Google To Auto-Migrate Some Users To 64-bit Chrome

← Back to Stories (view on slashdot.org)

Google To Auto-Migrate Some Users To 64-bit Chrome

Posted by msmash on Wednesday May 3, 2017 @02:40AM from the hmm dept.

Google says it will automatically upgrade the version of Chrome that some Windows users are running, in what it describes as a bet to improve stability, performance, and security. From a report on ZDNet: In a blog post on Tuesday, the search engine giant explained that Chrome users running 64-bit Windows with 4GB or more of memory will be automatically migrated to the 64-bit version of Chrome if they are running the 32-bit version.

96 comments

Min score:

Reason:

Sort:

But Google will get a free pass by Anonymous Coward · 2017-05-03 02:42 · Score: -1

This is worse than Microsoft forcibly migrating users to Windows 10, yet Google will get a free pass from Slashdot readers. Why is that? Please do tell.
1. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 02:45 · Score: 2, Interesting
  
  While it's not necessarily good how is a switch from 32 to 64bit of browser worse than an entire operating system?
2. Re:But Google will get a free pass by Archangel+Michael · 2017-05-03 02:47 · Score: 3, Informative
  
  what a load of crap.
  Chrome is Chrome is Chrome. Moving to 64 bit makes sense simply because of memory management issue. My current Chrome usage of RAM is well over 4 GB (lots of windows open), and I suspect that most people are using way more RAM than they think.
  
  --
  Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
3. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 02:56 · Score: 0
  
  In Chrome each tab is its own process. Do you really need more than 4GB for one tab?
4. Re:But Google will get a free pass by Mitreya · 2017-05-03 03:00 · Score: 4, Insightful
  
  and I suspect that most people are using way more RAM than they think.
  I agree, but I think you mean that Chrome is using way more RAM than a sane person would expect.
  I just opened a tab listing folders on a web server (5 files and 5 directories, no index.html). According to Chrome task manager, this tab is taking 18.94 MB! That's for 10 lines of text and white background all around.
5. Re:But Google will get a free pass by WarJolt · 2017-05-03 03:02 · Score: 2
  
  While it's not necessarily good
  
  No change in user experience. That's good.
6. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 03:05 · Score: -1
  
  most /.ers are 4ndr0|d/l33n00kz bo|||s. duh.
7. Re:But Google will get a free pass by Wootery · 2017-05-03 03:11 · Score: 2
  
  There's more to 64 bit than just the bigger address space. Annoyingly Google don't seem to be giving much away here beyond "stability, performance, and security"
  The interwebs seem to support that there's a performance improvement but the difference isn't huge.
  The ZDNet article really adds nothing over Google's blog post. Would've made more sense to have the summary link directly to that.
8. Re:But Google will get a free pass by dogbert_2001 · 2017-05-03 03:28 · Score: 4, Interesting
  
  ACKCHYUALLY,
  Each Chrome tab is limited to 4GB, even in 64-bit. "For security reasons."
  And I've hit the limit before. Scrolling endless webpages is an easy way to hit the limit. Also, some addons like AdBlock use up a lot of memory.
9. Re:But Google will get a free pass by DontBeAMoran · 2017-05-03 03:28 · Score: 2
  
  I think you mean that Web pages are using way more RAM than a sane person would expect. Both Chrome and the user are the victims here.
  
  --
  #DeleteFacebook
10. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 03:39 · Score: 0
  
  He specifically said there was no index.html. You can't blame a web page that doesn't exist. This was a directory listing.
11. Re:But Google will get a free pass by wonkey_monkey · 2017-05-03 03:39 · Score: 1
  
  Because no-one will notice.
  
  --
  systemd is Roko's Basilisk.
12. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 03:45 · Score: 1
  
  Nope, it isn't just the web pages it has to do with the underlying implementations rendering and JS engine. Compare Firefox, Chrome, Opera, IE, Edge, etc. on the same system with the same page. Oh and if they have any JS, leave all of them up overnight and compare again. Holy memory leaks batman.
13. Re:But Google will get a free pass by TheRaven64 · 2017-05-03 03:53 · Score: 1
  
  You don't want more than 4GB of RAM for each, but you absolutely do want more than 4GB of virtual address space if you want ASLR to do any good.
  
  --
  I am TheRaven on Soylent News
14. Re:But Google will get a free pass by OrangeTide · 2017-05-03 03:56 · Score: 1
  
  Why is that? Please do tell.
  Because I don't use that Google shit.
  
