Browsers (Was: A very basic blog about D)
Joakim
joakim at airpost.net
Mon Jul 15 22:28:35 PDT 2013
On Tuesday, 16 July 2013 at 01:09:18 UTC, Nick Sabalausky wrote:
> I really have had problems with Chrome (and other Google
> software)
> forcefully installing always-resident processes before, and
> giving me
> trouble getting rid of it. Never had such a problem with Iron.
Chrome, which is based on the open-source Chromium project, has a
built-in auto-updater which always stays resident and checks for
updates. Since Iron is based on Chromium, not Chrome, it may not
have the auto-updater.
> Even if
> Iron is just a few better defaults and some options I don't
> even want
> anyway removed, that certainly doesn't qualify as a "scam".
> Hell,
> Iron's website is already perfectly clear about the settings
> existing
> in Chrome but being forced to a specific setting in Iron:
> <http://www.srware.net/en/software_srware_iron_chrome_vs_iron.php>
> The
> article makes it sound like SRWare is being deliberately
> deceptive,
> which is verifiably untrue.
Iron has always billed itself as some sort of privacy fork. For
example, their FAQ says:
"Can't i just use an precompiled unchanged Chromium-Build from
the Google Server?
This is not useful because the original Chromium-Builds have
nearly the same functions inside than the original Chrome. We can
only provide Iron because we massively modified the source."
http://www.srware.net/en/software_srware_iron_faq.php
I verified that this is untrue in the linked article, at least
back when they released Iron 3 and 4. Nobody can verify it
anymore, because even though there are still links for source
download, they don't work, ie you can't download the source.
This probably breaks the LGPL license, but I've read that they
stopped providing source a while back, likely after I analyzed it:
http://www.insanitybit.com/2012/06/23/srware-iron-browser-a-real-private-alternative-to-chrome-21/
> Plus Chrome introduces bugs almost as much as it fixes them, so
> less
> frequent releases doesn't really bother me. And I wouldn't be
> using
> Chrome's auto-updater anyway (and if I did, I would only do it
> in a VM).
I don't track Iron closely, but I think they follow the same
release schedule for major stable releases, only delayed, and
likely without all the smaller point releases with security fixes
that Chrome provides. So you have all the disadvantages of
google's six-week release schedule, with the added disadvantages
of Iron's delays and omissions: I don't see the benefit.
Chrome does introduce some bugs as it updates, but I don't think
any other browser is any better. I don't get your paranoia about
the auto-updater: what makes you think it does anything other
than check for updates? My understanding is that the source for
the updater is available.
> Iron may not be a big change, but it's proven itself to me in
> real-world usage to still be worthwhile.
There is one advantage to Iron: it provides occasional builds of
the stable branch of Chromium, which google does not provide
except as part of the Chrome Stable channel. You could build the
stable branch of Chromium yourself, but I understand if you don't
want to put in the effort. I suspect you would be as happy with
the Chromium builds that are provided, which are only from the
trunk branch:
http://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html
> And that archived article seems pretty biased. Ex: "...likely
> only to
> evade source analysis like I'm doing..." Uhh, accusational and
> speculative anyone? Especially since it's perfectly reasonable
> to
> figure the different version numbers could have more to do with
> divergent forks than actually "Iron deliberately changed the
> version
> number to be sneaky". Perfectly likely that Iron had merged in
> v4.x,
> then merged in various other changes, and just missed a line
> diff
> involving the v4->v5 version number change. But no, we're
> supposed to
> just *assume* it was intentional deception because that better
> supports
> the initial "Iron is a scam" position.
The reason it's intentional deception is because I analyzed the
Iron source, which certainly doesn't "massively modify the
source" for Chromium, as they claim. I made a guess that they
chose to go in and change the version number to evade such
analysis, which fits the pattern of deception.
I didn't get into all this in the article, but they've never had
a public source code repo, which is suspicious for someone who
claims to be "open source." They were dumping code in 7z
archives on rapidshare instead! Without a repo where I could
track commits, I had to download the Iron source then manually
track down which version of Chromium corresponded to that version
of Iron, since the version number was changed. That took time,
and given their pattern of deception, I can only assume it was a
deliberate move to throw off such analysis.
I understand your suspicion of google. I don't use their
services other than search and have never signed up for facebook
either, but that's no reason to use shady software just because
it's "not google." There are real privacy concerns with all
these services, but if we don't stick to the facts, we damage our
case. I don't like what the Iron guy did and have documented the
issues, it is up to you and others to decide what to believe.
More information about the Digitalmars-d-announce
mailing list