Chrome 61 Arrives With JavaScript Modules, WebUSB Support

The latest version of Google Chrome has launched, bringing a host of new developer features like JavaScript modules and WebUSB support. An anonymous Slashdot reader shares a report from VentureBeat: Google has launched Chrome 61 for Windows, Mac, and Linux. Additions in this release include JavaScript modules and WebUSB support, among other developer features. You can update to the latest version now using the browser's built-in silent updater or download it directly from google.com/chrome. Google also released Chrome 61 for Android today. In addition to performance and stability fixes, you can expect two new features: Translate pages with a more compact toolbar and pick images with an improved image picker.

Chrome now supports JavaScript modules natively via the new element, letting developers declare a script's dependencies. Modules are already popular in third-party build tools, which use them to bundle only the required scripts. Native support means the browser can fetch granular dependencies in parallel, taking advantage of caching, avoiding duplications across the page, and ensuring the script executes in the correct order, all without a build step. Google recommends these two blog posts for more information: ECMAScript modules in browsers and ES6 Modules in Depth. Speaking of JavaScript, Chrome 61 also upgrades the browser's V8 JavaScript engine to version 6.1. Developers can expect performance improvements and a binary size reduction. The WebUSB API meanwhile allows web apps to access user-permitted USB devices. This enables all the functionality provided by hardware peripherals such as keyboards, mice, printers, and gamepads, while still preserving the security guarantees of the web.

I'm confused

I was following along until I got to this line:

"while still preserving the security guarantees of the web."

Re:I'm confused

[arglebargle_xiv]

It's pretty straightforward, it means that it'll have the same security as the mass of malware, trojans, droppers, bots, and worms that have made the web what it is today.

Re:I'm confused

[gweihir]

Indeed. But now it can hack your USB devices without hacking your computer or browser first. The sheer stupidity and arrogance expressed in this is staggering.

I wish this was at the beginning of the summary

[epyT-R]

while still preserving the security guarantees of the web.

I would've stopped reading right there.

security guarantees

[zlives]

you mean a zero day to follow ?!!
you mean unintentional (wink) programming flaws that leak user info?

i guess me and the other 5 people on the planet still worried about security will not be installing it. good luck the world.

Re:security guarantees

and you are even using the internet how? did you personally audit the code running on your machine line for line.

Re:security guarantees

Nope. I also don't inspect and sniff every bit of food i put in my mouth for pathogens. Just the food that looks 'off' in some way or another.

This gives Chrome a delightful green hue that smells faintly of almonds and gym socks.

Re:security guarantees

Honestly wtf does "while still preserving the security guarantees of the web" even mean? Scouts honour, we won't access your usb webcam - we leave that for the shady ad server companies? We'll only index your external usb drive if you or the nsa ask us nicely? No computer fingerprinting will occur if you select the option hidden ten layers down behind a tab labelled "beware the tiger"?

And good luck not installing when every other lemming browser starts running off the cliff shouting "me too me too". Honestly I've lost count of the number of times I and others have said "I won't be doing x" only to find ourselves doing it 1/2/5/10 years down the track because fuck it, resistance is exhausting and I'm tired of using 10 year old tech.

Re:security guarantees

Fuck off you piece of shit. Guess we should all have a google or shoved up our ass by the standards of dipshits like yourself.

Re:security guarantees

[Gr8Apes]

I uninstalled Chrome back around 28. Even then, I only had it installed for support reasons. It's in a VM now, and that's where it will stay. I think your responses say there's more than 5 people in our group.

Re:security guarantees

[zlives]

no no, its 5, we just like to post as multiple personas to confuse THEM :)

Nope.

[Gravis+Zero]

This JavaScript bullshit has gone too far. It's features are already abused too much, this will just make things worse.

Re:Nope.

This JavaScript bullshit has gone too far. It's features are already abused too much, this will just make things worse.

Maybe you will abuse it, as you're doing it with apostrophes.

Re:Nope.

[Eravnrekaree]

A good idea is to simply whitelist what sites you want to allow Javascript to be run in. Also, Javascript being interpreted, there's no excuse for having some sort of feature to put a "speed limit" on javascript and automatically disable javascript that uses too much CPU.