  --
  “Common sense is not so common.” — Voltaire
15. Re:But Google will get a free pass by ledow · 2017-05-03 04:04 · Score: 2
  
  Try the login page for Tumblr.
  It loads more than 20Mb of scripts and images.
16. Re:But Google will get a free pass by magarity · 2017-05-03 04:43 · Score: 2
  
  Will people who depend on a 32 bit plug-in be able to use it seamlessly with the 64 bit Chrome? That may not be the case.
17. Re:But Google will get a free pass by dj245 · 2017-05-03 04:44 · Score: 2
  
  Try the login page for Tumblr.
  It loads more than 20Mb of scripts and images.
  Tumblr is one of the few websites that brings my tablet (2GB ram) to its knees. Infinite scrolling of an image-heavy website certainly doesn't help things.
  
  --
  Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
18. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 05:25 · Score: 0
  
  Why ever would you buy all that RAM and *not* want to use it?
19. Re:But Google will get a free pass by Immerman · 2017-05-03 05:48 · Score: 1
  
  Quite. One would hope they offer an easy "downgrade" path for those poor souls.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
20. Re:But Google will get a free pass by thegarbz · 2017-05-03 07:29 · Score: 1
  
  This is worse
  
  How? Please do tell.
21. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 07:53 · Score: 0
  
  Not asking the user's permission=BAD! Its no more Google's computer than it is Microsoft's computer! I am happier than ever that both Windows and Chrome have been kicked off of my computers and other devices!!
22. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 08:06 · Score: 0
  
  You don't want more than 4GB of RAM for each, but you absolutely do want more than 4GB of virtual address space if you want ASLR to do any good.
  As I understand it, ASLR is good to prevent native code execution issues. Are there actually browser issues that are can use ASLR as a viable defense against a browser exploit? It seem to me that you are in virtual-virtual address space from the point of view of JIT, and nothing would ever be in and expected location except perhaps a plug-in...
23. Re:But Google will get a free pass by R.Mo_Robert · 2017-05-03 09:56 · Score: 2
  
  Will people who depend on a 32 bit plug-in be able to use it seamlessly with the 64 bit Chrome? That may not be the case.
  Like what? Chrome stopped supporting NPAPI plugs (e.g., Java applets) a year and a half ago. They have a "built-in" Flash player, as well, and those are probably the most popular plugins. Basically, anything you need that is still a 32-bit plugin probably already stopped working.
  
  --
  R.Mo
24. Re:But Google will get a free pass by mspohr · 2017-05-03 10:04 · Score: 1
  
  Don't get your shorts all twisted up, there.
  This update is only for people who have automatic update so they have given Google permission to update their Chrome.
  
  --
  I don't read your sig. Why are you reading mine?
25. Re:But Google will get a free pass by cheater512 · 2017-05-03 10:27 · Score: 1
  
  Well considering NPAPI has already been killed off, I doubt that's much of a problem.
26. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 14:30 · Score: 0
  
  The exploits escape the JIT and inject native code. The native code part is much more feasible with less potent ASLR. In 4GB address space there's a way to squeeze things hard enough from the javascript end so the native code will need way less iterations to find a matching layout. Exploits do iterate over layouts, sometimes doing more than a billion iterations until they succeed - yes it takes lots of time, makes your machine run hot, and is bad user experience. That's one of the reasons for slowness of machines that are under attack but not owned yet: iterative bypasses for ASLR.
27. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 14:32 · Score: 0
  
  Given that all of this text is transformed into a DOM and finally display lists that then get rendered by shader code - I'd say 20MB is nothing much. It doesn't scale though, so if you had 1000 lines of text you won't suddenly have 2GB of RAM use.
28. Re:But Google will get a free pass by AmiMoJo · 2017-05-03 19:27 · Score: 1
  
  Recent versions are a lot better with RAM. It still uses every available byte, but hands it back as soon as other apps start to need it by purging tabs and reloading them later.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
29. Re:But Google will get a free pass by AmiMoJo · 2017-05-03 19:28 · Score: 1
  
  Even flash is blocked most of the time now.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
30. Re:But Google will get a free pass by TheRaven64 · 2017-05-03 21:13 · Score: 1
  
  Yes. The difficult thing about code reuse attacks is that you have to find a useful bit of code to reuse. With a JIT in your target process, you can conveniently persuade it to generate some useful code that's full of gadgets. Mobile Safari combines ASLR with ARMv8's execute-only mappings to harden this: not only is the JIT'd region in a random location, its writeable address isn't stored anywhere in readable memory. They map a region write-only in one place and execute-only in another place. They then JIT a memcpy function that copes a buffer into the write-only region and throw away the address of the writable region, just keeping a pointer to the memcpy implementation in the executable region. You can use that to write anywhere into the executable region, but the only way of finding the writable region is to try writing there, which in a 64-bit address space is likely to crash the process probing long before you find the right address. Because the mapping for the executable part is execute only, you can't read it to find if a write happened to land in the writeable mapping and you can't read it to find where gadgets ended up.
  
