Or alternatively...
Redirect such requests to pages and pages of nonsense. If you don't have any, just slurp just about any facebook or twitter feed.
4306 publicly visible posts • joined 14 Jun 2007
I think the reason everything was totally isolated was not forced obsolescence.
It was due to their obsessive goal of creating ChromeOS as "just a browser" - do everything on "the cloud" etc.
That fanatical goal slipped through to the design stages too.. A minimal Linux backend, with a big fat browser blob.
Of course, then android compatibility was added... then linux subsystem support, and both of those required the blob to get bigger and more complicated, and they've finally come to their senses and stopped trying to dogmatically create the OS the same way Bill Gates wanted Windows to be created.
A daft decision from the beginning, and I'm sure it was originally forced on the coders from the PR guys.
Another thing with the change to Lacros is currently, the whole OS and bits are installed as one big package, using an A/B root filesytem process. You can get Lacros to install outside this tree, but then the problem is automatic updates.
Before a decoupled Lacros goes mainstream, they'll have to build some kind of automatic updater for it. And how to do that? Either something seperate from Play Store, which is messy from an end-users perspective, or integrate it into Play Store, which is messy from an internal perspective! - Especially as the android subsytem is optional, and play store runs on the android VM.
As an aside, what annoys me most about google is they have brilliant coders, but a complete lack of common sense. Design decisions are often nuts. Functionality is often removed or changed with no option to keep the original default.
One example, they've changed the play store so that you only see reviews for an app from people who have installed on the same type of device. That means that when you visit the play store on a chromeos, there are next to zero reviews of an app visible to you.
Another example - hiding the scroll bar, only making it visible when you move over the scroll area. This means if you don't / can't have a scroll wheel (like with my "TV" connected box), if you want to scroll, you can't move straight to the scroll bar - you have to move to some part on the scroll area, and then up/down to the scroll bar. We recently campaigned for the old method to remain, and they agreed to, but you still have to set that through the obscure flags screen - there is no "clean" option to do so.
And don't get me started on the completely different UI experience between ChromeOS and Android, and how the scrolling is completely different. The android method is brilliant (to scroll, just hold left mouse button and move mouse in X and Y directions. To drag/copy, first hold the left button for a second, and then drag to copy) - the chromeos method only allows drag-copy - like most unix desktops, so its even more annoying that they force us to require the scrollbar, and then make it harder to actually use it!
Ah, I've just gone into a rant again.. Sorry about that!
... almoost excusively (some links force the old browser to open)
It was always a daft decision to shove everything together, just like the Microsoft of old did. I think the reasons were due to their original design obsession of saying "ChromeOS is just the chrome browser" - everything runs in the browser!
Their stubbornness in that UI philosophy bled through to the design philosophy too.
If you look at the running internals of chromeos, it's still a bunch of big monolithic blobs that seem to do anything, so they have a long way to go.
P.S. Liam, it's a bit strange to say that the goal of Lacros is to run the browser on Linux. The whole of ChromeOS already runs on Linux, so this is really just a decoupling.
I'm not pulling apart your post, just picking up on the phrase "Christian moral compass".
You hear that often. You even get people saying "you can't be moral without religion", and "that person is an atheist with morals" - both crazy sentences. In fact, I'd turn that last one around - it's more applicable to talk about christians that happen to have morals.
Even for one second assuming the word of god is 100% moral, and real, following those rules under threat of god punishing you is not morality - it's servitude.
"It's possible to be moral without god"? Dumb. "It's possible to be moral with god". Better.
Thanks. That's interesting.
I'd have filed the same way, but then I'd have assumed that Edwards was an unusual middle name.
However, knowing what you've now told me, that's confusing! I'd expect a surname of "Edwards Jones" to be filed under "E", as with "Edwards Jones", otherwise the hyphen becomes over-important.
Maybe spaces in surnames should be written as non-breaking-space characters :-)
My middle name is the same as that of my mother, my sister, brother, nieces and nephews, and grandparents etc.
It's a family surname so should have been hyphenated, I guess, but it never was legally. So, I'm plain old "Jamie Jones" (not Jamie Landeg-Jones) [ though I often go by the latter online these days because there are far too many called "Jamie Jones" who aren't me. ]
Our place had a new rule that all usernames on the new system would be "first letter of first name, first 3 letters of surname"
Bollocks to "jjon" - I changed it back to "jamie".
Still, I once phoned a colleague and pretended to be this doddery old high up in the company, and asking him what his "computer user thing" would be. Poor Frank Uckworth never got a straight response, despite pleading for it beforehand so that his secretary could update the files in time...
*shrug* It seemed an ok question to me - it's not as if you asked us who we thought would win the footy this saturday! (which has probably been done before - these forums tend to stray off topic - it's not like they're inundated with "me too" type replies!)
Anyway, off-topic reply: I don't have an answer to your question, but may I just say that I hate sites that force MFA on us.
Many have lost my business because of it. For one, I'm not glued to my mobile phone. I'm over my mums at the moment, my phone is in my flat. That means I can't use paypal.
My mum has eyesight issues and difficulty with technology in general - whilst we can get her through online shopping, getting her to read a text or an email is out of the question - so Sainsburys don't get her online grocery orders. (the actual payment part is protected by the bank, so it seems that Sainsburys is either playing security theatre, or they are genuinely worried that someone may hack her account, and order stuff that THEY pay for, to be delivered to HER address...)
