But you can't demonstrate whether that is true or not, or at least I can't. It *is* a binary blob.

Re:So much for Debian 8, then...

[HiThere]

Thank you.

Unfortunately I need something that will support ext3 for the transition cycle. (Or more accurately not being willing to disrupt my workflow while learning a new system means I need ext3 support.)

Re:So much for Debian 8, then...

[hitmark]

Reads to me like the browser will check if the flag is present, and if not keep on going anyways (perhaps with a nag to the user that things are less secure than they could be).

Re: So much for Debian 8, then...

[darkarena9789]

The Debian guys have always been anti-business. They don't like anything that's not open source. It's one of the reasons I abandoned Debian for Ububtu. Ububtu has made a lot of unpopular (wrong?) choices, but they understand the need for non-oss. In the end, an OS needs to support your work. There is no browser for Linux that is better for supporting web and heavy js. This is another case of Debian Philosophy interfering with its usefulness.

Re:So much for Debian 8, then...

[mysidia]

RHEL teaching cluster and workstations just don't have chrome installed.

RHEL6 is 'too old' for a great many new things.... try Firefox or an older edition of Chrome I consider RHEL great for servers, but it's a horrible platform to base a Desktop build on, IMO.

Even if it's more bleeding edge--- I would stick with Fedora, or an Ubuntu or ElementaryOS based build. In the past I also used SuSE, for this.

Re:So much for Debian 8, then...

[rubycodez]

LinuxMint is taking a "wait and see" approach to SystemD for the next couple years. The BSD sure aren't jumping on that ship.

RedHat is losing their "leadership" position, they do too many weird proprietary things and try to lock people into a weird "redhat way". Companies are ditching it last like week's garbage.

Industries "standards" are sometimes found to be stupid and they flop.

It's not even all of T'SYNC

It's really just the JUST IN TIMEBERLAKE function.

Re:It's not even all of T'SYNC

I thought T'Sync was Spock's aunt.

Re:It's not even all of T'SYNC

[Jane+Q.+Public]

I thought T'Sync was Spock's aunt.

No, that's Spock's aunt's other nephew, the only Vulcan HipHop artist.

So much for LTS releases

[pedantic+bore]

This is unfortunate. I was hoping to not upgrade my Ubuntu 12.04 systems for another year or two, until the systemd dust settles, and I know other people in the same boat.

Re:So much for LTS releases

You can upgrade your Kernel to 3.19 without issue.

Re:So much for LTS releases

you can upgrade to the 14.04 just fine. Ubuntu is not forcing systemd on existing installs. Just new installs at the moment

Re:So much for LTS releases

[allo]

you can use the debian LTS version of chromium. Where is the problem?

Re:So much for LTS releases

[kthreadd]

Every package is not supported in the LTS distribution. Chromium for example is not supported.

Re:So much for LTS releases

Why would anyone run Chromium? It has all the crappy UX of Chrome without the spyware or the ability to stream Netflix.

Re:So much for LTS releases

Secomp tsync has been backported to kernel 3.13+ (Trusty's kernel) which, if you have installed HWE on your 12.04 system, you are already running a kernel that has this feature.

Re:So much for LTS releases

[pedantic+bore]

I tested HWE on a few test systems before rolling it out across the rest of my systems. Long story short, several of the test systems had intermittent networking problems after the upgrade, which caused the systems to hang until power-cycled.

In my environment, stability is more important than having the latest gee-whiz features, and due to slashed budgets, supporting new hardware is a problem I don't have, so it's not worth the trouble to try to use the Trusty kernel right now.

Re:So much for LTS releases

[rb12345]

In fact, Chromium was dropped from Wheezy recently since the version it was based on lost upstream support and security updates. The advice then was to run Jessie instead. Presumably that advice is now "don't run Chromium derivatives on Debian", unless testing has a supported kernel version.

Re:So much for LTS releases

[allo]

Chromium is the opensource chrome, that's it. It does not have spyware and not the nasty habit of chrome to mess with your package manager to update by itself (i mean, really WTF?)

Re:So much for LTS releases

Responders to Issue 401655 were saying that upgrading to kernel 3.13 was enough to fix the issue, so I don't know how they're figuring that 3.17 is required.

Re:So much for LTS releases

[ThePhilips]

Check the Ubuntu kernel updates again.

There were two kernel updates for 14.04 in a row recently so I checked things out. The only difference in the second update was that some network-related patch was removed since it was causing problems. There is a chance that your problem was fixed.

Re:So much for LTS releases

Don't use Chrome :-) I don't know any compeling reason to use Chrome over Firefox (expect hype). The only one would be watching Netflix, but EME is going to be supported in FF 37 (for the better or the worse, DRM suck).

Re:So much for LTS releases

THIS PATCH IS BACKPORTED FOR 12.04 !

As long as you run newer kernel from latest enablement stacks, you're fine! Aren't LTS releases fantastic? :) It's backported to all Ubuntu kernels of 3.13 and newer!

Doesn't smell right

[Enry]

This doesn't pass the sniff test. This 'bug' has apparently been around for months (October/November) and it's just now that people are noticing? And the fix is patching the kernel rather than regressing whatever change was in Chrome that added this?

Re:Doesn't smell right

[gl4ss]

well with chrome you would be shit out of luck to change it if google will not.

with chromium though there should be a patch... or maybe not. googles answer to their own projects has been to backport the patch.

Re:Doesn't smell right

It's not a bug. Google's Chromium team decided the Linux kernel seccomp API wasn't meeting their needs, so they added the TSYNC feature (which makes applying seccomp sandboxing to child threads easier to do securely) to the kernel so they could use it in their code. They just aren't caring about the fact that not a lot of users have good reasons to be running older kernels. And it's complicated by the fact that they didn't get the kernel feature in before Debian jessie's feature freeze. Once again because they don't seem to care about other people's software lifecycles.

Re:Doesn't smell right

While I would agree that a lot of server type machines and processing type machines need to run older kernels, those machines also don't need to run a web browser. The machines people sit at and type into slashdot don't really have good reasons to stay on older kernels except for some people's cussedness and orneryness.

Re:Doesn't smell right

[allo]

OTOH they have NO REASON AT ALL to upgrade. Upgrades can get you into trouble, on kernel updates this means trouble with drivers (ups, i upgraded, now wlan is not working anymore), while staying with a matured kernel which only gets security patches is a good choice.

Re:Doesn't smell right

[Runaway1956]

No, you're not SOL - there is a thriving community of Chrome hackers who change anything and everything they don't like about Chrome.

http://www.srware.net/en/softw...

Re:Doesn't smell right

People are only noticing now because Google recently announced that future versions of Chromium (and thus Chrome) will only work with kernels that have this flag. It's a silly controversy because a Debian kernel maintainer just categorically rejected adding the patch not on any technical merit, but simply because he doesn't like Google. And as far as rejecting the patch because the freeze, well, that doesn't really fly since this patch was offered back in October of last year. In fact, Ubuntu already backported the patch for 12.04 lts kernel (3.13) and higher. So its not as if Debian couldn't have added the patch before the freeze. Apparently, this patch is simply being rejected because of a pathetic personal animosity towards the developer of patch, or the company he works for (Google).

Re:Doesn't smell right

So, these people "secure" chrome by removing sandboxing features. Sounds like a winner to me.

Re:Doesn't smell right

[Microlith]

Chromium, not Chrome. There's a distinct difference between the two.

Re:Doesn't smell right

The patch was committed in July, and Jessie's freeze started on the Nov. 5th.

Re:Doesn't smell right

OTOH they have PLENTY of reason to upgrade. Heartbleed, freak, shellshock, etc. Tons of bugs found in Linux/Windows/Apple/Android on a day-to-day basis.

You seriously believe that they have no reason to upgrade? Even "matured" kernels have been affected by these issues.

Re:Doesn't smell right

[sjames]

It's a bug in all but name. The correct behavior for a new feature that isn't universally available yet is to use it if it is there and fall back if it is not.

This is just Google throwing it's weight around. It's a dick move.

Re:Doesn't smell right

[sjames]

So you're convinced Aunt Tillie should roll her own kernel?

Re:Doesn't smell right

[Runaway1956]

http://www.srware.net/en/softw...

https://code.google.com/p/chro...

For most intents and purposes, there is little real difference. SRWare clearly states here, http://www.srware.net/en/softw... that they hack Chromium - but on other pages, they compare Iron to Chrome.

If you're working from the same source code, the only real differences are those features that you might enable/disable when compiling. Am I right? If so - then it might be argued that Chrome is the more intrusive, more invasive version of Google's spyware. Chromium would be less intrusive spyware. And, Iron is an attempt to turn off all the spyware.

Re:Doesn't smell right

And how is this a worry? I've been running beta kernels since 1994. (Ok, not beta, but the bleeding edge). Things occasionally go sideways, but its pretty rare. It takes about 35 minutes to git-sync and build a new kernel (Core-i7). When I was running a 1.8GHz Pentium it took longer. When I was running an 800 MHz Celeron, it took a lot longer. When I was running a 66 MHz '486 it took a *lot* longer. If you need to run an old kernel, then use Firefox. If you can build a new kernel, use Chrome. Its not like there is only one choice anywhere here. Its FREE software. There are dozens of choices whichever way you go.

Re:Doesn't smell right

This is just Google throwing it's weight around. It's a dick move.

Becoming rather the norm lately. Microsoft seems to have finally embraced some responsibility and Google is on the road to becoming what MS once was. Bizarre and a bit sad.

Re:Doesn't smell right

It's a poettering move.

Re:Doesn't smell right

[allo]

you're talking about updates, not upgrades. Debian updates your kernel, chromium, ... and ensures there are no known security bugs. Google upgrades your chromium, fixing bugs and introducing new ones. You see the difference.

Re:Doesn't smell right

[HiThere]

More particularly he said that *he* wasn't going to add that patch and called it Google spyware. This is the comment of a single maintainer, and it's hard to tell whether it's well justified or not, because Chrome is a binary blob. He could be dead on right.

Re:Doesn't smell right

[laffer1]

You're kidding right? This is like dropping support for anything before Windows 8.1 + some hotfix. A web browser should not require a bleeding edge kernel. It's insane.

Re:Doesn't smell right

It's a poettering move.

+1

Re:Doesn't smell right

[AmiMoJo]

It sounds like this is a security update.

Re:Doesn't smell right

Way to promote a scam. Iron is closed source bullshit.

Re:Doesn't smell right

[rdnetto]

This doesn't pass the sniff test. This 'bug' has apparently been around for months (October/November) and it's just now that people are noticing? And the fix is patching the kernel rather than regressing whatever change was in Chrome that added this?

The change is an improvement to sandboxing (i.e. security). If the kernel patch was sufficiently minor (this appears to be the case), it makes far more sense to backport it (improving the security under older kernels) than to remove it (compromising security under newer kernels). This is especially true given Debian's focus on security.

Most of the comments in the thread seem to be from people who don't care, but are happy to use it as an opportunity to bash Chrome/Chromium. I suspect if someone had actually done the work of writing a patch, it would have been merged without much drama.

