Google Fixes White Screen Problem in Chrome, Admins Furious
For approximately 5 months, Google has been experimenting with a feature called WebContent Occlusion that hides the content of not-visible tabs so that they use less resources and cause less battery drain.
A Chrome developer stated that this feature caused no problems in their period of testing and on Tuesday morning Google quietly enabled it for users in Chrome 78 Stable release.
[...] While this feature was being tested on Chrome Beta users for some time, it was not properly tested in enterprise terminal server environments.
This became evident in Citrix or Terminal Server environments when a user locked their screen, every other user on that server would have their Chrome tabs suddenly become a white screen.
This happened because web occlusion was enabled in the browser for the locked screen and hid their browser content. At the same time, it also caused the content in tabs for every other user on the same terminal server to become hidden as well.
The only way to fix this was to unlock the screen, but this issue was constantly repeated as other users on the Terminal Server would once again lock their screen as they left their desk.
[...] After hundreds of reports from enterprise users who were affected by this, Chrome developer David Bienvenu stated he rolled back the change and disabled the feature.
For the rollback to take effect, users are required to restart the Chrome browser in order to pull down the new configuration.
Enterprise admins are furious that Google has the ability to quietly enable features in their environment without even a heads up and provide no way for admins to block these changes.
(Score: 3, Informative) by Anonymous Coward on Saturday November 16 2019, @02:54AM (2 children)
Interesting to see that in 2019, M$ still doesn't have proper user separation.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @08:49AM
It's by design. You're supposed to be using VDI on Azure, you silly :)
(Score: 1) by Ethanol-fueled on Saturday November 16 2019, @11:16PM
Windows users never lock their own screens, it's always some dip-shitted overly-aggressive IT policy that causes the computers to auto-lock after 5 minutes of inactivity. Couple that with lots of people who want to ditch their Citrix meetings by making it look like something "came up" at the last minute by bailing from their stations minutes before the meeting begins, and you have the perfect storm for shit like this.
(Score: 4, Interesting) by takyon on Saturday November 16 2019, @03:02AM
Why hasn't this been the default behavior for years? Breaks a bunch of JavaScripts maybe?
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Insightful) by SomeGuy on Saturday November 16 2019, @03:03AM (1 child)
So, how do you like your rapid update cycle and forced upgrades now? Remember, you ARE the beta testers.
I'm honestly surprised that Google didn't just decide to drop support for Terminal Server.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @11:59AM
Hey, they move fast and break things. Turns out some of those things that get broken are actually important.
(Score: 5, Insightful) by Anonymous Coward on Saturday November 16 2019, @03:24AM (20 children)
In that case, stop using the browser built by the company drunk on ad revenue. You are not their customer, you are their product.
Uninstall Chrome, send google a message.
(Score: 0, Insightful) by Anonymous Coward on Saturday November 16 2019, @03:51AM (8 children)
Yeah, but your millennial pussy users and the CEO demand to use chrome.
(Score: 0, Insightful) by Anonymous Coward on Saturday November 16 2019, @04:35AM (3 children)
Tell the millennial pussy users to grow a pair and join the real world. Which will sadly make them cry, as they've never been told "no" in their entire short lives. Boo hoo, the real world is a mean place, learn to deal.
Yeah, more difficult here, since the CEO 'signs' the paychecks. So install just one private copy of chrome, for just the CEO, to keep the CEO happy.
(Score: 4, Touché) by Anonymous Coward on Saturday November 16 2019, @05:32AM (2 children)
Given my experience with CEOs, all you need to do is change the shortcut icon from the Firefox logo to the Chrome logo and rename it. They will never notice the difference or just assume that is some GUI difference at the office.
(Score: 3, Interesting) by WizardFusion on Saturday November 16 2019, @09:09AM (1 child)
This actually works on a lot of people.
(Score: 4, Interesting) by Joe Desertrat on Saturday November 16 2019, @10:53PM
I did this to an IE diehard that refused to change to Firefox as required by the IT department. Never heard a word of complaint, I wonder if they just had it locked in their brain that the blue E was the internet and that was that.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @01:08PM (3 children)
I love using millenial pussy and I don't run Chrome, you insensitive clod!