Javascript is critical and desirable in some sites, in particular messaging, office online applications and so on. If the browser didnt have Javascript, you would end up with Flash again, a lot of proprietary plugins, which are much worse,where there is little or no opportunity be able display on non javascript browsers. Its better to have open standards and open source to fill the need rather than to let the proprietary crap do it.

Re:Nope.

Not until it fully replaces Java Applets and Flash, down to each and every exploit.

Re: Nope.

You should be using it possessively. You're saying, "It is features are already abused too much, this will just make things worse."

I wish paranoia wasnt my first thought

Just a reminder to everybody: Goolag is no longer a friendly place for engineers.

When I look at this webusb I immediately think 'thats a new CIA hacking vector'. ...

Mozilla's Servo falls even further behind.

This just goes to show how Chrome is really driving the web forward.

While Chrome is implementing new technologies, we see Firefox basically just copying Chrome. Firefox only just got multi-process support, many years after Chrome offered it. Firefox is now moving to an extension model that's nearly identical to Chrome's. And we can't forget how Firefox's UI imitates Chrome's in so many ways.

Really, I can't think of the last innovative thing that Firefox has added. It's like they're constantly playing catch-up to Chrome now.

Even worse is Mozilla's Servo project. For those who don't know, it's Mozilla's attempt at a new browser engine, written in Rust (which itself has been quite a debacle, I think). It has had enough trouble even getting to where browsers were 15 years ago. Now each release of Chrome leaves Servo further and further behind.

With Mozilla bungling things so badly, and with Firefox's market share dropping into the low single digit percentages, it's like Google has become the only browser vendor deciding the future of the web. Sure, Apple, Microsoft and others probably have some input, but a web technology doesn't really exist until Google implements it.

Re:Mozilla's Servo falls even further behind.

I hope it takes Firefox a REALLY long time to copy this, because I'm not a dumbass.

Re:Mozilla's Servo falls even further behind.

Huh? Firefox's problem isn't that it *fails* to implement every brain-dead thought-bubble from some guy who never bothered to ask if it actually was a good idea or just another security hole: Firefox's problem is that it has strayed too far from being a simple, lightweight, *fast* browser and become a bloated lemming with a fixation on reinventing the wheel every other release as it strives to become chrome v2.0.

Re:Mozilla's Servo falls even further behind.

the last innovative thing, that would have been xul, it was very popular but it seemed they could describe rdf fundamental to new developers inside mozilla.

Do other browsers support these JS modules?

Do other browsers support these JS modules?

No Goolag products here

I'm certainly not using it after their disgraceful firing of Damore.
The chief Diversity Officer at Goolag :
"Part of building an open, inclusive environment means fostering a culture in which those with alternative views,
including differentpolitical views, feel safe sharing their opinion"

And then proceeded to fire him. I wonder how safe all the other wrong thinkers feel now.

In "1984" the ministry of Truth was the one of propagande, the ministry of Peace was the one of War and, in Goolag,
the "Diversity Officer" is anything but.

Web browser and USB??? Bloody idiots. :-(

Which stupid idiotic moron thought it was a good idea to allow USB access from a web browser ? :-(
For goodness sake, just how bloody clueless are the Chrome developers ?
I suppose this is going to be coming to whatever is left of Firefox very shortly. :-(

Re:Web browser and USB??? Bloody idiots. :-(

Also coming web serial port, web Firewire and web smoke signals.

Re:Web browser and USB??? Bloody idiots. :-(

Read the Google blog post. They can now query your device for the amount of Ram, the type of internet connection, and a bunch of other bullshit that decently programmed websites have no business knowing anyway.

Re: Web browser and USB??? Bloody idiots. :-(

Where the F have you been? Google has long dedicated Chrome to being the entire OS even when it's installed on top of an already full featured platform. It's just one more step into the absurd based solely on Google's need for you to be constantly in web apps where they can track you and show you useless advertisements.

Re:Web browser and USB??? Bloody idiots. :-(

[gweihir]

These are people with a "can do" attitude and the skills to back that up. Unfortunately, these are also young and inexperienced people that vastly overestimate their own skills and that think it could never happen to them. To make matters worse, they are living inside the Google filter-bubble.

This is a catastrophe in the making.