Re:Doesn't smell right

[LordLimecat]

Wonder if this AC will be back to correct his completely incorrect speculation.

One even wonders if all the hysteria here will serve as a live lesson in "reigning it in".

Re:Doesn't smell right

[Wolfrider]

--Aunt Tillie could probably roll her own kernel if you gave her a webpage with good instructions that would compile it for her and then prompt where to save the download ;-)

--Of course there's no guarantee of no-malware-included at that point, but ease-of-use matters quite a bit for some people.

Inflammatory comments on the mailing list?

Inflammatory comments on the mailing list? Time for detective Slashdot to get on the case.

What's TSYNC ?

[itzly]

Would have been nice if TFS had included an explanation of what the TSYNC feature is.

Re:What's TSYNC ?

[Eunuchswear]

It's not the "TSYNC feature", it's SECCOMP_FILTER_FLAG_TSYNC

http://lkml.iu.edu/hypermail/linux/kernel/1406.1/01964.html

(Buggered if I know what it's for, however).

Re:What's TSYNC ?

[vadim_t]

Digging around a bit this is what I gathered:

TSYNC is some flag added to seccomp to aid in something relating to thread synchronization: http://patchwork.linux-mips.or...

And seccomp is a security mechanism of the Linux kernel used to implement the sandbox in Google Chrome, which it uses for instance to run the Flash plugin in such a way that it doesn't compromise the system if one of its many security weaknesses: http://lwn.net/Articles/347547...

None of this seems to have any relation to spyware, in fact it would seem to have the exact contrary purpose: protecting the system from potentially malicious code and security exploits.

Unless I'm missing something obvious, it sounds like Ben Hutchins (the Debian mailing list guy who made the comment on spyware) just dislikes Chrome for whatever reason unrelated to TSYNC and decided that it would be a fine way to ensure new versions of Chrome don't run.

Re:What's TSYNC ?

[Eunuchswear]

Well, Ben did point out the little problem of Jessie being frozen, you need a bloody good reason to unfreeze at this juncture, and is Chromium important enough?

Re:What's TSYNC ?

Disregarding the sandbox, Chrome pretty much is spyware. Having it spell check what you type in sends it to Google to get back the results. That's just one example. I don't see how this can be acceptable to anybody, but eh. People are weird.

Re:What's TSYNC ?

It's part of the "sandboxing" mechanism in Linux which allows processes to limit their interactions with the kernel to a subset of API calls by installing filter programs. The purpose of this limitation is known as the concept of least privilege: A process should not have more power to do anything than it needs to do its job. If it has more power, then an attacker can use that power in case he achieves control over that process. That's why you don't run your web server as the root user, for example. Server processes often start as high-privilege processes (for example to be able to attach to network ports lower than 1024), and then shed their privileges by switching to a limited user. Seccomp is a more fine-grained way of limiting the powers of processes. If a process tries to use a kernel API that it has previously denied itself access to, the kernel kills the process. For example, a process which in its normal operation never needs to access the file system can install a filter program which denies it all access to the file system API of the kernel. If an attacker injects code into the process to access the file system, the API call will then get the process killed instead of accessing the file system. The TSYNC feature enables a process to refine (limit more) whatever limited access a group of threads previously had (TSYNC stands for thread synchronization).

Re:What's TSYNC ?

[BitZtream]

He dislikes Chrome BECAUSE it IS SPYWARE in the strictest sense of the word. It does everything it can to relay your habits back to Google's servers. Some of that you can turn off, some of it you can't, but that doesn't change the fact that it is spyware.

I'm off the opinion Google can fork-off simply because they were able to survive without TSYNC and make it 'safe' but suddenly they can't and they refuse to deal with older kernels. Fork Google, this ridiculous bullshit of constantly having to update just because they can't be bothered to do real software development life cycles for user software. Fork'em right in the ear.

I don't use firefox because they want to update 10 times a month, I don't use Chrome now for the same sort of reasons. Chrome managed to make it not noticeable longer than firefox since the Chrome UI doesn't change daily like Firefox but none the less, too many problems have resulted due to Chrome constant releases that its no longer supported in my organization.

Re:What's TSYNC ?

[vadim_t]

Right, so here is seems how things are:

1. Google seems to have little regard for long term backwards compatibility, at least on the timeframes Debian wants it. Kernel 3.17 came out in October 2014. Fedora has a new enough kernel, but also doesn't have Chromium officially apparently because Google likes to clone various libraries and do API changes, rather than trying to work with the original developers, distributions, etc. So it seems Google mostly does its own thing and lets other people to deal with it.

2. So Google is now releasing browsers that require kernel 3.17 to work properly. Users want to run it on their systems.

3. But Jessie is frozen and so changes only happen for good reasons. The question is then whether to backport the TSYNC feature. On one hand, it's a new feature and it doesn't go in frozen releases, on the other hand it stops new versions of Chrome from running, which is a security concern. Ubuntu seems to have went with the later logic.

4. Ben's reaction is "1. I don't like Chrome, so no", and "2. Distro is in freeze, there needs to be a formal proposal explaining exactly what patch to merge, and a sympathetic maintainer, which I am not".

So really what's going on is a conflict between organizations. Google wants to move faster than Debian does, and Debian (or at least Ben) doesn't want to give Google special concessions.

Re:What's TSYNC ?

[Cley+Faye]

The actual replies are worse than the slashdot summary; when someone asked for TSYNC support, the answer was "sounds like another good reason not to use Google Spyware". The followup are in the same vein about Flash.
Now one can have his opinion and think that Chrome/Flash are evil incarnates and must be wiped out from our universe, that doesn't change the fact that Flash still exist, is still in use by an awful lot of websites, and Chrome is the only way to get this content under Linux. Telling people "nah, not gonna have it, kthxbai" is probably more hurting than anything.

Re:What's TSYNC ?

[Cley+Faye]

they were able to survive without TSYNC and make it 'safe' but suddenly they can't

Geez, improving their software's security by taking advantage of better kernel support, Google really are deadbeat stupid. Better drop the sandboxing idea, have everything in the same process, preferably run as root. We'll be all safe with this old, not up-to-date version of openssl with brand new SSL3.0 support.

Re:What's TSYNC ?

What's it like browsing these days with lynx?

Re:What's TSYNC ?

[olsmeister]

Thank you.

Re:What's TSYNC ?

[Ben+Hutchings]

I do dislike Chrome and I'm not going to pretend otherwise. Aside from its being spyware (in its default configuration), the Chrome/Chromium developers have previously added requirements that make Chromium unsupportable in Debian 7. We could add this kernel feature now, but I strongly doubt that will be sufficient to keep Chrome/Chromium running on Debian 8 until its EOL.

Please note that I am not NAKing the change, but I'm also not going to be the one to make it happen.

Re:What's TSYNC ?

if google got special considerations it may be considered monopolistic

Re:What's TSYNC ?

Care to elaborate what this mysterious spyware exactly is, instead of being usual fucking moron lunatic gnussolini tinfoilhat-idiot?

And by exactly, i mean exactly point out what it does out of users knowledge, where this code resides.

Fucking idiot gnussolinis..

Re:What's TSYNC ?

...and that makes Chrome not spyware?

Re:What's TSYNC ?

[Runaway1956]

I also thank you, Sir AC.

Re:What's TSYNC ?

No, spell checking is done locally. What other examples do you have? Even the search suggestions can be turned off.

Re:What's TSYNC ?

Actually quite ok. It even has TLS support nowadays. But I usually use elinks when I need CSS support, and w3m when I need to show images but that only works in XTerm.

Re:What's TSYNC ?

[c0d3g33k]

Thanks. If I understand your summary correctly, this sounds like a good security feature, apart from the "killing the process" bit. This seems like a handy mechanism for DOS attacks. Why not just refuse to do the unwanted thing and ignore it, while perhaps logging the attempt?

Re:What's TSYNC ?

That is not what monopolistic means.

Re:What's TSYNC ?

Google wants to move faster than Debian does, and Debian (or at least Ben) doesn't want to give Google special concessions.

Because his name is not Ben Dover?

Re:What's TSYNC ?

Probably not, but he didn't lead off with that argument against granting a freeze exception. Instead, he called the kernel feature Google "spyware", presumably because it was coded by Kees Cook, formerly a Canonical employee who now works for Google. Hutchins didn't give a technical reason for rejecting the patch, which seems to suggest that there's something political, or even personal, about his motives.

Re:What's TSYNC ?

The TSYNC patch does not have anything to do with Chrome being spyware or not. It's just a general security improvement.

Re:What's TSYNC ?

If the process does something that it promised not to do, it can't be trusted anymore and must not be allowed to continue. The first attempt to use an unauthorized API seals its fate. The server or application can just spawn a new process.

Re:What's TSYNC ?

Thank you. The person writing this article is a not a journalist, and is an example of why technonerds shouldn't be taught to read and write in the first place.

Re:What's TSYNC ?

Patronizing aside, why shouldn't it be backwards compatible, and why would Debian go out of their way to support Google spyware?

I'm ready to install a decent ad-blocker, because I searched for a camera with DuckDuckgo and now every google advert is that exact same camera model from the exact same store, which obviously is using a Google tracker. I have 'no track' set, which Google ignores.

I want rid of this spyware company from my life.

Watch a youtube on Holland, get bombarded with ads for trips to holland. F-you, I can see you're recording which websites I visit and which Google assets I see, and I hate it now when I click a link and its a disguised youtube link, because I want rid of Google.

Re:What's TSYNC ?

[arth1]

This still doesn't explain why a userland program would require it? Is Chrome trying to foist the sandbox over on the kernel and relying on the kernel killing Chrome if the user installs an extension that isn't kosher?
If so, it would seem like a good way to get users to stop using Chrome, because there would be no indication that's understandable by a mere user of why the app suddenly quit. Or am I guessing wrong here?

Re:What's TSYNC ?

[sumdumass]

I for one hate trying to track oddities and buggy software down which is especially harder when there are no logs or evidence of the mibehavior.

Re:What's TSYNC ?

[Jay+Maynard]

Do you honestly think your vocal opposition would not stand in the way of another developer deciding to get it in?

Re:What's TSYNC ?

Well, if you don't want the kernel to kill your process immediately, you have that option too. Read the fine manual. Personally I consider it a zombie apocalypse "promise to shoot me if I turn" kind of pact though. Would you really want a process to continue if the most plausible explanation for a syscall that it wasn't supposed to make is that it's executing injected code? The parent process should obviously make a note of its child's demise and the cause.

Re:What's TSYNC ?

He was calling Google Chrome spyware, not TSYNC. I, and many others, happen to agree with him. Not everybody is a blithering Google fanboi like you.

The reason for rejecting the patch is because Jessie's frozen.

Re:What's TSYNC ?

Chrome uses sandboxing to execute network-facing code with limited privileges, to reduce the impact of remote code execution exploits in the case of bugs. The kernel doesn't kill all of Chrome, just the separate process which was, for example, executing a plugin. Chrome logs when that happens and "seamlessly" restarts the process. You understand that allowing the rogue process to continue, as it would without the sandbox, means that you've been exploited successfully at that point, don't you?

