back to article Google Chrome 69 gives worldwide web a stay of execution in URL box

Google Chrome 70 arrived as a beta release on Thursday, bringing with it a handful of meaningful improvements and some more esoteric features of interest to developers. Available on the Chrome Beta channel for Android, Chrome OS, Linux, macOS, and Windows – the iOS beta requires participation in Apple's TestFlight program – …

  1. JohnFen

    Can someone explain this to me?

    From the bug thread: "We plan to initiate a public standardization discussion with the appropriate standards bodies to explicitly reserve “www” or m” as special case subdomains under-the-hood."

    What?! Why in the world would anyone think this is a good idea?

    1. Giovani Tapini

      Re: Can someone explain this to me?

      Cat already well away from bag to discuss regardless of merit or lack of. Drop it Google

    2. JohnFen

      Re: Can someone explain this to me?

      Apparently, nobody can explain why anyone would think this is a good idea. Not surprising, as it seems like a terrible idea on its face, but I was hoping for some sort of reason for it nonetheless.

  2. Crazy Operations Guy

    "The Chrome team has also updated the browser's Web Authentication API with a third type of credential, PublicKeyCredential, to complement the two other types it already supports, PasswordCredential and FederatedCredential"

    So, wait, are they just now supporting x.509 / PKCS? That method of authentication has been around for decades... Or is it that the browser is now implementing the whole thing itself (which a whole other bit of failure). Really, to be secure, it should be that the browser receives a challenge from the authenticator, passes the challenge off to the OS, then the OS handles the key decryption and decryption of the challenge, returns the response to the browser, then the browser forwards it on to the authenticator. Having the browser aware of the keys themselves is quite worrying...

    It feels like this is just going to end in failure like when OpenSSL decided to implement their own malloc().

    1. Jan 0 Silver badge

      It looks to me as if Chrome is making a bid to become the operating system.

      1. Anonymous Coward
        Anonymous Coward

        "It looks to me as if Chrome is making a bid to become the operating system."

        First Google came after the browser and nobody said anything.

        Next Google came after the OS and nobody said anything.

        Then Google came for the kernel and nobody could do anything

        1. Anonymous Coward
          Anonymous Coward

          Then they came after systemd.

          All that was left was M$.

          - that children is how the Internet died.

      2. Anonymous Coward
        Anonymous Coward

        With M$ Windows dead as a dodo

        it has to be Google vs Linux then.

        1. Anonymous Coward
          Anonymous Coward

          Re: With M$ Windows dead as a dodo

          Give me your tired, your poor, your huddled masses yearning to have their GDPR rights violated with real time personally-targeted Ad bidding fed off of their private personal data.

        2. tentimes

          Re: With M$ Windows dead as a dodo

          Windows 10 is alive and well. And, when you compare it to Linux, it is the smoothest, most responsive and fit looking operating system around. I love it. I hate that I love it, I wish Linux is better and I do use Linux in a VM context, both on my host machine and my VPS. Linux is excellent for those tasks but it falls down terribly as a usable operating system for your main machine. God knows I tried (with Ubuntu and a couple of other variants). But you need to be some kind of magician to be able to keep it running. I did once get a RAID running on it. But it took me several weeks and many failed attempts. I even wrote an article at one stage about how to get it working correctly with an intel controller. Too much work. RAID in windows just works and I can rely on it.

          1. Anonymous Coward
            Anonymous Coward

            Re: With M$ Windows dead as a dodo

            Linux is ready for the desktop, but Windows users aren't ready for Linux.

            1. Anonymous Coward
              Anonymous Coward

              Re: With M$ Windows dead as a dodo

              Au contraire. Linux is ready for the desktop, but Gnome is not. There's lots of stuff that the Gnome Project and Freedesktop.org have introduced over the years that have made the desktop experience better on Linux. But there are still many things that either don't work at all, or work inconsistently enough that it would be better if they were removed and only reintroduced when they were more reliable. Like resolved, for example. Stating the obvious, that Linux is superior to Windows, isn't really very useful because it sets the bar way too low. The Linux user community really needs to get tough when it comes to this stuff. We're not just a bunch of Apple fan-boys, are we?