Incidentally, read a few "scientific" publications by Google people to find out how utterly clueless they are about reality, all while thinking they are the greatest engineers ans scientists ever. Most really good people have left Google (I know a few) and what is left has failed to realize they are the dross. And they then make demented decisions like this one.

Subtle moves towards mobile webapps again

This is nothing more than another subtle move to try to push people towards web-apps (like palm-pre, mozilla phone (lol!), and other devices that failed miserably)

Nobody wants webapps. Nobody wants webapps on mobile. Stop trying to give us them because they'll always be shit.

Native apps work, and don't need a google connection.

Re:Subtle moves towards mobile webapps again

Native apps work, and don't need a google connection.

Well yeah, that's why Google thinks they're broken.

Google, trying to out-NSA the NSA.

WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

HOLY FUCK! I've read one of the articles, and it mentions some stuff that I find really, really, really fucking creepy.

The Network Information API is now available on desktop as well as Android, enabling sites to access the underlying connection information of a device.

HOLY FUCK! I don't want my browser to be able to give web sites access to that info!

The Device RAM API is now available, exposing the amount of RAM on a user’s device to sites to optimize overall performance of a web application.

HOLY FUCK! I don't want my browser to be able to give web sites access to that info!

Sites can now access an estimate for the disk space used by a given origin and quota in bytes via the Storage API’s new navigator.storage.estimate() function.

HOLY FUCK! I don't want my browser to be able to give web sites access to that info!

Sites can now use the Clear-Site-Data header to delete their own client-side data, such as cookies, service workers, storage, and cache entries.

HOLY FUCK! I don't want my browser to be able to give web sites access to do that!

HOLY FUCK! I don't want this stuff!

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

[epyT-R]

Welcome to the future, comrade. It is time to goosestep your thoughts in line with proper Party etiquette.

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

Let's not overreact.

Allowing sites to clear their own site data is totally fine. It allows them to just do it all at once instead of having to go through and erase everything individually, or more likely, just clear their login cookie. This is a plus.

Estimating the amount of storage used by their stored data is equally good. Especially since there are limits to it. If you don't like stored data at all, so be it, but this makes it better, not worse.

Network information api is probably harmless. Sites already know your IP address, and it's not like this gives them a port scan of your network. It does allow them to make more accurate decisions about how much data to send, for example high quality video on a lan but low quality on cellular.

Exposing the amount of ram is a mistake. That will only be used for profiling/fingerprinting.

USB access seems like it could suck or it could be ok. Have to wait and see. Almost certainly will be easy to disable, even in Chrome.

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

No kidding. Google has morphed quickly from a simple search engine into a bizarre chimera of thought police and advertising/propaganda factory.

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

Estimating the amount of storage used by their stored data is equally good.

No. The amount of space varies by client from 2MB to 10MB, if I recall correctly. Let's say that I want to track you: I have the client allocate a random amount of garbage data within 1MB of that space, and then I never touch that data again but still report back its size on each pageload. That gives me another fingerprint to let me identify you even if you block cookies. You might know to delete your caches and storage from time to time, but you might not.

The network interface api doesn't seem too bad - that was all stuff that was getting profiled already. RAM API is an abomination. USB could be nice for things like the next generation of yubikeys.

Re: WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

If they can save data client-side, they've already won as far as profiling goes. Just save some sort of user ID.

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

[KingMotley]

Why would you even bother? If you give access to the storage API, just generate a GUID and store that for retrieval on each subsequent hit. It's a much better beacon than what you proposed.

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

[blindseer]

Wait until the next version, added features will allow Chrome to:
- Erase the presets on your car stereo
- Leave the toilet seat up
- Drop cigarette butts on your front stoop
- Spit in your orange juice
- Fart in the elevator
- Put sugar in your gas tank
- Mismatch your socks
- Implement the blink tag

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

This is a user fingerprinting wet dream

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

[Billly+Gates]

Now just give it a decent editor and init boot config and you have a full SystemD competitor and OS as well.

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

[Billly+Gates]

If the article replaced Chrome with IE I doubt you would be saying this.

Hell everyone here would be freaking out and talking about how their jobs would be on the line with new ransomware or subverting standards in JavaScript.