Re:What's TSYNC ?

[Gr8Apes]

It's simple enough to just abandon flash. Apple did, it didn't seem to stop the world nor harm their market share. There are some sites still tied to or using flash (youtube anyone?) so perhaps Google should set about cleaning house first.

#2 is that no one in their right mind should use Chrome, at least not without blackholing every google address. My order of browsers is Safari, Firefox, Opera, IE in a dedicated windows VM, and then, only then, Chrome. I think I'm 20 revs behind in Chrome because it hasn't been run in a year, nor has IE actually... What a blissful year.

Re:What's TSYNC ?

Google is a spying company. In the absence of evidence, does it make more sense to assume that software that they release supports their spying or doesn't?

Who cares if we can't convince rabid Google fans like you of anything with exact details. You're too busy loving the Google to listen anyway. Keep your creepy Google fetish to yourself, though.

Re:What's TSYNC ?

[arth1]

You understand that allowing the rogue process to continue, as it would without the sandbox, means that you've been exploited successfully at that point, don't you?

No, that does not follow. Apps do things they shouldn't do without malice too. It may not be desirable, but it does not imply that there is any attacker who have exploited your system.

Re:What's TSYNC ?

[znrt]

it stops new versions of Chrome from running, which is a security concern.

if old versions of chrome become a security concern it's google's responsibility to either provide a fixes or at least effectively warn users, period. has nothing to do with any aspect of any os chrome happens to run on.

So really what's going on is a conflict between organizations. Google wants to move faster than Debian does, and Debian (or at least Ben) doesn't want to give Google special concessions.

it's much like you say but i see no conflict, really. google can have its way, and debian (ben) is just being consistent with being debian. users can have their pick so no problem. responsibility is still clearly outlined and any rogue chrome versions causing havoc will be chrome's fault, regardless of kernel. so google should at least inform the user that they dropped support for platform x so he could pick a different browser. they have done so in the past.

i made this reflection because of you mentioning "security concerns", but i don't know of any in this context. i understand now that tsync allows for cleaner implementation of sandboxing, but if you deliver a sandboxed browser for a platform you better make sure it's indeed properly sandboxed with the api available for that platform at that moment. IF chrome had known security issues with that then debian, being debian, should of course hold it back.

Re:What's TSYNC ?

Moi? A Google fanboi? HA! And rejecting a kernel patch because it was submitted by a Google employee, or simply because Google's software will take advantage of it is beyond asinine. What happens if Mozilla adds support for the feature? Is ol' Benny boy gonna penalize Debian users for not being able to make their systems a little more secure just because he's an asshole about Google stuff?

Oh BTW idiot, the patch was introduced in July of last year. Jessie's freeze started on Nov. 5th. Plenty of time to get it in under the freeze deadline.

Re:What's TSYNC ?

[epine]

Would have been nice if TFS had included an explanation of what the TSYNC feature is.

This would be inconsistent with masses of people clicking into the discussion thread going "WTF?" and then sticking around to post a comment.

I'd quit Slashdot in a heartbeat (abandoning what limited loyalty remains) if I were willing to wade through the alternatives in search of an alternative forum in which the paragraph as a unit of discourse has not yet been un-invented.

Back in grade nine, back in the 1970s, in a school where the majority of students ended up in vocational college, I already held a low opinion of people who charged ahead with the lingo-of-the-day without providing the least context. Slashdot in its current incarnation routinely falls below the personal standards I used to judge my 14-year-old classmates back when Star Wars was the hottest property in known history (I was quietly polite about it, but none of those people became my friends). Every freaking time a Slashdot story does this (i.e. pretty much daily), I have a grade-nine flashback to the least nerd-compatible environment I've ever been forced to endure.

Edge has a pretty good piece today: Yuval Noah Harari in conversation with Daniel Kahneman.

I don't have a solution, and the biggest question maybe in economics and politics of the coming decades will be what to do with all these useless people.

He merely means by "useless" the portion of the population who have no skills at anything that can't be better done by a (recently or soon-to-be-invented) machine.

There's no fixed algorithm for ensuring that one remains a viable member of the "useful" population, but I'm going to continue with my grade-nine policy of gravitating toward those who 1) employ paragraphs when engaged in written communication; and 2) provide adequate background before lapsing into the lingo-of-the-moment.

As I said, there's no fixed algorithm and I might well be wrong, but from where I presently sit, I'm voting as stated on this matter with my entire bag of skin.

Re:What's TSYNC ?

[the_B0fh]

No, because Ian's vocal opposition to systemd got it in anyway. So it's not like vocal opposition can stop things from happening if enough people want it.

Re:What's TSYNC ?

Patronizing aside, why shouldn't it be backwards compatible

Put in (hopefully) better words, why is a 5-month old security sandboxing feature in the kernel so important that suddenly Chrome can no longer run without it? Is there no way to determine that the feature is not present and say "well we wanted to turn it on, but since we can't, we'll just do things exactly the same way we've done them for five years already"?

Re:What's TSYNC ?

[dhasenan]

On the assumption that a developer is trying to create an application for this sandbox environment, they get a very fast indication that they did something that isn't allowed instead of potentially mysterious errors. On the assumption that you're running malicious code, it means that that code can't continue probing your system.

It does mean that portable code can't probe for what features are enabled and you instead must tell it in advance. Ideally there would be a way to query for which APIs are allowed and which aren't.

Re:What's TSYNC ?

1. If you influence other kernel dev from adding the patch, then you are effectively NAKing the change, Ben. 2. You're letting your animosity toward one software product, its developers, and the company that employes them, prevent a kernel security measure that would improve overall user security by making a common vulnerable vector a little harder to exploit. Just because chrome may be the only app that utilizes the tsync flag, doesn't mean other apps won't use it down the road. Plus, it seems this patch was committed in July, well under the freeze deadline in Nov. Why wasn't it considered then? Ubuntu added it back in October.

Re:What's TSYNC ?

It won't. But we won't bother, because of the second reason: googleware is unsupportable in the long run, they have failed to integrate the devops model with the "your users run stable systems which will be up-to-date in the security sense, but not in the latest-feature sense" model.

And messing with the seccomp ABI is anything but safe. This thing has a real chance of adding regressions, so someone would have to really do the work, make sure tsync and everything it touched is longterm-stable, identify all kernel changes required for that to happen, and propose its inclusion. Nobody is doing this work.

Ben is not the maintainer of the 3.16 LTS branch, some ubuntu people are. However, there is no chance in hell they're touching that hornet's nest unless other LTS kernel maintainers that are not in GregHK's shitlist decide that it is something older kernels should get a backport for. There are several of them, but Ben is, AFAIK, the one of them that is more canonical-friendly... and he doesn't see that TSYNC thing as stable-kernel material, so really, it is extremely unlikely it will land on the upstream long-time service kernels anytime soon.

That means you need 3.17 or later, or one of the *distro* kernels (the ubuntu kernel, for example) to get tsync. This is going to be really annoying. And it gives us a pretty clear message that it would be a waste of time to deal with tsync now so that google chrome would run for a few more months on a distro that is going to stay around for the next two years.

In the end, the reason some other debian developer that has kernel experience like yours thruly is not going to bother with tsync, is that it would be wasted effort in the not-so-long run. It makes far more sense to work on maintaining a kernel backport, which will bring other features, and not just seccomp tsync. We always do this, so you can be assured there will be a kernel backport with at least the next GregHK LTS kernel (likely v4.2) eventually, and that will have seccomp tsync enabled (there is no reason to not enable it if the kernel supports it).

Re:What's TSYNC ?

[greg1104]

That's not how Chrome works. The only answer to all Chrome issues is "get the latest Chrome version where that's fixed". The concept of fixing a problem in an older version just doesn't exist in that mindset. It's rather fundamentally at odds with how Debian manages releases due to that, which is why I'm not surprised at their lack of fucks here.

Re:What's TSYNC ?

So use the feature if it's there, don't use it if it isn't. It's the sensible thing to do. Lots and LOTS of other software does it at every end of the spectrum.

Google does some great things forging ahead in software development, but they're also playground bullies. They're big enough to steamroll over everyone else's requirements, and they're happy to do it. They have almost no consideration for compatibility even where their own products are concerned (see: any Android device more than 2 years old).

Re:What's TSYNC ?

You got that explanation because this particular technonerd has been taught to read and write. If that's how you show gratitude, keep it to yourself.

Re:What's TSYNC ?

[Kjella]

In other words business as usual, same attitude I got when my "Wintendo" box had trouble accessing a Linux share. Quite many people in the open source community will act like you just insulted your mother if you ask for any help that in any way involves proprietary software. The Church of Stallman wants to maintain the purity of their faith.

Re:What's TSYNC ?

Ben is not the maintainer of the 3.16 LTS branch, some ubuntu people are. However, there is no chance in hell they're touching that hornet's nest unless other LTS kernel maintainers that are not in GregHK's shitlist decide that it is something older kernels should get a backport for. There are several of them, but Ben is, AFAIK, the one of them that is more canonical-friendly... and he doesn't see that TSYNC thing as stable-kernel material, so really, it is extremely unlikely it will land on the upstream long-time service kernels anytime soon.

It's already in the main 3.17 and later, and Ubuntu has already backported it to its most recent LTS versions, 12.04 and 14.04. They did this back in October. There's no reason this couldn't have been added to Jessie before the Nov. 5th freeze.

Re:What's TSYNC ?

[Ben+Hutchings]

Linux 3.19 is already packaged in experimental and I expect to end up maintaining a linux package in jessie-backports, so that will be another option for people who really want to use Chrome/Chromium.

Re:What's TSYNC ?

You should not write Chrome and Chromium together like that. It has the unfortunate effect that people think that they are the same, so they use Chrome because it's convenient and think that they are using free software but actually they are using non-free software. Using just Chromium is ok since it is free software.

Re:What's TSYNC ?

[pthisis]

Flash still exist, is still in use by an awful lot of websites, and Chrome is the only way to get this content under Linux.

Quite the opposite in my experience--running Flash is pretty much the only reason I launch Firefox these days.

Most Flash sites are so terrible at detecting Chrome's built-in Flash on Linux that they refuse to run at all--I get the "Hey, this site requires Flash! Download it now!" message all the time in Chrome even though it already has the latest Flash support.

Thankfully HTML5 is making this much less of an issue.

Re:What's TSYNC ?

That's right. journalists are too busy 'making a difference' to give a shit about the truth.

Re:What's TSYNC ?

Chrome MAY be Google spyware, but Chromium is not.

Re:What's TSYNC ?

Google's forking of libraries is likely the same reason as this -- they wan't to move faster than the libraries release cycle.

I expect any worthwhile changes will eventually make it back into the mainline versions of the libraries. Chrome(ium) makes a good testbed as to whether or not the changes are worthwhile.

Re:What's TSYNC ?