  --
  I am TheRaven on Soylent News
31. Re:But Google will get a free pass by Anonymous Coward · 2017-05-03 22:37 · Score: 0
  
  Because eventually you don't have enough RAM to run something else than the browser.
Why? by Anonymous Coward · 2017-05-03 02:46 · Score: 0

Since Chrome doesn't support plugins anymore, what's the point in keeping it 32-bit on 64-bit systems? I don't see any features that break in 64-bit.
1. Re:Why? by thegreatbob · 2017-05-03 03:30 · Score: 1
  
  Running 32-bit versions of software prevents them from being able to suddenly consume many, many gigabytes of memory in the event of a memory leak or other behaviors. Of course, multi-process models make this a bit less relevant. Still, some may see this as a plus in memory-constrained environments. Is 4GB the new 640K? Perhaps.
  
  --
  There is no XUL, only WebExtensions...
2. Re:Why? by gnick · 2017-05-03 05:21 · Score: 1
  
  Running 32-bit versions of software prevents them from being able to suddenly consume many, many gigabytes of memory in the event of a memory leak or other behaviors.
  I have a foolproof method of preventing processes from "suddenly consuming many, many gigabytes of memory." How many gigs of RAM do you have?
  
  --
  He's getting rather old, but he's a good mouse.
3. Re:Why? by thegreatbob · 2017-05-05 09:31 · Score: 1
  
  I like where I think you're going with this. I've got 16GB in my main machine.
  
  --
  There is no XUL, only WebExtensions...
4. Re:Why? by gnick · 2017-05-05 13:01 · Score: 1
  
  Then I decree that you have many gigabytes of memory. You won't get to "many, many" until you've passed "a whole bunch," "a buttload," "way too much," and "super-duper bigly," in that order.
  
  --
  He's getting rather old, but he's a good mouse.
Also... by Mitreya · 2017-05-03 02:52 · Score: 5, Funny

Google says it will automatically upgrade the version of Chrome that some Windows users are running, in what it describes as a bet to improve stability, performance, and security.

In other news, Google will automatically search for results that it considers relevant, regardless of what you type in the search bar, in what it describes as a bet to improve quality of searches.
(I know on average they are right and users can't spell, but I find it really annoying when my perfectly correct search term is changed to something more common automatically)
1. Re:Also... by Anonymous Coward · 2017-05-03 03:03 · Score: 1
  
  searching for error messages and function names is almost comical these days due to this. If I put in an error message or a function name, I'd expect pages with those in them would appear. Apparently this is not what search engines do these days.
2. Re:Also... by Anonymous Coward · 2017-05-03 03:05 · Score: 1
  
  That is why since long ago I inconsciently start all google queries with "allintext:" to try to cut the google 'relevant' crap.
  But then google keeps redirecting me to captchas for 'suspicious activity' and verify that I'm not a bot.
  So now I find myself using other search engines substantially more.
3. Re:Also... by Anonymous Coward · 2017-05-03 03:21 · Score: 1
  
  In other news, Google will automatically search for results that it considers relevant, regardless of what you type in the search bar, in what it describes as a bet to improve quality of searches.
  And for adding insult to injury: pretend that offers an "advanced search" - i really miss Altavista...
  
  (I know on average they are right and users can't spell, but I find it really annoying when my perfectly correct search term is changed to something more common automatically)
  Yes, i know that too, on average they are right, and the average user is... average! But i am not "average" (or below...), so, at least, i want a real "advanced search" - BRING BACK ALTAVISTA!
  Since i am a Greek (b.t.w. sorry for my English), for a few years i was able to use Google in the "advanced" mode because their "average" mode was not yet implemented for the Greek language - until they learned Greek well enough to downgrade!
4. Re:Also... by Cmdln+Daco · 2017-05-03 03:25 · Score: 1
  
  Google can't sell you a product by giving you search results with function names or error messages. Wouldn't you rather look at ads for these new shoes that are on sale right now??!!??
5. Re:Also... by DontBeAMoran · 2017-05-03 03:30 · Score: 2
  
  Why would I want new shoes? I'm not depressed.
  
  --
  #DeleteFacebook
6. Re:Also... by OrangeTide · 2017-05-03 03:59 · Score: 1
  
  Maybe you will become depressed if you can't search for your error codes.
  