But it's ok to relax because Google is cool. I saw a similar attitude with Apple here turn of the century. Apple was Soo open to standards and would never be abusive +5 rating etc. We saw what happened.

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

Exposing disk size, available space, RAM, etc, is all *REALLY USEFUL* for fingerprinting a device and generating a unique ID.

You can then be tracked. Advertisers and nation states will FUCKING LOVE this!

Lovely!

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

But it's ok to relax because Google is cool.

You had your head in a bucket for the last few years? About 95% of Goggole related comments on here these days are 'Google is teh Spyware/evil'

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

You don't want a site to be able to delete its own cookies or know how much data it has stored on your device? But you are OK with the site storing the cookies in the first place?

Re:WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

[cordovaCon83]

Now implementing the blink tag, that's just too far!

Re: WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

[tigersha]

Now if Chrome will leave the toilet seat down my wife will be all for it and then I would have to install it on her machine.

Re: WHAT THE FUCK?! I DO NOT WANT THIS SHIT!

Yes, because extensions can manage cookies for me, but not this shit.

"security guarantees of the web"

The what? Since when the hell ever has the web had any security guarantees? It is pretty much the opposite of security guarantees. Who writes this shite?

Re:"security guarantees of the web"

[Fly+Swatter]

I think they are just being honest. "We have as much security as the wide open internet." Hopefully systemd has a method for blocking USB device access to a specific application, in this case chrome.

Had to block chrome from using dbus because it kept the computer from sleeping even with a blank page open. Chrome is bad at cleaning up it's dbus power manager locks.

Re:"security guarantees of the web"

[gweihir]

You think systemd will save you? If I were religious, my prayers would be with you....

But I need WebBIOS

I'm hoping that the next version of Chrome will allow web pages to automatically update my BIOS. It would be really useful for sysadmins and OEMs!

/sarcasm/

Re:But I need WebBIOS

use a WebUSB loopback connector. /sarcasm. I think./

Just click No

[tepples]

HOLY FUCK! I don't want my browser to be able to give web sites access to that info!

Then click No when the browser asks you if a particular origin should be able to use a particular API. Depending on localization decisions made before launch, the No button may be labeled Deny or Block or Don't Allow.

Re:Just click No

[Billly+Gates]

Yeah it's not an ad can't click allow for you

Re:Just click No

[AmiMoJo]

I just tried the Network Information API sample on Chrome for Android (https://googlechrome.github.io/samples/network-information/).

No permission request, it was enabled by default and there does not seem to be a way to disable it. It knew I was on cellular and that the downlink speed was 3.6Mb/sec (optimistic but basically correct).

As the AC said, HOLY FUCK.

Re:Just click No

I just tried the Network Information API sample on Chrome for Android (https://googlechrome.github.io/samples/network-information/).

No permission request, it was enabled by default and there does not seem to be a way to disable it. It knew I was on cellular and that the downlink speed was 3.6Mb/sec (optimistic but basically correct).

As the AC said, HOLY FUCK.

I think it was VLC that had a tuning knob that went something like novice, experienced, expert, master of the known universe. Ultimately they need API options that allow for some fine level of control and at least some UI settings to allow greater privacy. If say you authorized a plugin to change the settings so it didn't fit one of the defaults then that button should be grayed out and a question button or something that brings up what is really going on.

In short, I think we are pushing too far into the one size fits all configurations. Some people do care about privacy. Adding some granularity and control is not a bad thing.

Re:Just click No

[Waccoon]

Is this another one of those illusions of control where, "you can always opt-out, unless you can't for some unexplainable (or inconvenient) reason."

Re:Just click No

And how long before we get a bunch of stark white pages unless we yes to all of them? Keep in mind that killing JS on more and more sites makes them show nothing at all.

Re:Just click No

[tepples]

If a site offers a stark white page, visit it's competitor that offers something other than a stark white page, such as a static (HTML+CSS only) document or a native application for Windows or Wine.

Re: Just click No

Good luck with that in 2 years.

LibreJS

[tepples]

and you are even using the internet how? did you personally audit the code running on your machine line for line.

Some people use a Firefox ESR extension* called LibreJS. It's similar to NoScript, except it automatically whitelists any script that it can verify as having complete corresponding source code available under a free software license. This preserves the user's ability to audit code that runs in the browser's ESVM.