[Martin+Blank]

The Chrome dev team has been trying to eliminate cruft from the code base for a while now, as is visible if you spend some time in the bug tracker. This may be a case where they got overzealous in trying to not have legacy code remain when they implemented a new feature. But given the number of distros running 3.17 or later, it should have been obvious that backports would be required for many (most?) distros, and that backporting is often seen as more work that distro devs would rather avoid so they can concentrate on standard code-bases.

I see both sides of this: Google wants the most secure environment possible, and Debian has a development freeze for good reason. It's easy to overlook a flag like TSYNC if it's not being mandated by something major when the review is done, which may be the case here. But Debian may have to fold on this because they're not a big enough slice of the user pie to force Google to back down.

Re:What's TSYNC ?

[Martin+Blank]

YouTube hasn't been tied to flash for a couple of months, with HTML5 the default video play mechanism since late January. Not all browsers will pick that up, apparently, since I've recently had Flash crash in Firefox during a YouTube playback.

There are plenty of sites still tied to Flash, and that includes internal corporate sites. Those will be even harder to dig out, and Chrome is about the only means of Linux users to access Flash these days (at least in a vaguely secure fashion, since Flash for Linux hasn't been supported by Adobe in some time).

Re:What's TSYNC ?

Yes, breaking compatibility for systems without TSYNC, despite it not really being necessary to be secure all this time, is stupid. You're effectively denying for your software to run on older systems for no truly valid reason. If Chrome without TSYNC on Linux was compromised, then this might be a good point. Speculatively limiting your software just because you don't want to support older versions is their choice, but hardly a sympathetic one.

Re:What's TSYNC ?

[eWarz]

Ben, you've really made me dislike Debian, and Debian was my one of my first distros. You may claim that Chrome is Spyware, but you have absolutely no proof to back up your claims (that the Chrome browser is spyware...hint, it's a trap, don't fall for it.) I personally use Chrome every day, and you know what I don't use every day? Debian, Do you know why? People like you. I've been using Linux for 20 years and it's people like you that get in the way of progress. I want to deal with a project that puts personal opinions aside and focuses on the greater good. Debian is not that project.

Re:What's TSYNC ?

You should probably have asked the Samba people, instead of the GNU people. After all, the Samba people are the ones responsible for the code for Windows shares on Linux.

Re:What's TSYNC ?

[dave420]

Is it spyware, though? Repeating it again and again is not enough to make it so - is there an actual study out there showing this? One which includes captured packets showing unrequested data transmission to Google for nefarious action?

Re:What's TSYNC ?

Hmm? Everybody likes Kees Cook. Nope, that's not it.

We just had to kick chromium/chrome from Debian stable because it wouldn't compile anymore, and require a new gcc. What makes yout think any effort at all to mess with the *kernel* of the next Debian stable which is in *deep freeze* and about to be released, is a good idea when we know for *sure* that chromium/chrome would work for no more than one year after that anyway?

Instead, kernel 3.19 (which has tsync) is in experimental (maintained by Ben himself!), and Debian always have someone maintaining the latest kernel.org LTS kernel as a full backport, which will also resolve the tsync issue when it gets released (my bet is v4.3). So, you can install 3.19 TODAY if you want, and you don't even need to be able to compile your own kernel (which in Debian takes two commands, one of them to copy the config of the old kernel).

Meh.

Re:What's TSYNC ?

Meh, flash on Linux gets updated at least as much as the one in Windows. It is just stuck at flash 11, i.e. it only gets security fixes from Adobe.

And it runs fine on current firefox, and the other alternative browsers. "Debian" non-free (which isn't Debian. Whatever) runs it in a separate plugin-container process, too, so it can be 32-bit on a 64-bit box without any issues.

Re:What's TSYNC ?

You know, if you don't know bloody anything about the subject at hand, the best approach is to STFU and GBTW.

Re:What's TSYNC ?

The default configuration sends everything you type in the URL bar to Google. You can disable that if you delve into the preferences, but I assume that's what the GP is worried about. Of course the right solution seems like it would just be to make that not the default in Debian.

Re:What's TSYNC ?

[Gr8Apes]

YouTube hasn't been tied to flash for a couple of months

Oh my... a couple of months? But, apparently they still run flash. The question is "why"? Oh, could it be that their own unsupported Android phones wouldn't be able to visit youtub?

Re:What's TSYNC ?

[Quantum+gravity]

Adobe won't update the Flash player beyond version 11.2, but continues to put out security patches. It works well enough for me.

Re:What's TSYNC ?

[Ben+Hutchings]

This is why I claim it's spyware. Sure, you can turn most of those things off, but the intent of turning them on by default is to capture that information from most users.

you know what I don't use every day? Debian, Do you know why? People like you. I've been using Linux for 20 years and it's people like you that get in the way of progress.

I'm not getting in the way of anything. The kernel is team-maintained and I've explained how this change can be made without my help.

Re:What's TSYNC ?

[shutdown+-p+now]

Apps do things they shouldn't do without malice too.

In this particular thing, it's not merely a thing it shouldn't do, it's a thing that it explicitly said it won't do earlier. If it still does it, it's either a major bug in the app, or malicious injected code.

Re:What's TSYNC ?

[Immerman]

Thank you. I looked all over for just that info with the last article, and google offered me nothing constructive.

Mailing list sounds like a bunch of Whiners....

The entire conversation was more or less...

1.) Chrome is going to require kernel bits we don't have
2.) OMG GOOGLE IS ALL SPYS AND DEVILS
3.) SO IS ADOBIE
4.) ok guys stfu. Show me where the spyware is or get back on topic.
5.) some kernel guy going on a rant about not back-porting an official patch (probably with good reason) but not being friendly about it

Re:Mailing list sounds like a bunch of Whiners....

And you sound like a good argument for post term abortion.

Re:Mailing list sounds like a bunch of Whiners....

Is getting a list of everything you download enough spyware to you?

http://en.wikipedia.org/wiki/Google_Safe_Browsing

And yes, you can have a rainbow table of all the google cache database.

Re:Mailing list sounds like a bunch of Whiners....

[BitZtream]

Chrome is by definition, spyware.

It does everything in its power to relay information about your activities back to Google, right down to what you click and when, if you allow it.

Most of these 'features' require you to opt-in, but some just happen right out of the box.

If you don't realize that the entire existence of Chrome and Chromium is to get information about you, you're an idiot with your head in the sand.

Re:Mailing list sounds like a bunch of Whiners....

[x0ra]

Settings -> Advanced -> Privacy -> uncheck the box "Enable phishing and malware protection."

Re:Mailing list sounds like a bunch of Whiners....

That's still no reason to reject a kernel patch that would improve the overall security of the system by sandboxing a commonly used exploitation attack vector. There's kernel developers on the payroll of the NSA, or who work for companies that have contracts with the NSA (Red Hat, for one) that contribute to the kernel. Should Ben Hutchins reject their patches because they're ostensibly related to a massive spying organization?

Re:Mailing list sounds like a bunch of Whiners....

[Kjella]

Chrome is by definition, spyware. (...) If you don't realize that the entire existence of Chrome and Chromium is to get information about you, you're an idiot with your head in the sand.

And? They produce a product/service you want in exchange for some information they want. I realize this comes as a shock to /.ers but most of the world don't have a problem with what Facebook and Google is doing, nor do they think it's a secret. If it's not secret, it's not spyware. If you want to claim half the Internet-browsing computers out there is running spyware by using Google you're just diluting the term until it becomes meaningless and you have the credibility of a loon.

Re:Mailing list sounds like a bunch of Whiners....

If they know so much about me, then why do I keep seeing ads that I have absolutely no interest in? I don't even own a fucking tv (never owned, never watched cable) and 3/4 of all my ads are of some new hbo programming of some stupid sounding shows. They should know that I bought some product ad not keep sending me ads to buy it (again?). How many dishwashers does one need?

Re:Mailing list sounds like a bunch of Whiners....

nor do they think it's a secret

No, it's simpler than that. They just don't think. In regard to Facebook, Mark Zuckerberg's most significant achievement is realizing the profitability of ignorance and apathy. It's why he considers Facebook users to be "dumb fucks". His words, not mine.

Re:Mailing list sounds like a bunch of Whiners....

[SeaFox]

If they know so much about me, then why do I keep seeing ads that I have absolutely no interest in? I don't even own a fucking tv (never owned, never watched cable) and 3/4 of all my ads are of some new hbo programming of some stupid sounding shows.

If you don't own a TV then you're now a potential customer for one. Duh.
All they have to do is convince you it's something you need to have -- like with ads for hot new shows you're missing because you don't have one.

Re:Mailing list sounds like a bunch of Whiners....

[dave420]

Does it, though? I've seen loads of claims of this behaviour, but usually it's just some muppet complaining about malware protection or getting confused about something.

Chrome's entire existence is to provide a good experience using Google's websites, some which people pay for (and so are not "the product", as the trite saying goes), and some which are ad supported.

You might want to slow down on the idiot-calling - you might end up being called one yourself.

Debian 8 was already a lost cause.

Debian 8 was a lost cause long before this nonsense. It will be the first "stable" version of Debian to include systemd. Systemd was forced upon Debian users thanks to some dirty politics, and has generally been unwanted by most of the Debian community. It already caused numerous problems for those running the unstable and testing versions of Debian, including systems that would no longer boot. The fact that systemd is still under very heavily development additionally means that it has no place in a stable Linux distro release, especially a Debian stable release. Many Debian users, especially those running servers, have realized that they need to discard Debian in order to maintain the stability of their systems. We've seen lots of these people move to the BSDs, in fact. All of that aside, Debian 8 is shaping up to be one of the most disappointing Debian releases ever, if not the worst, and it's all thanks to the bad decision to include systemd.

Re:Debian 8 was already a lost cause.

[gl4ss]

what the fuck? is this accurate? they're backporting systemd but ignoring patches like this? if that's the case, RIP them.

Re:Debian 8 was already a lost cause.

Fuck you. systemd is production ready (by Linux kernel standards, at least) and far superior to all other alternatives that the Debian technical committee was able to assess. If we assumed any program under "heavy development" was unfit to use in Debian then they wouldn't have a kernel. As for "systemd made my computer stop booting", that's Debian's fault, not systemd. Or perhaps yours, since Debian testing is explicitly designated for *testing*. As in "shit will break sometimes, but not as bad as unstable".

And before you complain about systemd being monolithic and restrictive of user choice, keep in mind that BSDs are even more-so monolithic. The only advantage BSD has over Linux here is that it continues to give neckbeards like you privilege over less-technical users that don't want to remember how to maintain arcane shell scripts to keep custom services running.

Re: Debian 8 was already a lost cause.

Get a clue chuckle fuck, programs "under heavy development" are so seldom part of Debian stable one might as well say never. This includes the Linux kernel, where only well tested kernels are pushed out, and are almost always a few minor versions behind everyone else just for that reason, perhaps with backporting of important security patches.

As a longtime Debian adherent, it is indisputable to say this is too much too soon.

Re:Debian 8 was already a lost cause.

[allo]

Friday was yesterday, Mr. Troll.