  --
  “Common sense is not so common.” — Voltaire
7. Re:Also... by eltwo · 2017-05-03 04:04 · Score: 1, Informative
  
  Try using quotation marks, it will suggest a correction, but you will get results for your search term.
8. Re:Also... by Anonymous Coward · 2017-05-03 04:16 · Score: -1
  
  Unless your search involves "men", in which case it will absolutely refuse to properly perform your search, replacing your results with "people".
  Searching for "women" is still okay, though.
9. Re:Also... by BronsCon · 2017-05-03 04:42 · Score: 1
  
  I read that as "I'm not dressed" and my first thought was "whoa, man, like... me either!"
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
10. Re:Also... by BronsCon · 2017-05-03 04:44 · Score: 1
  
  Wait... is that real?
  
  No. It's not.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
11. Re: Also... by Anonymous Coward · 2017-05-03 04:57 · Score: 0
  
  Search Tools -> Verbatim fixes this.
12. Re:Also... by Anonymous Coward · 2017-05-03 06:22 · Score: 0
  
  Try using:
  https://www.google.com/search?...?????
13. Re:Also... by Anonymous Coward · 2017-05-03 06:30 · Score: 0
  
  Indeed. No, Google, I don't need to know anything about clams today; I actually meant to type "clamd" when I typed "clamd."
14. Re:Also... by Aighearach · 2017-05-03 07:15 · Score: 2
  
  I just wish they'd at least make it smart enough that if over 90% of the time a user is clicking the link to really search for what they typed, then it would default to searching what they really typed and offering the correction in the link.
  In the old days there was a sort of technical search language that I could use to search for specific things, and then they got rid of it. Bastards!
15. Re:Also... by DontBeAMoran · 2017-05-03 07:30 · Score: 1
  
  I read that as "I'm not dressed either, man!" and my first thought was "woah, man, too much information!".
  
  --
  #DeleteFacebook
16. Re:Also... by BronsCon · 2017-05-03 07:39 · Score: 1
  
  You read that correctly, and you're welcome.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
17. Re:Also... by Anonymous Coward · 2017-05-03 07:42 · Score: 0
  
  You're telling me people wear clothes at home?? I don't believe that.
18. Re:Also... by squiggleslash · 2017-05-03 08:08 · Score: 2
  
  What you can do is put the key search terms in quotes. Then Google will show the exact same list of search results, but write the key search term crossed out underneath each one so you know that particular result is useless.
  At least your PC doesn't freeze any more when you accidentally drift your mouse over a search result so that Google can show you a preview of the color scheme of the website on the right. But how long did it take for them to disable that "feature"?
  
  --
  You are not alone. This is not normal. None of this is normal.
19. Re:Also... by swillden · 2017-05-03 08:58 · Score: 1
  
  Indeed. No, Google, I don't need to know anything about clams today; I actually meant to type "clamd" when I typed "clamd."
  Hmm. I just searched for "clamd", and got a bunch of stuff about clamd. Personalized search FTW?
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
20. Re:Also... by Anonymous Coward · 2017-05-03 14:13 · Score: 0
  
  In other news, Google will automatically search for results that it considers relevant, regardless of what you type in the search bar, in what it describes as a bet to improve quality of searches.
  You're being funny, but as a sysadmin for a school district, I've seen that happen already. Forget which one it was, but they were trying to preload crap for you to "speed up the user experience." Unfortunately for them, it's random keyword search wound up getting them blocked for awhile due to creating too many false web filter hits.
  Although, I do agree. It's to the point now where developers consider the system that their program is running on their system. Damn what the owner wants. (Assuming that they care.) In some limited cases, they've even gone as far as to lock-in their preferences, with what amounts to DRM at this point, under the guise of "security".
  Case in point, as said sysadmin I now get to tell my boss tomorrow about why those Chromebooks that we just bought, won't work at all currently due to an upgraded web filter causing a block on google.com that we can't bypass. (Some weird internal changes for web searches with the upgrade causes it to not permit logins to work, and blocks google.com for everyone if the bypass is enabled. Found that out after 4 hours on the phone with support...) The backup idea was to use the guest account, but the fact that Google prohibits installing the needed CA cert for the filter in the public session preempts that. (Actually it does, but it gets wiped out after each restart / log out, because developer knows best.) No local auth means we can't establish an identity for the filter, and we're legally required to use said filter. So those things are grounded for right now.
  It's not (negatively) effecting everyone yet, (ok maybe it is if you run Windows 10), but I'd imagine crap changing suddenly like this is only the beginning of the fight for control.
As if it doesn't use enough memory by Anonymous Coward · 2017-05-03 02:58 · Score: 1

> ...Chrome users running 64-bit Windows with 4GB or more of memory....
As if it doesn't use enough memory.
1. Re:As if it doesn't use enough memory by Anonymous Coward · 2017-05-03 03:04 · Score: 3, Interesting
  
