16 comments

[ 2.8 ms ] story [ 33.2 ms ] thread
Pretty sure the dev learned the lesson of why you don't bother to speak up.
That was terribly frustrating to read. The dev gave reasoned, metered answers, and the others responded with Cathy-Newman-esque “So what you’re really saying is...” questions.
And here I was thinking the chrome UI refresh was a breath of fresh air.

The car analogy was apt. If Ford updated the design of one their cars, most people would find it absurd to, in a conversation with an assembly line worker from one of the factories, demand they keep producing the older design with all of the latest safety features. I find this similarly absurd.

But if Ford found a major safty defect in the airbags of old models, people would expect a fix. Even under normal conditions, people expect Ford to continue supporting the old models, which don't become significantly less safe then they were originally.

What is going on with browsers (and other software) is weird. There is no support window on the product beyond "until we get you the next versions. Upgrades are free, and you normally don't even notice when we upgrade. Also the old version is significantly less secure then it was a month ago, even though it hasn't changed at all."

Nothing about this situation is intuitive to a non expert.

Even as a proffesional, I find it supprising that we do not see any LTS browsers given that they are essentially self contained operating systems.

My understanding is that Firefox offers LTS (the ESR versions). I don’t think the chrome team offers anything similar. In my mind the evergreen nature of browsers for the average person is a great thing, but I understand the desire of businesses in particular to have things be consistent.

In this case my understanding though is that nothing has functionally changed in the UI. The browser UI got a paint job, not a redesign. To the average person chrome upgrades don’t actually change much visually.

To keep up the car analogy, the security race is like if the Ford was aware of safety defects so in the middle of the night every month the came and silently fixed them. Occasionally they’d also replace the bumper or the speedometer. It’s still a speedometer and still behaves like one, but it appears slightly different.

And once in a while they’ll replace the whole body of your car with the new version that you hate.

The more apt car analogy might be that you lease it, and the dealer sneaks in and replaces your 2016 with a 2017, then your 2017 with a 2018, and you don’t mind, that’s the terms of your lease agreement with them.

And then one day they replace the 2018 with a 2019 and you’re not happy anymore because the 2019 looks like ass.

But there’s no option corresponding to “buy a car instead of leasing it” so this is what we’re all stuck with.

> But if Ford found a major safty defect in the airbags of old models, people would expect a fix.

If Ford gave everyone a new car as compensation nobody would complain they didn't fix the old one.

FWIW I hate the new design and moved to FireFox, but I don't think chrome needs to support the old one.

Because the new one would be substantially more valuable (this is a well known quirk of the car market). If someone actually complained, I suspect Ford would be required to make them whole by either fixing the old car, or providing the cash value of the old car.
A windows 10 license is arguably more valuable than a windows 3.0 disk. Software depreciates with age just the same although for different reasons.
And? Threats and standards are constantly evolving. You should use a current browser. If you don't want to use Chrome, use another current browser.

Flagged as the only reason this seems to be submitted to HN is to start an unnecessary flamewar.

It’s not really much of a statement. Anyone with any sense knows that the browser is the attack vector of most threats and security is probably the single most important feature of a browser today. The conversation in the thread demonstrates why devs shouldn’t talk publicly. He clearly didn’t convince the people he was addressing, and by engaging he opened himself up to the risk of Misspeaking and causing a shitstorm. We’ll see far fewer of these interactions as more repurcussions happen.
Meanwhile, Google saw fit to break[1] countless games, basically erasing pieces of culture / shared history.

I don't necessarily have an issue with dropping legacy compatibility, but you can't both drop legacy compatibility and disallow downgrades. There needs to be a way to access old experiences.

[1] https://bugs.chromium.org/p/chromium/issues/detail?id=840866...

Old experiences were served using dangerous and harmful mechanisms that, in 2019 and beyond, can be exploited remotely to takeover your computer.

Technical experts have demonstrated that they’re able to locate and run older releases of browsers, endangering themselves and others by running them unprotected, directly on their primary devices, without protection. Chrome speaks out against that practice here, and I would expect Firefox did the same during the old-to-new extensions transition.

The only safe way to access old experiences will likely end up being: install and use old browsers in sandboxed virtual machines that discard all changes at shutdown.

While infinite resources would permit browsers to implement virtual machine support for their own older selves, no browser has infinite resources to work with. Happily, since those who desire this most are often technically skilled, my described “set up a safe virtual machine” is easy and realistic.

TLDR: Please don’t run old versions of any browser on your primary computers. Use sandboxed virtual machines if you must so at all. The web is far too dangerous and those reading this comment are far too likely to have exploitable commit access to the world somehow.

(comment deleted)
This seems like good advice. There are lots of reasons not to use an old version.

Imagine if you were still using IE 6 even though your computer was perfectly capable of running a modern browser.

We will see less and less devs coming out in the open like this, and that's sad.

The dev isn't without a fault though. The statement around using old browsers is like not vaccinated is too offensive. Especially, when anti-vaccinated group is real and often associated with being dumb.

But some people (not the dev) in that thread are just toxic.