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @06:41PM (2 children)
You love using post-millennial pussy and run from the law.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @08:08PM
Not so much [youtu.be]
(Score: 1, Informative) by Anonymous Coward on Saturday November 16 2019, @10:18PM
Even if I did, the potential consequences [youtube.com] make it not worth the effort.
(Score: 3, Insightful) by Common Joe on Saturday November 16 2019, @06:03AM (1 child)
Does this problem include Chromium? Is Chromium ok to use in an enterprise environment? (I do not have the expertise to answer these questions. Please, someone feel free to answer.)
I know you're modded insightful, but we're pretty well boned. Unless Chromium is a viable solution, there is no realistic alternative. Internet Explorer is too old, Edge is becoming the browser formally known as Edge (which will be running Chrome under the hood), and Firefox is following Chrome like a puppy and brown nosing it every chance it gets. Safari is not a realistic alternative for a Windows or Linux user. That leaves... what browser? What browser can honestly compete in an enterprise environment today? Opera? Vivaldi?
I've just listed today's top "safe" choices. Pale Moon, Waterfox, and Yandex.Browser (which is based on Chrome) are not viable alternatives.
Please elaborate how we can send Google a message.
(Score: 3, Interesting) by toddestan on Saturday November 16 2019, @06:59AM
There's really no official builds of Chromium for Windows. You could pick a third party build, but that's the same as what Waterfox is to Firefox. If you run Linux, there's more than likely a Chromium version packaged up by your distro.
I'm sure Microsoft will strip out all of Google's reporting and telemetry out of Chromium and replace it with their own. So it's up to you whether you trust Microsoft or Google more. Speaking of that, not all builds of Chromium strip that stuff out either.
Opera is owned by the Chinese. Once again, up to you whether you want to trust them or not. At least in terms of features and functionality it's one of the better Chrome knock-offs. Not that I use it.
As you said, Safari is a joke on anything other than the iPhone where you don't have a choice. Well, that's not true, it's a joke on the iPhone too.
I'd use Firefox if I was you. Yes, it has its flaws but it's better than the alternatives as major browsers go.
(Score: 2) by driverless on Saturday November 16 2019, @06:55AM (8 children)
And replace it with what on Windows? Edge? Google Firefox? Internet Explorer?
(Score: 2, Informative) by Anonymous Coward on Saturday November 16 2019, @07:32AM
Pretty sure if you are a "system admin" you are smart enough to un-google firefox in about:config. Their complaint here is not that google silently pushed a change (admins do that all of the time) but that they silently pushed a change _and there is no way to turn that ability off_. Using not-chrome (edge, firefox, ie) will allow the admins to control the update process though the appropriate configuration settings.
(Score: 1) by RandomFactor on Saturday November 16 2019, @03:39PM (4 children)
This is really the question.
Your internal networks and applications work with EDGE/IE, Chrome, and Firefox. But mostly EDGE and Chrome.
EDGE - Actually works well, almost good enough cross platform, but everyone technical has perma-hated any MS browser since IE4 days.
CHROME - Works well with near everything, and runs on iphone, ipad, mac, windows, android.....
SAFARI - Mac shop?
FIREFOX - Cross platform, and usually works well also, but tends to be more of an also ran installed for niches and specialty and is perceived as less of a controlled for enterprise use product than Chrome.
There are others, OPERA for example.
Beyond this you get one-offs and protest browsers. Great for not doing some stupid thing that Chrome or Firefox do (and that encompasses a lot of stupid as there are plenty of these for a reason...), but they are less current and devolve into incompatibility.
CHOOSE!
- if it breaks, it is your job and advancement on the line
- failure could significantly harm the company
- you want to simplify support and have the same knowledge base articles for as many platforms as consistently as possible
So yeah, Edge and Chrome win depending on the environment. Firefox sometimes or as an alternate.