              1. JohnFen

                Re: With M$ Windows dead as a dodo

                "Linux is ready for the desktop, but Gnome is not"

                No big deal, though. I personally hate Gnome. However, there are numerous options aside from Gnome, so you can be pleased regardless of how you feel about it.

              2. quxinot

                Re: With M$ Windows dead as a dodo

                Gnome's direction and quality explains why Mate is such a hit. And rightfully so, it's at the sweet spot of usability and customizibility for the vast majority of use cases.

                When it isnt, there's a whole medley of other choices. And that is one of the best parts of linux on the desktop!

          2. Updraft102

            Re: With M$ Windows dead as a dodo

            Windows 10 the most fit looking?

            Did you mean shit looking?

            It's the most ugly, disjointed piece of crap that I've ever had the displeasure of seeing. I avoid it like the plague it is, but when I do briefly find myself using it, I feel a deep, guttural revulsion that makes me want to get out of there and into something better post-haste. The white on white with a side of white interface, flat and featureless, not only hurts the eyes, but gives few cues about what it does. The UWP bits are flat and ugly too, but a different flat and ugly, not being bothered to follow the system theme themselves, but to impose their own. It's a mess... and if I were ever tasked with making an implausibly ugly OS, I would think the result would be far more attractive than what Windows 10 looks like. It takes real talent to reach those depths of ugly, and I don't have it in me.

            When is this "you have to be a magician to keep it running" effect supposed to happen? I've admittedly only been using Linux for 3 years, but it seems like that would be long enough for any need for any magic to manifest itself. It hasn't been a problem... it just keeps working, day in and day out, without needing any heroic measures. Reading about the disasters that keep coming every 6 months from Redmond strikes me as more like what you wrote, with multi-hour upgrades that frequently break things that used to work (or that after having wasted hours of your time, it decides it can't continue, and without giving a shred of useful information, wastes more hours reversing itself, only to try the upgrade again as soon as the cycle is complete).

            Windows may be yet alive, but it's not alive and well. It's alive and on borrowed time. You can't treat your users like crap and expect to keep them, and MS knows this. It's why they never went so far as to use their monopoly power to force Vista on people who refused it... there were lines not even "M$" would cross, back when they used to care about keeping Windows healthy and vital long-term. Quite evidently, they no longer do. They know what they are doing is slowly killing Windows, and nothing but vendor lock in and inertia is keeping it going now. It's utter shite, and everyone knows it, certainly including Microsoft. It's that way by design.

            I don't know how anyone can like 10. I know some are paid to like it, but wow, even if I were being paid handsomely to pretend it's great, I don't know if I could pull off such a magnificent con.

            1. tojb

              Re: With M$ Windows dead as a dodo

              But when I turn on windows 10 it spends 20 minutes displaying a message that it is "making my experience better"! Soon the experience of win10 users will surely be amazing!

              1. Michael Wojcik Silver badge

                Re: With M$ Windows dead as a dodo

                But when I turn on windows 10 it spends 20 minutes displaying a message that it is "making my experience better"!

                It's better in the sense that for 20 blissful minutes you are unable to experience Windows 10.

                I've been using, and developing for, Windows since Windows 2.0. I've used and developed for dozens of operating systems, from embedded monitors to zOS. Windows 10 is far and away the most obnoxious, contrary disaster of an OS I have ever experienced.

          3. Orbatos

            Re: With M$ Windows dead as a dodo

            My children (both under 12) don't seem to have your problems. I've only needed to intervene once in the past 4 years to fix a botched in place upgrade due to one of their machines being unplugged half way through kernel installation. Apt fixed the situation almost on its own through recovery mode the same day.