* I refer to this as a "Firefox ESR extension" because it uses Jetpack, not WebExtensions.

Re:LibreJS

[Dog-Cow]

All JS which executes in your browser has complete source available. The license doesn't matter in the slightest.

Re:LibreJS

This preserves the user's ability to audit code that runs in the browser's ESVM [gnu.org].

You don't need a free software license to audit the code, you just need the source code and by default JavaScript is delivered as source code.

Of course neither will help you today where a single page can load multiple megabyte of JavaScript from various sources. Have a nice week reviewing even one page you visit.

Re: LibreJS

[tigersha]

WebASM will prett much eliminate that, unless you want to review assembler

It has a deny button

[tepples]

Scouts honour, we won't access your usb webcam - we leave that for the shady ad server companies?

I think the idea is that it follows the same permission pattern as WebRTC:
"shadyadnetwork.com wants to access your webcam" - "Deny"

Re:It has a deny button

[fibonacci8]

Somewhere in an event log "shadyadnetworked wanted access to your 3D printer" - "auto-granted via WebUSB settings"

ECMAScript is JIT compiled

[tepples]

Javascript being interpreted

Major ECMAScript virtual machines (ESVMs) haven't been primarily interpretive for several years. All have JIT compilers nowadays.

If the browser didnt have Javascript, you would end up with Flash again

That or web applications would have instead been written as native applications that run outside the browser in the first place. This means an application would ship as a Windows installer, a macOS disk image, and if you're lucky a CentOS package and a Debian package. Or they'd be like the NES emulator Mesen: an executable for the CLR that runs on .NET Framework under Windows or on Mono under macOS and GNU/Linux.

"Sorry, not available for your platform."

[tepples]

Which stupid idiotic moron thought it was a good idea to allow USB access from a web browser ?

Somebody who was interested in a particular native application that interacted with a USB peripheral but felt disappointed after he discovered that it was exclusive to an operating system other than the one that his PC runs.

A new vector

[fibonacci8]

Counting down to the first malware strain that sends advertisements to a 3D printer via WebUSB without users intervention...

Re:A new vector

[mentil]

That's not a 3d printer, that's a teledildonics device!

Re:A new vector

[thegarbz]

I hope the first thing it prints is a giant penis.

Re:A new vector

[Billly+Gates]

A life sized model of goatse man Johnson for the trolls op codes on web forums will be the newest rage

Re:A new vector

[gweihir]

Indeed. Also waiting for ransomware on devices like printers: "Pay $100, and you will get your original firmware back". On the plus side, research into setting devices on fire via software has lagged a bit in recent years. I think this will pick up again.

Native apps are also OS-specific.

[tepples]

Native apps work

Only on one operating system. Good luck (legally) running a native app distributed as a .dmg on anything but a Mac.

Re:Native apps are also OS-specific.

[theweatherelectric]

Native apps are also OS-specific. Only on one operating system.

Nope. Windows runs Linux binaries. FreeBSD runs Linux binaries. Linux, BSD, and macOS run Windows binaries. Windows 10 on ARM runs x86 Win32 binaries.

And that's not even mentioning of cross platform native applications. I use the same web browser and email client on all three operating systems I regularly use.

How are native applications only on one operating system again?

a brand new version , eh?

Maybe it's not as stable as they believe. I was just trying to install google chrome on a newly installed system and it just plain don't run. Il try again in a few weeks when they bring out the 61.01 version. :-)

WTF, VentureBeat?

issue 1) this was already available as of Chrome 60 (behind a flag)

issue 2) as of Chrome 62 (Canary), the modules were not (as yet) loading in the correct order.
The module loader still gets confused if the nesting is too deep (I have to manually order part of the loading).

issue 3) it's not a "new element". It is new attributes on the same old element.

Seriously, don't go with what VentureBeat says about anything technical. As if they would even have a clue.

How practical is "Let 'em drink Wine"?

[tepples]

Native apps work

Only on one operating system. Good luck (legally) running a native app distributed as a .dmg on anything but a Mac.

Nope. Windows runs Linux binaries. FreeBSD runs Linux binaries. Linux, BSD, and macOS run Windows binaries. Windows 10 on ARM runs x86 Win32 binaries.