Anything else is an also-ran in my experience.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 2) by driverless on Sunday November 17 2019, @02:53AM (3 children)
My problem with Firefox is twofold, the political one is that if I wanted a crappy Chrome clone I'd just run Chrome directly, the technical one is that since Firefox is now an also-ran there are lots of web sites that simply don't work with it, mostly ones that require some sort of auth and/or use anti-bot checks, for which Firefox is detected as a non-kosher agent. For those I keep a copy of Chrome installed, in the same way that it used to be "site X doesn't work with my browser, I'll fall back to MSIE and then it'll work", it's now "site X does't work with Firefox, I'll fall back to Chrome and then it'll work".
Oh, and one thing I universally use Chrome for is printing web pages. For fscks sake Mozilla how hard can it be to render the same thing to a screen GDI and a print GDI? How come every browser I've ever used manages to get printing mostly right except Firefox?
(Score: 2, Interesting) by RandomFactor on Sunday November 17 2019, @02:51PM
Hmmm, while there are certainly a political issues with Firefox, that's not what I would have pegged them as :-p
- Ousting their CEO because he donated privately to the wrong side of an issue on the ballot.
- Blocking the Gab plugin for non technical, non security, non legal reasons (political evangelists in Mozilla wanting to do it is not a good reason.)
IMO Microsoft and Google are arguably better proponents of 'free speech' than Firefox these days, and that is a terrible statement.
В «Правде» нет известий, в «Известиях» нет правды
(Score: 0) by Anonymous Coward on Monday November 18 2019, @03:12AM (1 child)
Nearly every time I have printed a web page, text content gets the top half cut off the first page and put on the second.
The last time I printed a web page, either the browser or the site thought the printer was a mobile device and promptly reformatted the page as if it was a phone. Huge images and big buttons, ballooning the number of printed pages 300%.
Printing from browsers sucks and has always sucked.
(Score: 2) by driverless on Monday November 18 2019, @03:19AM
Chrome is actually not bad, it mostly works, while Firefox mostly doesn't work. As you say, there's text cut off, images cut in half, images blank, everything printed in 36-point text when the screen display is 12-point so two web pages come out as 15 print pages, and a Firefox specialty, dozens of pages with nothing on them but a header and footer, everything else blank.
How can you actually implement print functionality that's that broken? Firefox should just disable it to save trees rather than pretending they have something that works.
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @06:14PM (1 child)
fuck windows users. they are willing slaves.
(Score: 3, Touché) by driverless on Sunday November 17 2019, @03:00AM
Their taxes pay your welfare checks, so I wouldn't pan them too much.
(Score: 2) by NotSanguine on Saturday November 16 2019, @04:06AM (7 children)
Not so much. I can think of two ways off the top of my head:
1. Don't allow Chrome installations on Terminal Servers;
2. Require anyone who really wants Chrome to install Chrome into %USERPROFILE% rather than providing Chrome as an installed app in %PROGRAMFILES% (this is rather insecure, but certainly an option).
Note that (2) above doesn't block such changes or stop the "functionality", but since all files (binaries and data) are stored on a per-user basis, it should obviate this as an issue, even if it takes up additional storage space.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @04:24AM (6 children)
Does Chrome even allow for this?
Back when it was a new browser I sought to give it a try. It made two bad impressions out of the gate: one was that it didn't ask me for any kind of installation options. The other was that it was a few hundred megabytes.
(Score: 2) by NotSanguine on Saturday November 16 2019, @04:43AM
Yes. [superuser.com]
See the link above WRT Chrome installation behavior (%PROGRAMFILES% vs. %USERPROFILE%)
As I mentioned, storage space could certianly be an issue. It's also insecure, as admins are unable to control browser configs/add-ons, etc.
If I were an admin in that situation, I'd reject the use of Chrome altogether on terminal servers. And if anyone really needed Chrome (although why anyone *needs* Chrome is beyond me), they can disable screen locking on terminal servers altogether and use App virtualization [wikipedia.org] or VDI [wikipedia.org].