Re:Debian 8 was already a lost cause.

SystemD was in jessie long before the freeze. No need for backporting.

Re:Debian 8 was already a lost cause.

[rubycodez]

No systemd is not production ready. I've Debian testing systems in vm, and find systemd is buggy garbage.

Re:Debian 8 was already a lost cause.

[x0ra]

"Freeze" in Debian's term is more like an Ice Age in the real world...

Re:Debian 8 was already a lost cause.

Typical systemd troll. To disect:

- Indicate that it is "forced upon" users.
- Tell people the reason for its inclusion is political instead of technical, ignoring the multitude of technical improvements it provides.
- Bring up some old obscure bug as a reason that nobody should use it, imply that it's a widespread problem and ignore the fact that bugs exist in ALL software.
- Imply that only this software is in heavy development and that nothing else (such as the Linux kernel itself) is.
- Threaten that you'll "move to BSD". oh noes.

You forgot the key words "festooned" and "foisted" however. Better luck next time.

Re:Debian 8 was already a lost cause.

[Jay+Maynard]

Of course, you ignore the multitude of technical arguments against it, centering on its monolithic nature and its propensity to devour everything in its path.

I don't have a lot of strong feelings about systemd, but it does strike me as fundamentally failing to understand Unix.

Re:Debian 8 was already a lost cause.

[igloo-x]

I don't have a lot of strong feelings about systemd, but it does strike me as fundamentally failing to understand Unix.

Who said anything about Unix?

Re:Debian 8 was already a lost cause.

[jc42]

Friday was yesterday, Mr. Troll.

No it wasn't; it's Sunday now.

Re: Debian 8 was already a lost cause.

You and lennart poettering have linux ME EDITION. Microsoft is showing more sense and sensibility than you systemd fucking assholes. You are a god damned cancer and a bunch of lying foisting fucks. Diaf. Diaf.

If your shit is so good why remove the choice. Via, emacs and nano can coexist.

You systemd fucking prick assholes are the only open source pricks to ruthlessly politically Goebbels and bernays style attack the alternatives. Diaf. Diaf. Assfuck

Re: Debian 8 was already a lost cause.

You took *nix and broke the fuck out of it so that linux is now on its own in the corner with the worst fucking init shit ive ever seen. Fuck you pig. Fuck you.

Re:Debian 8 was already a lost cause.

[Jay+Maynard]

Linux's strength is that is is Unix.

Or are you trying to provide an existence proof of Henry Spencer's famous saying: "Those who do not understand Unix are condemned to reinvent it - poorly."?

Re:Debian 8 was already a lost cause.

Linux's strength is that is is Unix.

Or are you trying to provide an existence proof of Henry Spencer's famous saying: "Those who do not understand Unix are condemned to reinvent it - poorly."?

Eh, sorry, what made Linux fun in the first place was throwing away Unix conventions.

GNU's not Unix, etc.

Re:Debian 8 was already a lost cause.

[mattventura]

It's not being "forced" upon users. It's still entirely possible to have a Debian system without systemd. It's not Debian forcing it on users, it's Gnome depending on it. If you don't need Gnome (which you especially wouldn't on a server), then you don't need systemd.

Re:Debian 8 was already a lost cause.

Links to the bug reports?

Re:Debian 8 was already a lost cause.

[maestroX]

reporting is absorbed by systemd.
just boot up a testing system

Re: Debian 8 was already a lost cause.

I certainly hope this is true; thanks for posting it. I've been a happy albeit perpetually out-of-date Debian admin for quite a few years and all religious arguments aside, systemd seems risky. Knowing that it will only be required if I have the terrible misfortune of needing to install Gnome on a server makes me feel a lot better.

Re: Debian 8 was already a lost cause.

[mattventura]

That being said, the installer will install systemd by default, so you either need to remove it after the fact, or monkey with the installer to force it to use sysvinit instead.

Re:Debian 8 was already a lost cause.

[rdnetto]

Systemd was forced upon Debian users thanks to some dirty politics, and has generally been unwanted by most of the Debian community.

While I agree that it's questionable whether systemd is suitable for Debian stable, I would hardly describe it as resulting from "dirty politics".
The reason that systemd got adopted is very simple: it means less work for distro maintainers. Systemd .service files are much easier to maintain than initscripts, systemd comes with logind (consolekit is unmaintained, and no one is interested in picking it up), and perhaps most importantly, Red Hat is pushing it (which means that they would contribute significantly to porting programs to it. The only real alternative to it was OpenRC, which doesn't fix the consolekit issue.[1] The maintainers were the ones making the decision, so they put their interests first, as opposed to that of their users.

I agree that systemd has some architectural issues (just cause you choose a binary log format, doesn't mean you need modify the start of it on each update) and management issues (it should never have assimilated udev without continuing to support its use without the rest of systemd), but its adoption was entirely due to the opportunity cost of choosing anything else, as opposed to politics.

[1] For the record, I think that OpenRC would have been a fine alternative for Debian. While it doesn't have as much upstream development, it doesn't need to as it's a mature product.

Don't you compile your own browser?

[mi]

Rather than adding new code to your kernel, why not simply remove new code (whatever breaks without this TSYNC) from your browser? If this code was recently added, it just can't be that difficult to remove.

You are compiling it yourself, aren't you? I certainly do — that's what source code is for. What's the problem?

Re:Don't you compile your own browser?

You can't just randomly go removing code from a piece of software. You have no idea what else might rely on that portion of code and you could be introducing glaring stability or security holes. Just because you can compile a piece of software you downloaded from somewhere does NOT mean you should go in and start fscking around with the source code before you compile it.

Re:Don't you compile your own browser?

The problem is users just want free crap.
The other problem is most developers are assholes.
This is Linux. It was designed this way. You are free not to use it.
Surely systemd has a way to detect what you want to do and recompile your kernel or chrome on the fly, (but you will have to reboot - and that is a non starter for most linux asshats)

Re:Don't you compile your own browser?

Rather than adding new code to your kernel, why not simply remove new code (whatever breaks without this TSYNC) from your browser? If this code was recently added, it just can't be that difficult to remove.

Except that this might not be just a side patch but something which the core functionality of the browser depends on.

Even if it would be something that could be removed from the browser, finding the exact patch(es) and removing them properly is quite difficult. It would require hours after hours dabbling with the build system and version control, then testing the changes to see if nothing breaks, and you would wind up having to maintain your own fork of the browser from that point on.

Re: Don't you compile your own browser?

Sure you can. That's the whole point. We have all been doing this sort of thing since open source software sprung on the scene.

You want to use the app. It does not work on your box. Do some research. Hack it. Post it.

Re:Don't you compile your own browser?

Last I checked, compiling a modern browser was not something your average computer can handle. A developer workstation, sure, but I'm pretty sure my laptop with only 4GB of RAM couldn't do it. Even then it takes hours. I run Debian and Ubuntu instead of Gentoo so I don't have to compile everything and the few applications as large as a browser are primarily what I am avoiding the compile time on.

Re: Don't you compile your own browser?

[kthreadd]

So, where is the source code for Chrome? No, not Chromium. Chrome.

Re:Don't you compile your own browser?

[Runaway1956]

That's what DOCUMENTATION is for. I'm no coder, but I can compile the stuff I want, the way I want it. Any coder watching me decipher code would want to cry - it would be like watching the special Olympics from his point of view. But, I can read the documentation, and pull shit out of the wall of text, or I can stick shit in, or I can just stir the shit a little bit. Try it some time.

Re: Don't you compile your own browser?

[mi]

No, not Chromium. Chrome.

Distinction without difference. "Chromium" is Chrome compiled from source-code. Not entirely unlike "Mozilla" vs. "Netscape", I suppose...

The practical differences are few and what shortcomings there are in "Chromium" by default, can be overcome at build-time. One major deficiency of official Chrome, in my not so humble opinion, is the bundling of various software, that's supposed to already exist on any decent system. FreeBSD port of Chromium, for example, goes through quite a list of "third-party" stuff to remove — including zlib, yasm, and sqlite, for crying out loud!

Re: Don't you compile your own browser?

[kthreadd]

If there are so few differences then why don't they stop distributing the non-free version?

Re: Don't you compile your own browser?

Chrome is the way to stream Netflix on Linux. That's the only thing it's for.

Re: Don't you compile your own browser?

[mi]

If there are so few differences then why don't they stop distributing the non-free version?

Beats me. But then, I'm a FreeBSD-user and build everything from source...

How the fuck does Chrome handle other platforms?

I don't know what the fuck TSYNC is, but I'm confident that the BSDs, OS X, and Windows probably don't offer it, especially if only recent Linux kernel versions support it.

So how the flying fuck can Chrome run on these other systems that don't offer this functionality? What in shit's name is preventing those workarounds from being used on these older Linux systems?

People are correctly annoyed by this

The general issue here is that running a fairly large, popular application now requires a kernel patch that was authored by the same organization that wrote the application. Moreover, the kernel version including this patch is well newer than what's shipped by most mainstream distributions, AND the application vendor is fairly hostile to running older versions of the application software (that wouldn't require this patch).

So,

1. Vendor isn't willing to think about distribution support timelines
2. Vendor doesn't seem to care about kernel/userspace boundaries and very happily writes code on both sides to an interface they've designed themselves, for themselves.
3. Profit?

Yes, doing it this way is notably easier for Google. This is generally considered one of the selling points of a closed ecosystem: you don't have to care about little things like public interfaces and what's already in the field (and going to be there for a decade): just "move fast and break stuff" because it all works in the environment that you're testing in, and you don't much care about anything else.

Re: People are correctly annoyed by this

Kernel maintainers should pull the patches if those patches are application specific to just Chrome browsers -- this is the definition of adding bloatware to the Kernel.

Re:People are correctly annoyed by this

If per previous comment the reason for TSYNC is to implement an effective sandboxing process to better secure the application, then the underlying reason seems to have merit. If allowing folks to circumvent this sandboxing within the app is seen as "something they don't want to do" - they so be it. If they don't want to make old versions easily available, that seems to make sense here too. (Why let someone use something known to be broken/insecure.)

If you don't like the product / rationale / timelines / physical realities of implementing this (might require kernel support) then simply use something else.
Just because something is popular doesn't mean they have to support platforms where folks who hold the keys don't want to play nicely with others.
Neither party has any obligation to the other.

Move along and find something or build something that's equivalent in form and function.

Re:People are correctly annoyed by this

[ChunderDownunder]

This would be a non-issue if Google supported some kind of ESR release, as Firefox has. i.e. Firefox is now at 36 but debian stable will ship with the 31.x ESR. (One can pull the 36.0 release from experimental if game)

Re:People are correctly annoyed by this

[rsilvergun]

True, but it's not like Chromium isn't open source. If you don't like it, fork it or at least submit a patch to remove tsync support. From some comments in the thread this sounds like a performance issue. It's there to improve multi-threading. I remember the good old days of Desktop Linux when it out performed my Win9x installs on the same hardware by a significant margin. I miss those days, and I wouldn't mind someone bringing them back.