Then what else runs macOS binaries? I thought this was clear from "distributed as a .dmg", as .dmg is the archive format commonly used to distribute macOS applications outside the Mac App Store.

So until a particular developer can scrape together the budget to produce multi-platform releases, is the solution to test in Windows and in Wine on either FreeBSD or GNU/Linux, distribute Windows binaries, and expect users of GNU/Linux, FreeBSD, and macOS to use Wine? If so, this strategy still misses mobile.

And that's not even mentioning of cross platform native applications. I use the same web browser and email client on all three operating systems I regularly use.

That's because the Chrome and Firefox web browsers and the Thunderbird mail client have enough of a budget for multi-platform development and testing. A hobbyist or startup may not have enough financial resources to launch simultaneously on all native platforms. "Just use Qt" isn't enough; a developer still has to buy the appropriate hardware (namely a Mac with enough RAM to run the other operating systems in VMs) and spend labor on testing on all supported operating systems.

Re:How practical is "Let 'em drink Wine"?

[theweatherelectric]

That's because the Chrome and Firefox web browsers and the Thunderbird mail client have enough of a budget for multi-platform development and testing.

I use the same image editor on all three platforms. I use the same network analyzer on all three platforms. I use the same video tools on all three platforms. I use the same office suite on all three platforms. I use the same shell, the same command line tools, the same interpreters on all three platforms.

The claim that native applications equal only one operating system is plainly false. It's pointless trying to defend that position.

Re:How practical is "Let 'em drink Wine"?

Then what else runs macOS binaries?

So, you are not asking about running the same software on all operating systems, you are asking specifically about running MAC software on all operating systems...

Please explain how letting random web sites access you hardware is going to help with that.

Re:How practical is "Let 'em drink Wine"?

[tepples]

So, you are not asking about running the same software on all operating systems, you are asking specifically about running MAC software on all operating systems...

I was using Mac software as a counterexample to the implied claim that all PC operating systems can run software for all other PC operating systems through compatibility layers.

If a hobbyist or startup developer uses one operating system and doesn't yet have the money to acquire lawfully made copies of other operating systems or the hardware to run them or doesn't yet have the time to test thoroughly on other operating systems, what should he do to make his application available to users of other operating systems?

Re:How practical is "Let 'em drink Wine"?

With Java you don't need extra budget for multi-platform development and testing. Yes the .jar files work on Mac, you don't have to buy Mac.

Re:How practical is "Let 'em drink Wine"?

[tepples]

With Java you don't need extra budget for multi-platform development and testing.

Provided your application doesn't need any native libraries called through JNI. If it does, you need to buy a Mac on which to test integration with the Mac version of each such library.

Re:How practical is "Let 'em drink Wine"?

JNI calls in Java app are really rare. Now if your Java application needs native lib calls via JNI, then your web app counterpart will suck even more. At this moment there is no way your web app be able to call native libs in client.

Re:How practical is "Let 'em drink Wine"?

[tepples]

At this moment there is no way your web app be able to call native libs in client.

True, but if I tried, I could probably think of a few applications that require some WebWhatever functionality that exists in the HTML living standard but has no counterpart in the Java SE standard library.

Click a Google maps link on Android 7

Google maps starts up, asks you if you consent to Google improving positioning with wifi data, you say "disagree" and maps closes.

GPS works, but Google wants to sniff the surrounding wifi devices. Including all the devices you don't own, and cannot agree to let Google sniff them.

Once agreed to, it quietly does this all the time, even switching on WIFI when the device is asleep to take a look at whose around you. All of this is sent off to Google.

So that "no" button will be called something else, attached to a misleading dialog, and Google will not tell you the true extent of the information its collecting on you. Labelling anything it gets from datamining as "Google's data, not your data".

No client of Chrome has asked for this, it's done to allow better profiling of devices behind the firewalls.

Better browser

[sproketboy]

https://brave.com/

Transpiler result != source code

[tepples]

All JS which executes in your browser has complete source available.

Just because it has the same syntax as source code doesn't mean it's source code. A transpiled or minified ES program is not "the preferred form of the work for making modifications to it." That'd be like saying the assembly language output of a C++ compiler is source code because some people write programs in x86 or x86-64 assembly language.