            They use these machines for gaming, homework and other things daily and have been keeping up to date through major versions with no need to reinstall, even when they have major hardware changes.

            Your argument is familiar, but applies to far fewer people that it used to. For most Linux can work great right now.

          4. IGnatius T Foobar !

            Re: With M$ Windows dead as a dodo

            > Windows 10 is alive and well.

            Windows is alive, and it's still dominant on the conventional desktop, but the days of Microsoft being able to use it as a cudgel to strongarm the entire industry are long over. That is why we are in the post-PC, post-Microsoft era.

            I have to admit I foolishly assumed the post-Microsoft era would be a bit more pleasant than this. Google, Amazon, and especially Facebook are far worse than Microsoft ever was.

            1. JohnFen

              Re: With M$ Windows dead as a dodo

              "Google, Amazon, and especially Facebook are far worse than Microsoft ever was."

              I think this is overstating things. Google, Amazon, and Facebook are as bad as Microsoft was (and is). They're not fundamentally worse except in the sense that they have more power and money to abuse everyone with.

    2. Anonymous Coward
      Anonymous Coward

      The way I read it they are planning on making it (probably the operating-system version) available through a web api so that you can use it to authenticate yourself on websites. Why would you assume they are re-implementing a core OS function themselves?

    3. Anonymous Coward
      Anonymous Coward

      All your PublicKeyCredential and fingerprint are belong to us.

    4. Orbatos

      The years have just rolled by with public key credentials only tracked on to services, take this as a good step in the right direction. What I don't like so much is the was it's concentrating on authentication that can't be easily changed (finger prints & iris scans).

  3. Christoph

    Do Not hide the URL

    Years back Microsoft decided it was a really neat idea to hide the file type extension on files. One of the first things I do on a new machine is switch extensions back on. I want to know what a file really is, not what the icon is claiming!

    If I'm looking at a web page I want to know what the address is, not what someone else has decided I need to be told about.

    1. My Alter Ego

      Re: Do Not hide the URL

      It's still the first (not literally) thing I do.

      1. Martin Summers Silver badge

        Re: Do Not hide the URL

        "It's still the first (not literally) thing I do."

        Are you sure it's not the other you?

  4. Anonymous Coward
    Anonymous Coward

    www.www

    I imagine as a workaround to this nonsense website owners will start delivering pages under an extra www subdomain:

    eg https://www.www.example.com

    1. Michael Wojcik Silver badge

      Re: www.www

      Have the server check User-Agent, and if it's Chrome, do a redirect to www.www.example.com. Then you don't annoy users who avoid the Google plague.

      1. JohnFen

        Re: www.www

        I love this idea! Mostly because it would mightily annoy Google.

  5. Anonymous Coward
    Anonymous Coward

    BBC Autoplay ?

    Brilliant idea to parse for text in pictures - great help for folks who are visually impaired (and for who posting pictures of text instead of text is basically a big "fuck you").

    But the best thing Chrome could add right now is a "Stop BBC autoplay" feature, because it's really getting on my tits now.

    1. Dan 55 Silver badge

      Re: BBC Autoplay ?

      You're not going to get autoplay stopped on Chrome, which is a program designed to funnel adverts into your eyeballs. Other browsers which do stop autoplay are available.

    2. DavCrav

      Re: BBC Autoplay ?

      "(and for who posting pictures of text instead of text is basically a big "fuck you")"

      I have pictures with text on my website. I have also given them an alt-text, that is whatever the text is. Because

      1) I'm not an utter bellend who hates the blind, and

      2) I believe it is literally illegal not to now.

      1. Boothy

        Re: BBC Autoplay ?

        For Chromium based, and Opera: https://github.com/Eloston/disable-html5-autoplay

        No longer maintained, but still seems to work fine for me on Windows and Linux.

        Only minor issue, is sometimes on sites where you do want the video, you have to click stop, then play, as the embedded controls occasionally think the video is already playing, when it's not!