  Not loading 32 bit shared objects to support Chrome could result in less memory use.
Google is a good company by jbclub · 2017-05-03 03:14 · Score: 1

Google is a good company (for example leader in fish transportation systems). So I think the move to 64 bit is good.
CItrix fix after autoupdate by Anonymous Coward · 2017-05-03 03:49 · Score: 1

This auto update may break your Chrome in Citrix Xenapp 6.5, I was running the 32 bit version in the Citrix farm for a reason and it auto updated on me and I had to add the following switches to the Chrome shortcuts to resolve the issue --no-sandbox --disable-infobars --disable-gpu --no-default-browser-check --disable-popup-blocking --enable-npapi
1. Re:CItrix fix after autoupdate by ledow · 2017-05-03 04:02 · Score: 2
  
  I thought enable NPAPI doesn't do anything any more? NPAPI plugins have been dead since last year at least, and the forcible override options were deprecated.
  Popup blocking? Okay, I can see that might be annoying.
  Default browser check, I can see that interfering with thing.
  Disable GPU, sure for non-GPU machines.
  But no sandbox just sounds dangerous,
  And I can't see how half the stuff on there would work by default in 32 but not 64-bit versions.
2. Re:CItrix fix after autoupdate by __aanfwt7763 · 2017-05-03 06:54 · Score: -1
  
  get a job you fucking retard. we're not talking about running anything on your home porn box or surfing random sites. we are talking about managing infrastructure using browser-based tools. if you're in highschool and have no idea what the conversation is about - please fuck off and stop spamming the thread.
Security? by hackel · 2017-05-03 04:22 · Score: 2

What does 32 vs 64 bit have to do with security? I'm genuinely curious... It seems as if they are claiming their 32-bit users, or those without 4GB of RAM are somehow inherently less secure. That seems like marketing nonsense to me.
Of course this wouldn't even be an issue if Windows wasn't such a giant piece of garbage that it's taken this long to get a mainstream 64-bit operating system and applications. I've been running a 64-bit build of Firefox on Linux since, what, 2004?
1. Re:Security? by Anonymous Coward · 2017-05-03 04:41 · Score: 0
  
  64 bit processes get you better DEP support, and a much bigger address space for ASLR, both of which help make bugs less exploitable. You might be able to crash Chrome still via a bug, but it's much harder to leverage that into an arbitrary code execution.
  Security is like cake, the more layers the better.
2. Re:Security? by Anonymous Coward · 2017-05-03 04:44 · Score: 0
  
  What does 32 vs 64 bit have to do with security? I'm genuinely curious... It seems as if they are claiming their 32-bit users, or those without 4GB of RAM are somehow inherently less secure. That seems like marketing nonsense to me.
  Of course this wouldn't even be an issue if Windows wasn't such a giant piece of garbage that it's taken this long to get a mainstream 64-bit operating system and applications. I've been running a 64-bit build of Firefox on Linux since, what, 2004?
  Address Space Layout Randomization is much more useful in a large address space than a small one. That's the main reason.
3. Re:Security? by gman003 · 2017-05-03 04:44 · Score: 3, Informative
  
  Address space layout randomization. To make it harder for buffer-related exploits to actually start executing arbitrary code, the memory pages get shuffled around at startup so all the memory addresses are different each time. This still works with a 32-bit address space but there's less total space to use, so with some brute force (eg. really long NOP slides) you can overcome ASLR. With a 64-bit address space, odds are a random jump won't even hit a valid memory address.
4. Re:Security? by swillden · 2017-05-03 09:25 · Score: 2
  
  With a 64-bit address space, odds are a random jump won't even hit a valid memory address.
  People often don't get just how big 2^64 is. It's on the order of the number of grains of sand in all the beaches and all the deserts on Earth. More importantly it's vastly larger than the addressable RAM in your computer... and a 32-bit address space is actually smaller than the amount of RAM in many (most?) computers today, since 32 bits can only address 4 GiB.
  If you have 16 GiB of RAM, and if all of it is mapped into a single process space, that's 2^34 bytes of RAM. So, picking an address at random gives you a 1/2^30 chance of hitting a valid address. That's one in 1,073,741,824; one in a billion. An attacker who can try a million random addresses still only has a roughly one in one thousand chance of hitting something at all... and the odds of finding something *useful* are quite a bit lower, since most of the mapped memory is non-executable.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
5. Re:Security? by Anonymous Coward · 2017-05-03 15:33 · Score: 0
  
  Remember that amd64 only has 2^48 valid address space (the current CPUs ignore the rest of the bits). And half of that is kernel. It's still obscenely huge, at 256 TB (says Wikipedia), but it does reduce your example to 1/2^12 (1/4096).
This is why I don't use spyware by smooth+wombat · 2017-05-03 04:35 · Score: 2, Interesting