Re: People are correctly annoyed by this

So "The Google Way" is the correct way, and every other application in Linux is insecure?

Re:People are correctly annoyed by this

[Rich0]

2. Vendor doesn't seem to care about kernel/userspace boundaries and very happily writes code on both sides to an interface they've designed themselves, for themselves.

So, nothing ends up in Linux unless Linus lets it in, and it isn't like this was snuck in.

Really, Google is doing the right thing here. Instead of trying to hack inter-process security in on the userspace side, they're extending the kernel to improve things. Inter-process communications/relationships/etc is one of the things the kernel is supposed to do.

This is no more a violation of boundaries than putting modesetting in the kernel instead of running X11 as root and having it set device registers and such.

Re:People are correctly annoyed by this

[RoLi]

The sad thing is that Mozilla hides their ESR release. Once I (unsuccessfully) tried to find it on mozilla.org (Go ahead, try it!).

I only succeeded by using Google (oh, the irony!) to find an obscure download page on mozilla.org.

Mozilla treats their ESR release like some unwanted stepchild.

Re: People are correctly annoyed by this

[Rich0]

So "The Google Way" is the correct way, and every other application in Linux is insecure?

Security isn't a binary thing. Google's way is more secure, and I'm sure other applications will start using it. It only hit the kernel a few months ago, don't be surprised if every single process on Linux is using it.

Re:People are correctly annoyed by this

[Punto]

Don't forget that "feature" they added some months ago where the browser arbitrarily disables add-ons that weren't approved by the vendor, without the option for the user to white list them or explicitly enable them. They're just disabled, for your own good, stop asking questions. So now you're forced to run the "developer version" which allows this, and it aggressively updates itself to the latest version every chance it gets.

Re: People are correctly annoyed by this

[chihowa]

It only hit the kernel a few months ago, don't be surprised if every single process on Linux is using it.

Any other applications that adopt it will likely do so in a much more sane manner, though: use it if it is present and function without it if it isn't. Having a hard dependency on an optional feature that's only a few months old is kind of an insane approach. Who programs like that?

Re:People are correctly annoyed by this

But at least they have one?

Re:People are correctly annoyed by this

[chihowa]

So how did Chrome work prior to last October? Why not just take advantage of TSYNC if the kernel supports it and do without it if it doesn't? At least until distributions have had a chance to properly adopt the new kernels.

A hard dependency on a few month old feature is a little insane. No other application operates like this.

Re:People are correctly annoyed by this

[sjames]

The right thing is to gracefully introduce the new capability. TSYNC isn't at all a bad thing, that's why Linus let it go in. The correct thing in userspace is to use the feature if it is there and do it the old way if it is not. Then, later on when the new kernel feature becomes universal through natural upgrade cycles you can remove the fallback.

Re:People are correctly annoyed by this

[Eravnrekaree]

The feature added is something that is generally useful for a large number of network applications, not just Chrome. Its a sandbox feature that other programs and servers could benefit from, not just Chrome. Given the dangers of the web browser today, you basically shouldnt be running a browser without a sandbox, the security imperative is certainly justified enough for a backporting of the feature to older kernels to add the additional security.

Re: People are correctly annoyed by this

[Eravnrekaree]

They are not specific to chrome browsers. Firefox can use these too.

Re: People are correctly annoyed by this

[Eravnrekaree]

Its not bloatware. The feature is something that can be widely used by any networked program, it provides a security layer. Given the problems browsers have faced with security issues, its a badly needed extra layer of security. You are basically saying that protecting the system from an compromised process is bloatware. Thats nonsense. If anything, Firefox needs to play catch up to implement the sandbox.

Re:People are correctly annoyed by this

[Eravnrekaree]

The feature added on the kernel side is not particularly for Chrome, it can be used by other networked applications, in fact, such use would be highly advisable. Firefox needs to use this itself, and can. Its a sandbox feature for protecting the system from a compromised process. Its debian that refused to apply the patch for older kernels. The feature should be considered a security patch as the situation with browsers, not just the browser but some plugins some users use such as Flash, has become serious enough that having a sandbox nowadays is a critical extra layer of security. You basically shouldnt be running a browser without the sandbox anyway. So backport the sandbox to older kernels and be done with it.

Re:People are correctly annoyed by this

[Eravnrekaree]

Removng TSYNC support would be incredibly stupid. You have no idea what your talking about. The feature is there to sandbox the browser. Given the history of security problems in nearly all C software programs, this is of critical importance. TSYNC can also be used by all other network programs in the system as well, so this is not chrome specific. Firefox needs to use this feature badly. Just backport the feature to older kernels. This is what Debian is refusing to do because they are a bunch of stubborn fools. Debian basically wants to keep their users unnecessarily in a less secure state because they dont like Google.

Re:People are correctly annoyed by this

[hazeii]

That'll be https://www.mozilla.org/en-US/firefox/organizations/all/.

Sadly, despite being a long-term FF user, it pains me to say it's far easier is to switch to Palemoon; it's a minimal effort and the result is firefox without all the BS (Palemoon being a firefox fork/tracker that values functionality over hipster cool)

Re: People are correctly annoyed by this

[Rich0]

It only hit the kernel a few months ago, don't be surprised if every single process on Linux is using it.

Any other applications that adopt it will likely do so in a much more sane manner, though: use it if it is present and function without it if it isn't. Having a hard dependency on an optional feature that's only a few months old is kind of an insane approach. Who programs like that?

Somebody whose main linux distro target is one they publish themselves?

Re:People are correctly annoyed by this

[Rich0]

The right thing is to gracefully introduce the new capability. TSYNC isn't at all a bad thing, that's why Linus let it go in. The correct thing in userspace is to use the feature if it is there and do it the old way if it is not. Then, later on when the new kernel feature becomes universal through natural upgrade cycles you can remove the fallback.

The correct solution is the one that best solves your use case. If Google's use case for chromium isn't supporting Debian, then there is really nothing wrong with their approach. Presumably their main linux target for chromium is chromiumos, and I'm sure it works just fine there.

Re:People are correctly annoyed by this

[sjames]

Debian is hardly the only distro that doesn't yet have a new enough kernel. If their target is chromiumos, then they shouldn't represent it as suitable elsewhere.

Re:People are correctly annoyed by this

[Rich0]

Debian is hardly the only distro that doesn't yet have a new enough kernel. If their target is chromiumos, then they shouldn't represent it as suitable elsewhere.

Where do they represent it as being suitable elsewhere? I don't believe they distribute binaries of chromium, and the linux build instructions don't really list explicit dependencies.

In any case, Debian can backport the feature, or just stick with an older release of chromium and backport security fixes to it (which is basically what they do with everything else anyway, though chromium moves a lot faster than most project so I can see why they wouldn't want to do this).

Re:People are correctly annoyed by this

[sjames]

The topic is Google chrome (which is the Google branded version of chromium). I am running it now. I downloaded it from Google. Look at this page. It clearly claims suitability for Debian/Ubuntu/Fedora/openSUSE and other OSs.

If the first update will break it, they have no business offering it without a big fat warning.

Re:People are correctly annoyed by this

Not really, no. If something with a track history of being supportable in the long run (2+ years) asked for tsync, it would have a better chance of being accepted in Debian. Nothing from google is, but if it *existed*, the fact that it came from google wouldn't matter. We have at least five kernel maintainers in Debian, and any of them can add a backport. We have at least 20 kernel-savy maintainers in Debian that regularly work on upstream Linux. Ant of them could propose a tested backport, with high chances of getting it through.

Nobody is interested. We will tell you to just fetch kernel 3.19 from experimental, or wait a few months for kernel 4.0/4.1 in debian backports, and use that instead.

Re:People are correctly annoyed by this

[Rich0]

The topic is Google chrome (which is the Google branded version of chromium). I am running it now. I downloaded it from Google. Look at this page. It clearly claims suitability for Debian/Ubuntu/Fedora/openSUSE and other OSs.

If the first update will break it, they have no business offering it without a big fat warning.

I'm not sure why Debian cares about Chrome one way or the other. It isn't FOSS.

You might suggest that Google changes the webpage - presumably it was written back when it was true. Better yet, tell your friends to not install software outside of the package manager unless they know what they're doing. Since you obviously know what you're doing, I'm sure you'll figure it out. :)

The Debian community is a cesspool today.

This is pretty typical for modern Debian. The whole Debian project has found itself floating in a cesspool of shit and urine since the way systemd was forced upon the Debian users. Anyone who's any good within the Debian community fled soon after that incident. We find them using Slackware or the BSDs these days, and contributing to those projects instead of to Debian. Without these good people using and contributing to Debian, it has rapidly started to fall apart as a project. It doesn't surprise me at all that the discussion has hit a new low.

Re: Mailing list sounds like a bunch of Whiners...

You don't go and start upgrading kernels in a LTS release for a stupid web browser to be functional. If Google wants their browser to work in these LTS releases, then they should fix their bugs/dependencies.

Re:How the fuck does Chrome handle other platforms

LTS as a practice, is against Google's best interest - Google is attempting to leverage Chrome to turn all software into insecure, auto-update, phone home garbage - just like all other web applications. They don't want to use the workaround, they want you to update.

Re:How the fuck does Chrome handle other platforms

It's a detail of how sandboxing works on Linux. Other OSes have theirmown sandbox mechanisms. Microsoft cares about Windows having the necessary features because they use a sandbox in IE. The Linux sandbox mechanism that Chrome/Chromium uses appears to be an API at least partially developed by Google. TSYNC is a feature Google recently added to the sandboxing API in Linux because they intended to use it in Chrome.

Google Chrome is fast moving...

[gbcox]

This is really a non-issue. Chrome decided to use a recent feature in the kernel. This happens all the time. Most distributions that are using the older kernel have patched. If Debian doesn't want to patch, move to another distribution or switch to Firefox. Both Fedora 20 and 21 are on 3.17 - so it isn't an issue there. Debian is notorious for using old stuff, so it may be the kernel they are using requires a multitude of changes and because of their policies they don't want to move to a more recent version. You buy into that logic when you choose to use Debian - so expect this stuff to happen. This has nothing to do with RMS or Google; rather the mismatch of using a slow to update distribution with a browser that is on the fast track.

Re:Google Chrome is fast moving...

[BitZtream]

Chrome decided to use a recent feature THAT THE CHROME DEVS SUBMITTED TO THE KERNEL ... and isn't in any distribution that matters ... nor will it be for some time to come.

The issue is that unless your running a dev/unstable branch, you aren't going to have this kernel feature and you're not going to have it in stable/LTS versions ever ...

The application dropped support for production kernels ... because it wants a patch that isn't yet in production kernels.

Googles foot ... they just shot a hole in it, fuck'em.

Re:Google Chrome is fast moving...

[gbcox]

Oh for pete sake... It doesn't matter who created the feature... it was viewed as relevant and worthwhile otherwise Linus wouldn't have allowed it in the kernel. You'll have the kernel feature if it is backported. This appears to be all about Debian. If they choose not to backport either switch distributions or use another browser. Most people aren't going to be impacted by this. It's kinda of silly... it's the feigned internet outrage of the day.