      2. JohnFen

        Re: BBC Autoplay ?

        "I believe it is literally illegal not to now."

        This probably depends on what country you're in and/or what your website is for. I know that there is no such legal requirement for me websites, anyway.

    3. JohnFen

      Re: BBC Autoplay ?

      "for folks who are visually impaired (and for who posting pictures of text instead of text is basically a big "fuck you")."

      Those who do this are saying "fuck you" to everyone who isn't visually impaired as well.

  6. John Brown (no body) Silver badge

    Plugins/extensions

    "Chrome 70 implements a Shape Detection API that allows web apps to do things like detect faces in images, read barcodes and parse text in images."

    No wonder browsers are turning into bloat-monsters.

    1. Dan 55 Silver badge

      Re: Plugins/extensions

      I think Google just sit around thinking up shit that other browser makers don't come up with due to budgetry constraints, an understandable lack of specialised staff in that area, and finally a vague sense of knowing where to stop.

      Google just plough ahead anyway so they can claim their browser has all the standards, hopefully enough devs will use the shiny APIs, and then they'll get end users and their precious data that way.

  7. Anonymous Coward
    Anonymous Coward

    After years of telling users to always check the certificate against the domain name

    Google Chrome has buried the certificate and now wants to hide the domain name.

    WTF happened???

    1. A.P. Veening Silver badge

      Re: After years of telling users to always check the certificate against the domain name

      "WTF happened???"

      The sales droids got one of their wishes implemented, probably due to lack of oversight by a responsible adult.

  8. katrinab Silver badge
    Unhappy

    Another not so welcome feature

    If you type the first few letters of a website address, you can no longer use the arrow keys to select from the list of results. For example, if I type "th", The Guardian comes up as my first option, The Register as the second, and The Telegraph as the fifth. If I want to come here, I can no longer press the down arrow once, then the enter key.

  9. Hey Lobotoman! CALL -151!

    Shape-detection API?

    Anyone see a future where this is used to solve captchas?

  10. RGE_Master

    Well done!

    "Earlier this week, Google Chrome security product manager Emily Schechter said that Google, in response to community feedback, has decided to roll back Chrome 69's habit of hiding the subdomains "www" and "m" in URLs displayed in the browser's omnibox, via an update to Chrome 69 for Desktop and Android."

    Well done, now deal with Chrome chowing through memory like Homer Simpson at an all you can eat shrimp restaurant and we're good!

    I'm pleased that Google have actually listened to the feedback and rolled back. That was a horrible plan, horribly executed and frankly a dumb idea.

  11. RyokuMas
    Big Brother

    "... which can now... ...read Latin alphabet text found in pictures."

    A while back, I was required to send copies of various personal documents for a background check - we're talking passport-level stuff. The advice from the agency involved was "if you do not have a scanner, you can photograph these with your smartphone and send the images".

    Fortunately, I have a scanner. However in the light of this, the idea that people might be taking photos of highly sensitive documents with their Android phones then sending them using their Gmail accounts now brings me a whole new depth of foreboding....

    1. Dan 55 Silver badge

      Sending passport scans through e-mail?

      The agency should be hung, drawn, and quartered.

      1. Anonymous Coward
        Anonymous Coward

        re: Sending passport scans through e-mail?

        At least it's one step up from sending passports through the mail ...

  12. Tom Paine

    stop inventing stuff!

    My pile of unread reading is threatening to topple and cause devastation in a 40 mile swathe from here ot Basingstoke.

    The PublicKeyCredential type allows individuals to log in using mechanisms that support an asymmetric key pair, which is potentially more secure than a password. Two devices that do so are the Android fingerprint reader and the macOS TouchID sensor, which means websites implementing the Web Authentication API will be able to read the PublicKeyCredential passed from either of these biometrics sensors to log the user in.

    How much more fresh hell do we really need??

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like