How anyone can think a company manipulating software on your machine, without your permission, is acceptable is beyond me. It's bad enough Microsoft does it with their forced updates, but now Google is intruding as well?
The only reason I have Chrome on my system at work is so I can tell Adobe, "No, I still can't log into our VIP account because your site doesn't work correctly. It doesn't matter if I use IE, Firefox or Chrome, the problem is on your end."
In days past people would be railing against any company which pulled this stunt. Now they shrug and accept the illegal intrusion, making excuses for why this is good. I'm sure if your car dealer would randomly change things on your car you wouldn't have a problem with it either, right?

--
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
1. Re:This is why I don't use spyware by Anonymous Coward · 2017-05-03 04:45 · Score: 0
  
  How anyone can think a company manipulating software on your machine, without your permission, is acceptable is beyond me. It's bad enough Microsoft does it with their forced updates, but now Google is intruding as well?
  The only reason I have Chrome on my system at work is so I can tell Adobe, "No, I still can't log into our VIP account because your site doesn't work correctly. It doesn't matter if I use IE, Firefox or Chrome, the problem is on your end."
  In days past people would be railing against any company which pulled this stunt. Now they shrug and accept the illegal intrusion, making excuses for why this is good. I'm sure if your car dealer would randomly change things on your car you wouldn't have a problem with it either, right?
  Ever seen the human centipede episode of Southpark?
2. Re:This is why I don't use spyware by poptix · 2017-05-03 05:06 · Score: 0
  
  It only happens on Chrome installs which are configured to auto-update. If you don't like it, turn off auto-update.
  
  --
  Just because you disagree doesn't mean it's not true.
3. Re:This is why I don't use spyware by partiallynothing · 2017-05-03 07:20 · Score: 2
  
  I'm sure if your car dealer would randomly change things on your car you wouldn't have a problem with it either, right?
  If they were upgrading a component of my car, I would not have a problem with it, which is what Google is doing here. Aside from the additional memory address space, this change also brings:
  - Additional address space layout randomization means brute force attacks won't overcome your ASLR
  - Additional architectural security features such as NX as well as others
  - Twice the number of CPU registers means less writing to the memory stack
  - Additional features I haven't thought of results in this action upgrading their users
  With browser software in peticular, many of these features will result in an improved and more secure experience for Google Chrome users. The real question is: Is there any valid reason you wouldn't want them to do this? I can't think of one.
  This is nothing like the Windows 7/8 to 10 forced upgrade, where the user-facing interface and feature-set changed; with this upgrade only the implementation details change. From the user perspective, everything remains exactly the same. So why the outrage?
  
  --
  Regards, Rob
4. Re:This is why I don't use spyware by SuiteSisterMary · 2017-05-03 08:14 · Score: 1
  
  I'm sure if your car dealer would randomly change things on your car you wouldn't have a problem with it either, right?
  Your car dealer does this, or is supposed to, every time you bring your car in for service. Goes by many names, but the common one around here is 'recalls.' I think my manufacturer calls them 'warranty campaigns.'
  Most of them I only find out about because the work order lists that they were done; they're generally not urgent enough to specifically call to your attention, but get done while your car is in for work anyway.
  
  --
  Vintage computer games and RPG books available. Email me if you're interested.
5. Re:This is why I don't use spyware by nuckfuts · 2017-05-03 09:06 · Score: 1
  
  they shrug and accept the illegal intrusion
  Is it illegal if somewhere, buried in the EULA, there is a clause that you "agreed to" when you first installed Chrome?
  If anything should be illegal, it's click-through licence agreements that no normal person should be expected to comprehend. I recall seeing some agreement regarding Apple's iOS that was more than sixty pages when displayed on my iPhone. Well, yes, I would like to keep my software up-to-date, but seriously?
6. Re:This is why I don't use spyware by swillden · 2017-05-03 09:28 · Score: 1
  
  How anyone can think a company manipulating software on your machine, without your permission is acceptable is beyond me.
  From the article:
  
  The auto-migration will only apply to users who have auto-update enabled.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
7. Re:This is why I don't use spyware by mspohr · 2017-05-03 10:07 · Score: 1
  
  OMG! Righteous outrage!
  This update is only for people who have given Chrome auto update permission.
  If you give them permission to update your software, you might expect that they will update your software.
  If you don't want it, don't give them permission.
  