Most sites do not use the default

[tepples]

by default JavaScript is delivered as source code.

Most major sites do not use this default scenario. Instead they send the program in minified form, which strips out meaningful variable names, meaningful function names, and comments, because the Gzip encoding of a minified script is smaller than the Gzip encoding of its source code.

Use a competitor

[tepples]

you say "disagree" and maps closes.

If Google Maps requires surveillance of users' locations at all times as a condition of use, and you disagree with this surveillance, try this: Close Google Maps, use a competitor, recommend a competitor to your friends, and explain on your blog why you use a competitor.

If an ad can click Allow, it's a serious bug

[tepples]

Permission requests are presented through a UI element presented by the web browser, which floats over the HTML document and (at least in Firefox) partially extends into the location bar. A script in an advertisement being able to activate this is considered a serious security defect in the browser, which browser makers promise to fix as soon as discovered.

Re:If an ad can click Allow, it's a serious bug

[Billly+Gates]

Last I checked javascript can take over the cursor. If the hacker knows where the dialog box is it can insert alt tab and click ok or move the mouse cursor over to allow itself.

Re:If an ad can click Allow, it's a serious bug

[Billly+Gates]

Actually Tepples I take back my other post as I just thought of something. Since Chrome allows memory access why can't a hacker just insert the enabled = true directly into the ram to install other software?

Yes it is a secure flaw which IS WHY NO BROWSER SHOULD access javascript sessions in other tabs (hence why I stopped using Firefox as it just this year caught up to 2009) or use memory. Sure you can try to patch a particular flaw but the very feature eliminates the sandbox in lowrights mode in %appdata.

It is only a matter of time before a hacker discovers a flaw in this as it is just one step away now instead of 2 or 3 from accessing ram addresses.

Re:If an ad can click Allow, it's a serious bug

[tepples]

Last I checked javascript can take over the cursor.

I assume you're referring to the pointer lock API. Running the linked demo of the pointer lock API doesn't engage until the user makes a gesture on the playfield, and then it shows a pop-up notification that a particular origin has control of the mouse pointer. This notification states the domain with control and that the user can press the Esc key to end pointer lock. And when pointer lock ends, the pointer is in the same position it was when pointer lock began.

Re:If an ad can click Allow, it's a serious bug

[tepples]

Since Chrome allows memory access

To which API are you referring? Google chrome javascript memory access returned nothing relevant. There is chrome.system.memory , but that's available only in extensions that declare the system.memory permission, not to scripts in an HTML document. Or are you referring to rowhammer?

Re: If an ad can click Allow, it's a serious bug

If you don't trust Firefox (derivatives), who do you trust? No browser on win10, obviously not chrome (maybe chromium with mods?). What?

Projects not quite as popular as GIMP or LO

[tepples]

the Chrome and Firefox web browsers and the Thunderbird mail client have enough of a budget for multi-platform development and testing. A hobbyist or startup may not have enough financial resources to launch simultaneously on all native platforms.

I use the same image editor [gimp.org] on all three platforms. I use the same network analyzer [wireshark.org] on all three platforms. I use the same video tools [ffmpeg.org] on all three platforms. I use the same office suite [libreoffice.org] on all three platforms.

GIMP, WireShark, FFmpeg, and LibreOffice are well-known free software projects with enough of a labor budget for multi-platform development and testing. The 1- or 2-person team behind another native application you come across may not. What should the developer of an application that isn't quite as popular as GIMP, WireShark, FFmpeg, or LibreOffice do to lower the cost of multi-platform building and testing?

Re:Projects not quite as popular as GIMP or LO

[theweatherelectric]

What should the developer of an application that isn't quite as popular as GIMP, WireShark, FFmpeg, or LibreOffice do to lower the cost of multi-platform building and testing?

Use Pascal.

Re:Projects not quite as popular as GIMP or LO

[tepples]

What should the developer of an application that isn't quite as popular as GIMP, WireShark, FFmpeg, or LibreOffice do to lower the cost of multi-platform building and testing?

Use Pascal [freepascal.org].