As I mentioned in the comment to which you replied, those were just the two things that came off the top of my head. The above are a couple more. I'm sure I could come up with a long list if I had a need to solve this problem. I choose just not to use Chrome at all instead.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Interesting) by Popeidol on Saturday November 16 2019, @04:48AM (2 children)
It allows for this, and last I checked this is the default install option if the account does not have admin rights.
Also of note: At least in group policy, chrome allows admins to disable auto-update and roll updates on their own schedule. I started doing this a few years after an auto-update broke access to some internal tooling. I'm not sure if they have the same option via other distribution mechanisms.
(Score: 1, Informative) by Anonymous Coward on Saturday November 16 2019, @07:35AM (1 child)
This wasn't an auto-update, it was pushed through some sort of otherwise-un-announced alternate channel. It even effected the previous version of chrome (77) so rolling back didn't save them.
(Score: 2) by Popeidol on Saturday November 16 2019, @06:06PM
Looks like I jumped the gun while replying: the situation described is kinda fucked for sysadmins and they have no easy way to avoid it
(Score: 0) by Anonymous Coward on Saturday November 16 2019, @06:24AM (1 child)
Web browsers are the most frequently used applications on the planet. A gigabyte for that purpose is nothing, even on a 16 GB system.
(Score: 4, Insightful) by maxwell demon on Saturday November 16 2019, @06:46AM
Quite the opposite: Web browsers are almost always run not as main application, but as side application in order to look up things. That means it should steal as little memory as possible from the main application.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by hemocyanin on Saturday November 16 2019, @04:45AM (4 children)
Is this a problem caused by the terminal servers in question (see first post currently modded +2 offtopic) or by chrome somehow interacting with and affecting other users' browsers and being affected by them?
(Score: 3, Informative) by NotSanguine on Saturday November 16 2019, @04:52AM (3 children)
IIUC, the issue is that terminal server users use shared binaries (cf. %PROGRAMFILES%) and at least *some* shared state data (cf. %PROGRAMDATA%) changes to which impacts all users of a terminal server.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by sjames on Saturday November 16 2019, @07:36AM (2 children)
That's so crazy I didn't believe it, but it appears you do understand correctly. It makes sense to share code and read-only initial data, but to share read/write is begging to leak data. I can't imagine a single reason why Chrome would ever use publicly shared memory for anything and I certainly hope Windows or Citrix didn't decide on it's own to make memory publicly shared.
(Score: 2) by NotSanguine on Saturday November 16 2019, @10:42AM
That's a great point. I can't confirm, but I suspect that it's more likely that some shared setting in the Chrome configuration in %PROGRAMDATA% is triggering this behavior. Given that Chrome also maintains per-user configurations in %USERPROFILE%, it should be a pretty easy fix in Chrome.
It's *almost* enough to get me to read TFA to see if they discuss this at all. That said, it seems pretty stupid of Google not to consider the terminal server use case in dev/testing.
Something in TFS enhances my suspicion that's it's a Chrome issue, rather than a Citrix/Windows issue:
If Chrome trying to reduce battery drain/resource utilization, that makes sense for laptops/tablets/phones. It is, however, completely irrelevant (and as we see, detrimental) in a terminal server environment.
After initially rereading the bit from TFS above, it seemed to me that Chrome should look at the configured power plan [windowscentral.com] (and admins should set it appropriately for (terminal) servers) and only enable such power/resource-saving features when it makes sense for the configured plan.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by driverless on Sunday November 17 2019, @03:05AM
Google's apps have always been pretty much all-elbows, we control the system and will do whatever we want. Years ago I wanted to install Picasa for my parents to sort their photos, and it assumed the user was admin (i.e. my elderly parents were Windows system administrators on their PCs), shat all over system directories, and when run as an ordinary user (after installing it as admin) segfaulted on startup. There were forums full of complaints about this, Google's response was basically "meh, not our problem, just run everything as admin".
Come to think of it, that approach is pretty much Google all over, we control things and will do whatever we want.
(Score: 4, Informative) by darkfeline on Saturday November 16 2019, @04:54AM (1 child)
> Enterprise admins are furious that Google has the ability to quietly enable features in their environment without even a heads up and provide no way for admins to block these changes.
