SoylentNews is people
SoylentNews
El Reg reports
New Chromium builds will no longer download/install the Hotword Shared Module and will automatically remove the module on startup if it was previously installed.
A closed-source and binary-only kernel module caused a fair fuss when it was found inveigling its way into the very much open-source Chromium.
Thanking the community for their attention and input on the issue, one of the project developers told the issues ticket thread that "as of the newly-landed r335874, Chromium builds, by default, will not download this module at all."
[...] An additional developer update regarding Hotword explains that "Builds of Google Chrome will still download this module by default. It will not be activated unless the user explicitly flips a preference to do so."
Related: Google Drops Binary Code into Chromium for Linux
Original Source
(Score: 3, Interesting) by Marneus68 on Saturday June 27 2015, @09:52PM
>A closed-source and binary-only kernel module caused a fair fuss when it was found inveigling its way into the very much open-source Chromium.
I might be paranoid. I have never checked out the sources of Chromium, nor did I ever feel the need to use it. But if a binary blob can slip by unnoticed like that, what else can? I mean, if the compiling process made it easy to have this binary blob unnoticed, linked and shipped with the final product, does that mean that there other blobs in Chromium? I'm genuinely curious and I wish someone could tell us more about that.
(Score: 3, Interesting) by MichaelDavidCrawford on Saturday June 27 2015, @10:12PM
There are many advantages to open source and to free software but I dont regard the ability to inspect source before running it as one of them.
There is just too much source code.
Yes I Have No Bananas. [gofundme.com]
(Score: 2, Insightful) by Anonymous Coward on Saturday June 27 2015, @10:41PM
It's not that there's too much - it's that a lot of it is incomprehensible unless you have specific knowledge of topic X. Perhaps you like steep learning curves.
I once delved into an open source project I wasn't familiar with (while debugging a problem with a project to which I was contributing). I found a subroutine with variable names like "r", "s", "t" and so on. There wasn't a single comment in the entire thing and no indication of what the variables meant. In this case, there was little that was open about that project - yet it is ubiquitous on the web.
(Score: 3, Informative) by frojack on Sunday June 28 2015, @01:22AM
Pretty much describes the chromium code I've had an occasion to look at.
Very few comments in sight (it seems that comments have universally been deprecated in C code and derivatives).
Lots of opaque code that any rogue contributor submit some obfuscated fix for and have a good chance of it being accepted as there would probably be exactly two guys on the planet, who happen to maintain that code, that might happen to recognize it as such.
C derivative languages, even for good C programmers is NOT the most intuitive or transparent language around.
Its been widely recognized [radford.edu] as obtuse [boisestate.edu] yet it persists, mostly due to myths about its speed [scienceblogs.com]. Its probably going to remain this way for a hundred years.
No, you are mistaken. I've always had this sig.
(Score: 2, Insightful) by Anonymous Coward on Sunday June 28 2015, @02:59AM
Yes, and billions of dollars of annual business rely on this stuff.
To be a doctor you need a medical degree and admittance into a medical professional organization.
To be a lawyer, you need a law degree and admittance to the local bar.
To be an engineer, you need an engineering degree and admittance to a professional engineering society.
To be a computer professional, you just need to be able to fart or pick your nose... not even well.
(Score: 4, Insightful) by Grishnakh on Saturday June 27 2015, @10:45PM
It's basically a matter of trust. True, there isn't that much auditing of open-source code, but the organizations who create it are usually seen as more trustworthy than commercial companies. Most such software isn't created by any companies at all, but rather non-profit groups. Inkscape might be a good example here; there's no company there that I know of, but there is a group which maintains the web page and source code. KDE is another one; that one has its legal and financial matters handled by KDE e.V., a non-profit group, but the actual development is handled by the KDE community which is composed of various different people, some working for various Linux distros.
In short, the people who produce most open-source code aren't viewed with the suspicion that for-profit corporations are, for good reason: they don't have some ulterior motive of making a ton of money off the software.
Also, we've been using this stuff for a couple decades now; how many times have we seen open-source software that was really malware? I can't think of any. There've been some bad vulnerabilities found (Heartbleed bug for instance), but all software has that problem. But commercial malware abounds: Sony had their rootkit fiasco a while back, and lots of other commercial software is full of junkware, like installers trying to get you to install some browser toolbar. Even if they don't do anything like that, commercial software keeps getting more and more bloated, because they want to add all kinds of features (and change file formats) to try to get users to "upgrade" to the newest version for more $$$.
Now, there are exceptions here and there, and Chromium might be one of them, because it's made by a company that isn't well-trusted as far as maintaining users' privacy.
(Score: 2, Insightful) by Runaway1956 on Sunday June 28 2015, @01:01AM
You're right that "There is just too much source code." BUT - when there is a problem, even a semi-literate like myself can step through the code, and look for problems. When I think I've maybe spotted one, I can discuss it with more literate people on the forums, or send a bug report, or something.
(Score: 3, Insightful) by frojack on Sunday June 28 2015, @01:35AM
Really? I call bullshit.
If you happen to see some glitch in a chromium browser, you might spend the next two months narrowing it down to precisely which module caused the problem. Chances are the problem wouldn't even exhibit itself under the debugger (you'd be astounded how often this happens). In short if you didn't know ahead of time just about EXACTLY where in the mountain of code the offending line is, the chance of single stepping your way to discovery is slim to none.
Not knowing you, I don't mean to disparage your abilities. So don't take it personally. I believe this to be generically true. Even with a casual familiarity with a code base, finding errors is extremely difficult.
No, you are mistaken. I've always had this sig.
(Score: 4, Insightful) by Runaway1956 on Sunday June 28 2015, @02:37AM
Again, you're right and wrong. You missed the part about posting to forums, submitting bug reports, etc. I DID specifically say that I am semi-literate. I don't imagine that I am going to solve a problem all by myself. What I can do, is to identify a problem, dabble at trying to find it, then discussing what I've found with people who know more than I do. There have been a lot of cases in which I was entirely wrong. There have been other cases where I was on the right track, but quickly got in over my head. But, the forums are there. I can give feedback. I get responses to my feedback.
Try that with closed source proprietary software, and the response may range from a 'cease and desist' letter, to simply being ignored, or a "thank you" letter and never another word from the owners.
My ability to manipulate and research open source is limited by my own education, talent, motivation, and time. My ability to manipulate and research closed source is limited by the owner's unwillingness to permit me to research it.
(Score: 1, Insightful) by Anonymous Coward on Saturday June 27 2015, @10:12PM
> But if a binary blob can slip by unnoticed like that
What do you mean unnoticed? People raised hell because it was noticed. This is the 2nd story about it here on soylent.
(Score: 2) by FatPhil on Sunday June 28 2015, @11:13AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Sunday June 28 2015, @01:54PM
$> ./configure
$> make
$> sudo make install
there, that was easy... what part of sudo do you not get?
(Score: 0) by Anonymous Coward on Monday June 29 2015, @04:19PM
This isn't a kernel module binary blob, it's a binary blob component that is part of, and used exclusively and internally by, the browser program. Not an OS issue at all, simply an issue of what is contained in the browser code.