Testing an application built in Free Pascal on a Mac still requires a Mac. Testing an application built in Free Pascal on Windows still requires a Windows license. Testing an application built in Free Pascal on GNU/Linux still requires either a PC with hardware compatible with GNU/Linux or enough RAM to run a VM, and laptop makers have tended to skimp on both. What's the preferred way for a 1- or 2-person development team to work around this?

Re:Projects not quite as popular as GIMP or LO

[theweatherelectric]

What's the preferred way for a 1- or 2-person development team to work around this?

Pretty simple. It's a two step plan:

1. Buy a Mac.
2. Run Windows and Linux on it as well

Re:Projects not quite as popular as GIMP or LO

[tepples]

This raises three questions.

1. First, is a new application generally expected to ship on Windows, GNU/Linux, and macOS simultaneously from day one?
2. Second, if a new application is expected to ship on Windows, GNU/Linux, and macOS simultaneously from day one, what's the preferred way for a 1- or 2-person development team operating as a bootstrapped startup whose staff currently own non-Mac computers to fund the purchase of a Mac before realizing any revenue?
3. Third, why is it desirable for the market that Apple have a monopoly on personal computers used for development of applications?

Re:Projects not quite as popular as GIMP or LO

[theweatherelectric]

This raises three questions.

It doesn't raise any questions. It's a two step plan. Follow it.

Re:Projects not quite as popular as GIMP or LO

[tepples]

Step 1 of the plan is "Buy a Mac." The second question is "How do I afford a Mac?"

Re:Projects not quite as popular as GIMP or LO

[theweatherelectric]

The second question is "How do I afford a Mac?"

How do you afford any other computer? Do the same thing.

Re:Projects not quite as popular as GIMP or LO

[tepples]

Someone who starts to develop software is likely to already own a non-Apple computer for other reasons. Affording what you already own is a no-op. And even if not, a non-Apple computer costs half the price of a Mac.

You'll end up with "GNU/Linux: Download RPM or DEB | Windows: Download MSI | Mac: Back our campaign".

Re:Projects not quite as popular as GIMP or LO

[theweatherelectric]

You'll end up with "GNU/Linux: Download RPM or DEB | Windows: Download MSI | Mac: Back our campaign".

And yet, strangely, that never seems to happen. The world is full of cross platform software. Your tedious narrative designed to support your weak argument is simply not reflected in the real world. Your imagined costs aren't the barriers you would like them to be.

Re:Projects not quite as popular as GIMP or LO

[tepples]

And yet, strangely, that never seems to happen.

"Never" is a strong word. I contend that the following is a counterexample: The application FamiTracker has no Mac port. It is made for Windows and works correctly in GNU/Linux under Wine.

The world is full of cross platform software.

I imagine that much of multi-platform software exists because the company that made it was large enough to afford the extra expense of a multi-platform release.

Re:Projects not quite as popular as GIMP or LO

It is made for Windows and works correctly in GNU/Linux under Wine.

So.. you've successfully contradicted your original claim that native applications equal only one operating system. Nice one.

When you're disagreeing with yourself you no longer need me.

Re:Projects not quite as popular as GIMP or LO

[tepples]

FamiTracker version 0.4.6 from famitracker.com works correctly under Wine. A fork called 0CC-FamiTracker 0.3.14.5 from hertzdevil.com does not, instead working only under Windows.

There's still "choice", you say.

Bullshit.

It's called a rolling phase-out.

what's the point of USB API

I'm having a hard time imagining what would I gain by allowing sites to access my mouse or my printer. For as far as I can remember I could use my mouse to navigate web pages and could print from my browser. What am I missing?

--alqu

Re:what's the point of USB API

- Scales integrating with e-commerce sites. So low-to-mid volume sellers will be able to generate labels directly from an integrated label creation site without having to enter weights manually.
  - Web games integrating with your xbox controller
  - Specialty devices such as consumer die-cutting machines can directly integrate with company's website rather than needing to deploy a thick client. (I'm not a fan of this, but it is definitely where the industry is going, so you'd may as well remove needing a custom extension)
  - YOU might not gain from it, but there's also industrial usage. Look at mettler-toledo's products, any of those that have a usb driver can now be integrated directly on a company's internal website.

Block autoplay HTML5 video

[Teckla]

Uh, yeah, thanks, Google...

But can you please build into Chrome a feature that allows users to block HTML5 video that autoplays?

Please?