Re:Google Chrome is fast moving...

[Rich0]

The application dropped support for production kernels ... because it wants a patch that isn't yet in production kernels.

The feature is in several stable kernel branches. Your distro might just not support them, so either don't use Chrome, or don't use that distro, or figure out how to use a newer kernel on your distro. :)

Re:Google Chrome is fast moving...

[thegarbz]

THAT THE CHROME DEVS SUBMITTED TO THE KERNEL

Putting something in bold doesn't in any way make it relevant. Chrome devs didn't put it into the kernel, they submitted it as you said. There's a whole team that look after and maintain the kernel and they don't just blindly let every bit of code in. Most things go through review and go into the kernel only if Linus doesn't castrate the submitter.

TSYNC is now a current feature of the kernel. Where it came from is entirely irrelevant.

Also given the market share of Chrome on Linux in the wider scheme of the internet I think they may have only shot off the tip of one toenail. The foot will be fine.

Re:Google Chrome is fast moving...

My concern is that Debian, due to the lack of any long-term supported release of Chromium, will be forced to constantly update Chromium to the latest upstream version in their stable distribution. This time, they demonstrated that they are ready to require a very fresh version of the kernel, too. They will do it again if they think it is needed - but adding new feature-patches to the kernel is a no-no for a stable distribution. So, the only correct solution now is to remove Chromium from Debian and ban all attempts to reintroduce it.

Want to run Chromium? Please run Chromium OS, not a normal stable linux distribution.

Re:Google Chrome is fast moving...

It isn't just about Debian. It is (or used to be) customary for user space programs not to depend on new features. Unless there are very good reasons for requiring a feature and thereby limiting the number of systems your software can run on, use the feature if it is available, but don't fail if it is not.

There's currently a trend to have everything continuously updated, which doesn't just include bug fixes but also feature updates. Google was and is a driving force behind this. It was the first to remove visible version numbers from its browser. There was to be just one relevant version: Current. You no longer get bugfixes separately from new features. If Google decides their software should work differently now, you either agree or you're left with unsupported software. That is wildly incompatible with a release model that has the word "stable" in it. Obviously Google expects everybody else to bend over backwards for them. See also Android.

Re:Google Chrome is fast moving...

[kthreadd]

My concern is that Debian, due to the lack of any long-term supported release of Chromium, will be forced to constantly update Chromium to the latest upstream version in their stable distribution.

They already do this. Just look at the changelog.

Re:Google Chrome is fast moving...

[timkb4cq]

It's not exactly hard to upgrade the kernel in debian to the latest version. The Liquorix Project, http://liquorix.net/ , has a debian sid repository which works in Jessie. The MX / MEPIS Community Repositories have those repackaged for Wheezy.

Running debian stable, or even testing, on the desktop has always required some backports. That's why all the debian derivatives like Ubuntu, Mint, Antix, PCLinuxOS, and the rest are popular.

I wouldn't suggest you upgrade the kernel on your production server without good reason - but why would you be running Chrome on your server anyway?

Re:Google Chrome is fast moving...

Gentoo's been past that for a while. I never have any issues with not having access to the latest versions. I've been past that version for quite awhile although I don't use chrome/chromium so I guess it doesn't matter.

userid@ph ~ $ uname -a
Linux ph 3.18.3-gentoo #1 SMP Sat Jan 17 21:03:00 EST 2015 x86_64 GNU/Linux

Re:Google Chrome is fast moving...

No, it is not in any stable kernel branches other than those later than 3.17. And it is in no long-term-support branch at all, because no LTS kernels were released after 3.17 *yet*. Maybe 4.2 will be a long-term-service kernel.

It is in some distribution kernels, though. This is not the same thing, even if some of these distros are long-term-service.

Re:Google Chrome is fast moving...

SECCOMP_FILTER_FLAG_TSYNC is already in the kernel and has been since 3.17, you dumbass. So any distro that is running 3.17 or later will already have it. And any distro whose kernel maintainers don't have a bug up their ass about Google and actually care about the security of their users will probably backport it to their earlier kernel versions like Ubuntu did in October.

Re:Google Chrome is fast moving...

It's been in all supports LTS versions of Ubuntu, the ONLY distribution that matters, for six months.

Re: Google Chrome is fast moving...

[Blackbox42]

So run the older version and take the security hit. Google updated the kernel to make or more secure, why shouldn't they use that new feature?

Re:Google Chrome is fast moving...

[Rich0]

I said:

The feature is in several stable kernel branches.

You said:

No, it is not in any stable kernel branches other than those later than 3.17.

Your use of the word "no" suggests that there is a contradiction here, and there isn't.

It is present in 3.18 and 3.19, which are both stable kernel branches.

Re:Google Chrome is fast moving...

[rdnetto]

The application dropped support for production kernels ... because it wants a patch that isn't yet in production kernels.

The feature is in several stable kernel branches. Your distro might just not support them, so either don't use Chrome, or don't use that distro, or figure out how to use a newer kernel on your distro. :)

Given that this is Debian we're talking about, the the right comparison is with an LTS kernel, not a stable one. 3.17 is already EOL, and it was only released in October. The most recent LTS kernel is 3.14.

That said, Jessie is currently running 3.16, so there's likely something I'm unaware of regarding Debian's kernel policy...

Something doesn't feel right

Something doesnt' feel right abotu this. Kernel 3.17 is very new. Most distribitions are running kernels 3.16 or older. Any long term support releases from Ubuntu, Mint, CentOS, Red Hat, etc will be running older kernels. So either those distros are backporting patches or they cannot run Chrome, if the original post is correct. It seems unlikely Google would cause Chrome and Chromium to stop working on virtually every Linux distro.

Re:Something doesn't feel right

[Zero__Kelvin]

Google didn't run around to all the servers on the internet gathering all the source code for the versions of Chrome that need this patch. Distributions will simply use the version they have that works and refrain from bumping up the Chrome version until after the linux kernel is at the required revision.

Re:Something doesn't feel right

[kthreadd]

Chrome is non-free so most distributions don't distribute it to begin with.

Re:Something doesn't feel right

[tepples]

Chrome is non-free so most distributions don't distribute it to begin with.

How was the kipper?

As I understand it, this problem is not directly related to Adobe Flash Player, patented codecs, Google Update, or Google crash reporting. These are the only non-free parts of Chrome.

Re:Something doesn't feel right

[Zero__Kelvin]

You don't quite seem to undertsand the concept of Open Source and "free".
Source code for Google Chrome is available free of charge under open source software license agreements at http://code.google.com/chromiu...
Yes, when others build it from source they call it Chromium. Claiming Chrome is nonfree is either an asinine attempt to flame or representative of a pretty poor understanding of the terms you are throwing around.

Re: Mailing list sounds like a bunch of Whiners...

[gbcox]

Well, that depends. New hardware support is added all the time. LTS means that changes can be made. It doesn't mean you are frozen to a specific set of hardware. Chrome development is on the fast track. If the distribution you are using thinks that you are using a "stupid web browser" perhaps it is time to switch to another distribution. Fedora and Ubuntu will work just fine; and I'm sure there are others.

now what?

Now what do I do? I have to give up Android because of Google, and I can't use an iPhone because.. shiny, so what do I do? Get Windows phone? How could that be the answer??

Re:How the fuck does Chrome handle other platforms

[Zero__Kelvin]

"So how the flying fuck can Chrome run on these other systems that don't offer this functionality?'

Just because a version of Chrome gets released doesn't mean that all distributions will and must begin using the code immediately. Distributions will simply not deliver newer versions of Chrome until the kernel is bumped up to the level required to support said newer version.

Well...

Debian dickishness in full effect.

Re:Well...

it makes me proud to be running debian.

Re: Mailing list sounds like a bunch of Whiners..

No thanks, I'll sick to my stable OS, and stable browser.

It'll get backported

[facetube]

Ubuntu already appears to have a seccomp-tsync backport to 3.16.x: https://lists.ubuntu.com/archi....

Wait a minute!!!....

So Debian now thinks Chrome is not suitable to be included but they ARE incuding systemd which is far LESS trustworthy?

I don't love Chrome but I do find that I need it at times, just like I need the ability to run Firefox and IE, and I certainly won't be using a distribution that goes out of it's way to make my life difficult.

Re:Wait a minute!!!....

[kthreadd]

Chrome is non-free proprietary software. They have never included it in Debian.

Re: Wait a minute!!!....

You can run IE in Debian? That's a neat trick... Use the same trick to run Chrome Extensions (if you must run that functionality).

Re:Wait a minute!!!....

[facetube]

I'd expect the sandboxing improvements to land in Chromium at some point. Anyway, Chrome being non-free doesn't mean that Debian can't include the tsync backport and let people apt-get it like any other kernel update. Apparently it's a pretty straightforward port and is useful for other things (like LXC).

Get the story straight

The guy that said "Sounds like another good reason to not use Google spyware" does not have a Debian email address.

Of course Chrome IS spyware. I mean - isn't it obvious that they didn't write Chorme out of the 'goodness-of-their-heart'?

Re:Get the story straight

[kthreadd]

The guy that said "Sounds like another good reason to not use Google spyware" does not have a Debian email address.

You mean that guy?

Re: Mailing list sounds like a bunch of Whiners...

[allo]

no, the real LTS kernel does not get new hardwaresupport. you confuse it with the hardware enablement stack of ubuntu.

Re:How the fuck does Chrome handle other platforms

[Gr8Apes]

Sounds like Firefox may get a bump in NetStat numbers, however small, and Chrome will drop. I still don't get why anyone would use that phone home spyware, but over 40% of the market can't be wrong, can it? Think about the windows users!

Re: Mailing list sounds like a bunch of Whiners..

Prepare to get pwned in 5, 4, 3, 2...

Somethings not right

[The+Cisco+Kid]

I'm on Debian 7 Wheezy, running Google Chrome 40.something

Is that supposed to not work?

Re:Somethings not right

[kthreadd]

If I understood the bug report correctly this only affects users that uses extensions.

Re:How the fuck does Chrome handle other platforms

I don't know what the fuck TSYNC is, but I'm confident that the BSDs, OS X, and Windows probably don't offer it, especially if only recent Linux kernel versions support it.

So how the flying fuck can Chrome run on these other systems that don't offer this functionality? What in shit's name is preventing those workarounds from being used on these older Linux systems?

Shorter AC: I have no fucking idea what this is all about, but it fucking enrages me! Raaaugh!

Re:How the fuck does Chrome handle other platforms

So that's why Chrome wouldn't run on my laptop. I guess I'm not going to be able to use it anymore, because my laptop run 2.6.32 and nothing else. I'm not going to spend $500 on a new laptop just to run Chrome.

Re:How the fuck does Chrome handle other platforms

That's not the chrome update philosophy. They should be able to push updates quickly, automatically, and without regression to mitigate security problems because the attack surface of the web browser is so huge. They expect to be able to do this and have lots of automated testing to support it on all the platforms, and they don't maintain forks besides stable, beta, and dev: you must be at the head of one of those branches to remain secure.