  --
  I don't read your sig. Why are you reading mine?
8. Re:This is why I don't use spyware by Waccoon · 2017-05-03 15:19 · Score: 1
  
  If they were upgrading a component of my car, I would not have a problem with it
  Define "upgrade". Companies are constantly telling us that the latest is the greatest, but we all know they're looking for every excuse possible to remove features and slip in extra telemetry and crap we don't want. Even minor changes that are supposed to be improvements can break shit in unknown ways. Maybe I need the older version for testing and/or legacy support reasons? Has it ever occurred to you that not everyone is a dumb, ordinary user who just surfs YouTube and plays games all day? Maybe some of us actually have work to do and rely on software for our livelihood.
  Maybe you're happy living in a world of ignorance, thinking that every update is an upgrade, just because the manufacturer told you so. I'll make my own decisions based on research and critical thinking.
  Your line of thinking just makes it more difficult for me to have any choice in the face of so much corruption.
9. Re:This is why I don't use spyware by n329619 · 2017-05-03 16:16 · Score: 1
  
  All google chrome installations are default to auto-update. Also to change it to not auto-update, you need to change regedit settings, entering commands and/or manually deleting stuff, which sounds very familiar to hmm Windows 10.
  It is clearly not user friendly and focused upon users.
  For any sane business aiming for stability, it's definitely not the best pick.
10. Re:This is why I don't use spyware by n329619 · 2017-05-03 16:40 · Score: 1
  
  From the user perspective, everything remains exactly the same.
  That's what you think and what the user thinks, until something breaks.
  New features always meant new bugs to be fixed.
  We have seen updates on different software including google chrome browsers breaking something.
  For casual common users, it probably wouldn't matter because they don't think it matters. But for business it is either wait and lose business time until google fix it or avoid the time lost by not getting the update or using an alternative.
  Also a change from 32-bit to 64 bit meant that a memory leak now can get up to 4GB+. This means when common users go to a badly design website, now it will eat up to 100% to 50% of their available RAM, slowing their computer significantly.
11. Re:This is why I don't use spyware by AmiMoJo · 2017-05-03 19:18 · Score: 1
  
  Chrome has had automatic updates since day one. These days it doesn't even prompt you, it just updates. People seem to like that on phones and in web apps.
  This is no different to any other update.
  I know us geeks hate it, but most people benefit from automatic updates and even for us we can only keep that old version of Firefox going for so long. The internet and the need for network security has made keeping old software going much harder.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
12. Re:This is why I don't use spyware by Reziac · 2017-05-04 01:26 · Score: 1
  
  Trust me, Google also does forced, silent updates on 32bit machines, up to the limit of OS compatibility. And then whines when it hits an OS version wall.
  Fucking Google is all one word.
  
  --
  ~REZ~ #43301. Who'd fake being me anyway?
13. Re:This is why I don't use spyware by Anonymous Coward · 2017-05-04 03:51 · Score: 0
  
  On a more general note, if you want *full* control of your updates, you run Linux or xBSD. Chrome does *not* auto-update on Linux - Google plays nice by providing a repository, so it gets updated in the same way as everything else - i.e. when/if *you* choose.
Security? by DrYak · 2017-05-03 04:58 · Score: 3, Interesting

What does 32 vs 64 bit have to do with security? I'm genuinely curious...
What is has to do is that the architecture that brought 64bits (AMD64), also brought several security features (like NX bit) among others.
32bits software might be targeting architecture that predate the NX bit (e.g.: if you still have an old 32bits .EXE that dates back from the Pentium 4 era, it might be writing to and executing from the same memory area), and perhaps Windows could theoretically not enable NX for 32bits legacy software on these grounds? (to avoid to break old 32bits software ?)
By accelerating the deprecation of 32bits software, they might try to deprecate the non-NX software ?
(That is pure speculation on my part. I have not enough experience with Windows)
(register vs. stack pressure is also different between the 2 architecture. AMD64, in addition to 64bits, also brought twice the number of registers. meaning that more things can be kept on CPU and less needs to be written to the stack. Which could mean less potential candidate in case of stack smashing exploit. But I'm really going on a limb here. Return address is way more interesting to abuse in this case than register value.
It's definitely less probable reason than NX).
I doubt that software would be affected easily by any other difference between the two
(e.g.: warp around at different values, 0x7fffffff vs. 0x7fffffffffffffff
That is highly unlikely : win64 is a LLP64 platform - all integers are still 32bits (both int and long), unless explicitely required (long long, hence the LL) and thus all value still wrap similarily between same source code software compiled for 32bits and 64bits.
only pointers are promoted to 64bits (hence the P) and thus only point math would wrap differently)

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
32 more bits, no magic. by WaffleMonster · 2017-05-03 05:10 · Score: 2