Were they using the consumer version of Chrome? Of course they won't get enterprise support. Maybe they should have been using the Enterprise version, which allows controlling of updates: https://support.google.com/chrome/a/answer/9049675?hl=en [google.com] Or building and managing release for their own Chromium binaries (or Firefox, or anything else).
1. Use free consumer product.
2. Complain about not getting enterprise support.
These enterprise "admins" are the ones that should be shamed, not the Chrome developers. They should never have used an autoupdating consumer software as a core part of their workflow.
Join the SDF Public Access UNIX System today!
(Score: 2, Informative) by Anonymous Coward on Saturday November 16 2019, @08:01AM
This affected the enterprise version of chrome as well as the consumer version--not that anyone would have been using the consumer version on a terminal server, the overhead of managing all of the consoles would be way more than paying the enterprise subscription.
(Score: 2) by Grishnakh on Saturday November 16 2019, @06:14AM (9 children)
What kind of shitty multi-user operating system allows a userspace application program running on one user account to affect the same application program running on another user account?
(Score: 1, Insightful) by Anonymous Coward on Saturday November 16 2019, @06:41AM (8 children)
What kind of shitty application uses it's installation directory to store user settings/state instead of the OS' suggested settings location?
I wouldn't be surprised if Chrome is leaking more data between users.
(Score: 2) by maxwell demon on Saturday November 16 2019, @06:49AM (2 children)
In a properly secure operating system, even the most shitty application should not be able to do that.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by driverless on Sunday November 17 2019, @03:07AM (1 child)
Sure, but no-one wants to use XTS-300.
Or what else did you mean by "properly secure operating system"?
(Score: 0) by Anonymous Coward on Tuesday November 19 2019, @10:16PM
Windows NT, obviously; with C2 classification until it's network connected.
(Score: 2) by shortscreen on Saturday November 16 2019, @09:36AM (4 children)
*nix users can go ahead and mod me down, but I for one despise programs that silently spread junk all over my file system. It's much better when everything related to a program stays in one directory tree. Keeps things modular. Each program can be added, moved, or deleted without screwing up other unrelated things for no reason.
(Score: 3, Informative) by NotSanguine on Saturday November 16 2019, @10:56AM
A fair point. However, it seems to me that apps should use ~/.appname to store per-user configs/info and system-wide app configs/info should be in /etc/appname on *nix systems and /var/appname for runtime data. Most (but as you correctly point out, not all) applications do so.
This is approximated in Windows with %USERPROFILE%\appdata\[local|remote]\appname and %PROGRAMDATA%\appname or similar, although runtime data is generally store in the former (it's likely the latter with Chrome, causing the issue).
I'd expect you'd see centralization of such data on Windows more often than on *nix, since Windows systems are usually single-user-at-a-time environments -- except with Terminal Server.
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 3, Interesting) by RamiK on Saturday November 16 2019, @07:19PM (2 children)
In Nixos everything has its own directory under /nix/store and mounted read-only. Like:
There's some generated stuff in /etc that the packages manager writes from /etc/nixos/configuration.nix. But in general, most packages have their own virtual /etc/ under their respective /nix/store directories. So, midnight commander for instance:
The dir name btw is #hash#-#package-name#-#package-version* so you can deploy multiple versions and even you own patched version of the same package and let different users use whatever they like.
compiling...
(Score: 2) by driverless on Sunday November 17 2019, @03:13AM (1 child)
In Naxos everything has its own house, usually with a view of the ocean. You can get read-only papers in the tavernas. I recommend Kostas, in Kastraki.
(Score: 2) by RamiK on Sunday November 17 2019, @09:17AM
He complained *nix are a mess since they spread around binaries, data and configurations all over the directory hierarchy. While there are some customary conventions, and there's even the FHS specs [wikipedia.org] from the linux foundations, none of it is actually part of the *nix standard. So I rebutted it by providing a counter-example which happened to be Nixos that I use on a few desktops, workstations and a server.
Sorry to have wasted your time with a technical reply when I could have just made a snarky comeback.
compiling...