You're saying the distro should make an even older fork than stable, and then backport all security patches from Google's stable to their branch. While that's possible, it's probably harder than backporting a kernel feature once. In practice the distribution will just freeze you at an old, potentially-insecure version of Chrome, leaving you exposed if a fix needs to be rolled out quickly.

The real question should be why the kernel update cycles are so long. I thought ABI churn problems on Linux were mostly in the past, and modern kernels were BSD-like in that they were compatible with multi-year swaths of userland.

Android backport

How is this supposed to work on Android? The kernels in the ecosystem influenced by Google themselves are generally much older than the ones shipped on various distribution branches, even "LTS" ones, and they're not updated even for security bugs, much less arcane features. Does Chrome-on-Android simply not use seccomp?

Re:How the fuck does Chrome handle other platforms

"Shorter AC: I have no fucking idea what this is all about, but it fucking enrages me! Raaaugh!" - now, here's someone pointing out the reality of a trolls mentality

crap article.

[lophophore]

slashdot needs peer review, or something.

I'm running Chrome 41 on CentOS 6 -- that has kernel 2.6.32. I followed the link and one of the complaints was that Chrome remote desktop could not be installed. So I installed it. Works fine. No problems here.

Linux 3.17 clearly is not the minimum requirement.

(yes, it takes a shim to get Chrome to work on CentOS. It is a pain. see chrome.richardlloyd.org.uk -- he figured out how to make it work, and it works well.)

no flash in linux for firefox - or is there..

[olegreybeard]

and Chrome is the only way to get this content under Linux

looky here -

A little effort & Firefox uses Chrome's PepperFlash.. Quite well, I might add.

and before anyone slams me for using flash, some sites I _need_ to use (cough)godaddy(cough) require it. Simply set it to ask to be enabled. Problem solved - options are good.

Wow. The linked thread...

[drolli]

is the reason why you should not let constructive users interact with ignorant technical guys.

What is so hard about actually believing to a user that if he repots something, it may be important to him (in this case chromium/flash), for reasosn which you or he may or not like, but thich are probably there.

If you dont like something, act non-constructive and get ideological.

Re:Wow. The linked thread...

[kthreadd]

Both Google Chrome and Adobe Flash are non-free programs. Making users stop using these programs would be constructive.

Re:Wow. The linked thread...

[drolli]

a) Is Chromium also a non-free program?

b) The best way to make users stop using non-free programs is to be an asshole?

Re:Wow. The linked thread...

[red+crab]

I've been using Chrome and its open-source counterpart Chromium on my OpenSUSE laptop since 2009 or so and have noticed that their CPU usage is way higher than Firefox. Especially while handling Flash pages, the CPU usage climbs to 100% and it remains at that level even after I close the Flash site. The only way to bring back CPU usage to normal is to promptly close the application. My machine has decent specs, its got a i5 processor and 8 GB of memory and frankly this kind of performance is puzzling.
Firefox, on the other hand has kept improving on Linux with very release all over these years. I can therefore see no compelling reason to use Chrome or Chromium on Linux.

hostile replies?

[fahrbot-bot]

From TFP:

Hello, Julien Tinnes from google says that next releases of chromium will drops support for kernels without TSYNC. Ubuntu 14.10 already has been patched. Can I to expect that debian 8/jessie will have support for TSYNC?

Sounds like another good reason to not use Google spyware.

Google Chrome for Linux is the only possibility to use latest version of Adobe flash player for Linux as far as I know.

another good reason not to use it.

I read that as more snarky than hostile.

Re:hostile replies?

[sclark46]

Simple - No more chrome!!

Browsers on servers

[coats]

Intel compilers install their documentation as local HTML (on that server), so you need a browser of some sort to read it. And firefox won't do that job on RH servers, because RH puts in that ancient and rude "use the Firefox on the client machine, not the one local to the server" hack to the firefox it supplies. So you need either konqueror, chrome, or opera on the server ;-(

Re:Browsers on servers

[HiThere]

If *you* are maintaining the server, you can install Firefox on it yourself. (I may think it a bad idea, but there's nothing stopping you.)

Re: Browsers on servers

[buchanmilne]

Isn't there a --no-remote or similar option?

Or you could install and use links.

Or you could setup apache or similar to serve the documentation.

Re:Browsers on servers

[cmdr_tofu]

Or lynx or an html2text script. Or copy the documentation to a client machine.

Re:Browsers on servers

[raynet]

You have servers with GUI?? Lynx is just fine for reading HTML over SSH, though proper server only has a serial terminal :)

Re:Browsers on servers

The guy needs documentation that is in HTML, and only on his server. He doesn't even have a VM to dest-deply crap on his workstation before messing with the servers, he considers adding a full-blown GUI (a few thousand libs and execs, at least 10 million lines of code) and a browser (about the same size of the GUI :-p) to read it locally on the server, instead.

Why are you bothering with someone like that? Let him self-destruct.

No loss; Chromium is my "last resort" browser

[msobkow]

I even try Konqueror before I resort to Chromium.

Re:How the fuck does Chrome handle other platforms

You've got a shitty laptop. That's your problem.

Re:How the fuck does Chrome handle other platforms

Seems like it's Google's problem. My 6 year old laptop runs plenty of software just fine, including the latest version of Firefox. I use the laptop for some pretty serious coding, so it's hardly a toy. The main advantages:
1. I already paid for it
2. 11.6" screen allows me to open it all the way up in an airline seat (coach class) even if the person in front of me is leaning back.

ps - flying coach because my company doesn't want to waste money on first class or new laptops. I guess not wasting money is how my company manages to stay on the NASDAQ-100.

Puzzled...

[hitmark]

what has always puzzled me about Chrome/Chromium, is that the latter do not come as easy to handle tar-balls.

If you want to compile it you have to download special tools, then aim those at their source repo to grab a tagged branch, and then compile from that the variant you want (said repo mix Chromium and ChromiumOS as best i can tell).

Re:Puzzled...

[laffer1]

The chromium build system is a nightmare. Would it really kill them to use cmake or gnu make + automake/autoconf?

Re:How the fuck does Chrome handle other platforms

[Martin+Blank]

Presumably, you're running RHEL/CentOS 6. If so, that's cool if it works for you--the stability is probably greater than just about any other major distro--but I think the expectation is that most who run Linux for their notebooks/workstations will run something newer and more flexible, and run something like that in a VM. But there's always the reality that RHEL/CentOS 6 isn't going to run the latest software in many cases (unless you go with non-standard repos), and here's a case where a browser has become one of those cases.

It's probably also surprising that you run a six-year-old notebook in a corporate environment. Even the fiscally conservative companies tend to upgrade notebooks at least every four years, even if they are Fortune-100 companies.

I have to say I don't have much sympathy

[iamacat]

So as a user of free, open source software you don't want to update, or patch either kernel or Chromium, or find a patch made by others? You are doing it wrong!

Re:How the fuck does Chrome handle other platforms

I guess not wasting money is how my company manages to stay on the NASDAQ-100.

NASDAQ-100 =/= Fortune-100 =/= NYSE-100

Google can go fuck themselves

[chris2kari]

They are truly the new Micro$oft. I was quit already. I'm twice as quit now!

Re:How the fuck does Chrome handle other platforms

[dave420]

Does it actually phone home, though? I've seen lots of puffy-faced, breathless posts complaining about this, but not a Wireshark trace in sight...

You're assuming it is "up".

[tlambert]

OTOH they have PLENTY of reason to upgrade. Heartbleed, freak, shellshock, etc. Tons of bugs found in Linux/Windows/Apple/Android on a day-to-day basis.

You're assuming it is "up".

New bugs are not necessarily better than old ones.

Attitude

Are the Debian developers responsible for writing code or for making moral judgments about which applications users run on the platform? Where do they get off telling users what are good vs. bad applications? Either make the changes to support TSYNC or else give reasons like not enough time, too much work for too few users, etc., without the judgments.

Re:How the fuck does Chrome handle other platforms

[Gr8Apes]

There's a number of ways it phones home, some of which at least can be mitigated: spell check, url suggestions, and default search from the address bar which is my personal pet peeve, what was so hard about hitting the TAB key to go to the search field from the address field so I can control what I search for?

However, ask yourself this, what reason did Google have for making a better independent browser than Firefox, which was at 30+% market share at the time and used Google as it's default search engine? It wasn't altruism, so there must have been a driving reason for it.

Relevant thread on chromium-dev

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/4WBMtXU5mfo

Chromium does not require TSYNC.

Blatantly false

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-dev/4WBMtXU5mfo

- If TSYNC support is detected, Chromium will use it.
- No version of Chromium (including the latest M42 version) currently requires TSYNC (chrome://sandbox "adequately sandboxed" report does not currently depend on TSYNC being there or not).

Well, there's that. But don't let it interfere with y'all's herp-derp-chrome-is-spyware circle jerk.

Sand in yer pants and shoe...

[niftymitch]

If we take the chrome browser out of this
most would agree that improving the ability
to sandbox a program is good.

      https://wiki.mozilla.org/Secur...
      https://en.wikipedia.org/wiki/... (out dated by a bit)

This secure computing mode might be too simple for
some but it seems like a necessary tool to write code
that needs some trust and or is the target of all the
hackers in the world.

Since malware and other browser vectored problems abound
this could be a good thing. I see a long list of multithreaded
tools that use this sandbox.... It seems necessary
to have TSYNC if Intel and others are serious about growing
the number of cores in future processors.

.

Or use Fire Fox

Or just use FireFox that's been Open Source for long time

Re:How the fuck does Chrome handle other platforms

[niftymitch]

Sounds like Firefox may get a bump in NetStat numbers, however small, and Chrome will drop. I still don't get why anyone would use that phone home spyware, but over 40% of the market can't be wrong, can it? Think about the windows users!

Hmmm this sandbox strategy is used by Firefox and many more tools.
As more and more tools move to threads this ability
to sync them will gain traction.

My guess is there is a window of risk that needs to be closed before it surfaces
as a bug or exploit. All in all this sandbox stuff is new but interesting as heck.
There are stronger models but this is an improvement especially when RAM is
limited -- (tablets and phones).

Re:How the fuck does Chrome handle other platforms

RHEL is one of the few platform the vendors software does run in. The other is Ubuntu 10.04 LTS (yea, a 5 year old OS. it's silly. but that Linux can't run its own binaries because they are "too old" is pretty silly too. I've got a ton of old linux software that I've written over the years that only runs if you recompile against the latest glibc, etc.)

Developer machines come out of the engineering budget not the IT budget. IT upgrades machines, but they only give us one machine, so we make them buy a big beefy workstation. The laptops are purchased by engineering when you are hired and about the only option I have is to lose it or break it and then explain to the director why I am making him sign a purchase order.

Only took 7 months for Google to acknowledge it

Bug was reported August 7th, 2014 -- Google developers just got active with it this week.

Re:How the fuck does Chrome handle other platforms

=/= ? noob.