Google earth is only Google application I ever wanted a 64-bit version for because I'm tired of seeing it hit 2GB process limit and promptly crash. Apparently checking memory is too hard.
Unless an app actually legitimately requires more than the 32-bit process limit I prefer 32-bit apps for the following reasons:
1. Slightly less memory overhead /w 32-bit address space.
2. No matter what a user process won't go haywire and run your system out of memory leaving your entire system in virtual memory swap hell.
On windows 64-bit for 64-bit's sake in the absence of a legitimate need to address more memory (A web browser does not constitute a legitimate need) simply because 64 is a higher number than 32 is a fruitless enterprise. All of the technobabble differences are a wash with no tangible benefit to the end user.
1. Re:32 more bits, no magic. by AvitarX · 2017-05-03 06:22 · Score: 0
  
  I'd think security alone is enough to justify it.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
2. Re:32 more bits, no magic. by EndlessNameless · 2017-05-03 07:29 · Score: 2
  
  There are a number of benefits to 64-bit support on Intel-compatible hardware besides the extra available memory:
  1. More effective ASLR = better security
  2. More and larger registers = better performance, although this does depend on what the compiler can do with your code
  3. Guaranteed NX support = better security and/or less platform segmentation (depending on whether or not you used it in 32-bit code)
  4. Guaranteed RIP and SSE/SSE2 support = greater performance and/or fewer code branches due to modern features always being present (aka, finally dump some of that legacy crap)
  
  --
  
  ---
  According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
3. Re:32 more bits, no magic. by slew · 2017-05-03 08:28 · Score: 2
  
  There are a number of benefits to 64-bit support on Intel-compatible hardware besides the extra available memory:
  1. More effective ASLR = better security
  2. More and larger registers = better performance, although this does depend on what the compiler can do with your code
  3. Guaranteed NX support = better security and/or less platform segmentation (depending on whether or not you used it in 32-bit code)
  4. Guaranteed RIP and SSE/SSE2 support = greater performance and/or fewer code branches due to modern features always being present (aka, finally dump some of that legacy crap)
  Hmm, we are talking about upgrading a 32-bit app already running on a 64-bit OS (which has all the goodness you mention). The only issue would be helped by ASLR would be something exploiting a JIT bug or a bug in a 32-bit browser plug-in.
  The real reason they want to move to 64-bit is that it is easier to do effective heap-partitioning in a 64-bit address space. This technique is used to mitigate heap-grooming/buffer-extension and use-after-free exploits (the most common browser initiated exploits). In a 32-bit address space when web-pages can require 2GB just to render mean you can't afford the overhead to do heap-partitioning, so they don't use this mitigation technique in the 32-bit version of the browser.
  The perf is of course marginally better too for 64-bit executable code (more orthogonal register set, more registers, process more data per instruction, etc..) than legacy 32-bit executable code, but that is secondary to the heap-partitioning issue.
  On the other hand, you might argue that forcing a move to a browser that doesn't support the old risky plug-in architecture is the best security upgrade, but you don't *have* to move to 64-bit to stop supporting that plug-in architecture (use by flash). It was just a choice that Chrome made to continue to support it and it's not inherently a 32/64 bit question.
Great! by Anonymous Coward · 2017-05-03 07:13 · Score: 0

Now let us install Chrome (windows) on whatever drive we want instead of C:\ without having to resort to the portable version.
We've only been asking for 6 years.
Yep, it's true by tsstahl · 2017-05-03 07:53 · Score: 1

I read the headline this morning. On a lark, I went to look at my about page to see what I was running. Well, that prompted an update check. Sure enough, I now have 64 bit Chrome on that machine. It could be a coincidence....
Chrome64 by JWSmythe · 2017-05-03 08:27 · Score: 1

That explains a lot. Yesterday, all the extensions in Chrome disappeared. I re-added them, and it was fine. It would have been nice to have some sort of warning, or even a message saying what was done.
The article says they're doing it with the update to 58.0.3029.96 , and I just verified that's what mine is.
Next time, just ask, m'kay?

--
Serious? Seriousness is well above my pay grade.
1. Re:Chrome64 by n329619 · 2017-05-03 16:46 · Score: 1
  
  You're using Google's software and especially google chrome. You shouldn't expect any.
2. Re:Chrome64 by JWSmythe · 2017-05-15 16:43 · Score: 1
  
  I wasn't really expecting Google to do anything based on a comment on a glorified blog.
  
  --
  Serious? Seriousness is well above my pay grade.
Nanny Google? by Anonymous Coward · 2017-05-03 08:46 · Score: 0

Where are the nanny states decriers when the nanny is called Google or facebook?
I feel sorry for QA... by Anonymous Coward · 2017-05-03 12:06 · Score: 0

and the developers who have to track down 32bit-only Chrome bugs :/