Yeah, point taken.
I run forwarding services and it is indeed a pain when dominate services such as gmail write their own rules - a lot of the stuff forwarded to gmail users gets thrown into the gmail spam folder unless the address is whitelisted by the user.
Still, google is just as likely to delegate the message as spam whether the original recipient is fred@myforwardingdomain.com or whether it's nosuchuser@myforwardingdomain.com
I do sometimes get stuff stuck on my server in a bounce state - as you say, if google spam rejects something my server accepts, and the return address is fake, it sits in my mailqueue - and I can concede that that problem would probably be worse if I was forwarding "*" rather than a specific user...
So, yeah, fair point. There can be consequences I didn't think about.
Still, I think they can easily be mitigated - it shouldn't be an issue for a company providing email services, and it certainly doesn't justify their decision (which lets face it, hasn't been made for legitimate reasons)
"In March 2023, 123 Reg made the decision to discontinue the free catch-all forwarders feature on mailboxes as part of our commitment to improving our products and services
Really? That's meant to convince customers that removing services is a good thing?
It added: "Whilst we understand this decision will be disappointing for some customers, our catch-all email forwarding was not performing to the level our customers need, or what we expect. So, we made the difficult decision to stop offering the service."
Difficult? My arse. "We couldn't fix a basic service, so we removed it"
I don't rely on domain registrar's for anything but the registration, but if I did, and this fiasco affected me, reading such waffly upsidedown-world bullshit like that would definitely make me leave.
The patronising contempt is unbelievable!
You search for that, you get a page with those search results.What you do not do is then click an external link to outside of El Reg's ecoystem that also passes your search term to an unknown third party.
I get the point that with a search engine like google, you are by design going to click an external link, but my point was about how the referrer system worked - and the same thing would happen *IF* you clicked on an external link off The Register's search page.
But there's one thing you are forgetting - the referrer is also sent to all objects the webpage loads, so even if you don't click on an external link, that referrer info is sent to the ad brokers who server the advert images on the site, and any third party javascript providers (in the case of https://search.theregister.com/?q=i+love+trump, that would be 2 requests to doubleclick, and 1 to googletagmanager.
P.S. Not my downvote!
Yep!!
Though I think it's a bit of a kludge - as you know, it's asking the browser not to send the referrer string in the normal way, but if that was something I really wanted to happen with my website, I'd feel uneasy relying on such a thing to work - even when we get to the stage that most browsers honour it, it's still "asking the browser a favour" - if it was that important to me, I'd mitigate it server-side.
So, it still comes back to the fact that this is all a function of the protocol, and not Google intentionally doing something dodgy!
Yeah. I mentioned that in my subsequent reply, but should have mentioned it in the post you are replying to.
But at you say, it's a relatively new addition, and even then it's *asking* the browser not to send the string. My main overall point was that Google wasn't proactively leaking information in the way the suit implies.
Cheers
Well, even on a "single site search", any search results page that you get back will leak to a third party site not only if you click, but if there are banner ads etc.
In my example earlier of "https://search.theregister.com/?q=i+love+trump", the server that provides any ads on that results page will get that query string as a consequence of the fact that the request to the ad server will contain that full URL as the referrer, whether I click it or not.
But I get what you're saying - on a google search, *ALL* links by design are off-site.
I do understand your overall point.
I guess I'm thinking of it from a "This is how it's always worked, it's a consequence of the protocol - Google haven't gone out of their way to leak things"
whilst you're thinking of it more as "The web isn't the safe place it once was. Google knows this referral leak happens. They should have proactively mitigated the problem"
Cheers!
P.S. Not my downvote!
Sorry, you're wrong.
A "single site search" is irrelevant.
If you are on a web page, and you click on some link, the full URL of the current page, query and all, are passed in the referrer header to the link you click on. The browser sets that. That's the point. That's how it's always worked. And exactly my point, if there is an issue, THERE is the issue - with the browser.
The only real way around it is to change what browsers do.
The only way a server can guarantee it is to purposely cause the the URL of the current page to be changed - this is a conscious effort to subvert the normal method of operations.
You could do this either by making the whole request a POST rather than a GET operation (which may not be suitable), or you fudge some extra page reload - an extra hop inbetween the results page and the clicked-on link - this could either be done by some sort of automatic browser redirect, or via an "exit page" (i.e. a "you are about to leave this site, do you want to continue" page)
More recently, a "refererpolicy" / http header have been added to the spec, and I suppose you could argue google is remiss if they haven't included those (I don't know whether they have or not), but again, that only works if the browser understands and decides to honour those headers.
TL;DR - This is a spec / browser issue. Google aren't intentionally leaking the query string - they may not have been actively kludging ways to filter it out, but they were never actively setting it.
You should read this: https://www.rfc-editor.org/rfc/rfc9110.html#name-referer
If the full URL of the website that the address came from is passed through to the linked-to website is passed through, query_string and all, that is purely a BROWSER issue, not a website issue.
Sure, websites can mitigate it by redirecting to a POST url on their page before presenting the result, but this itself is a bit of a hack.
Basically, if I search the register for "I love trump", the returned page is:
https://search.theregister.com/?q=i+love+trump
If there happens to be any external link on that page (e.g. an advert), they will get that full information in the Referer header (as determined by the browser)
. Should The Register be sued because the browser revealed my secret?
Does the register now need to replace all search results with POST instead of GET?
I do similar. I register for all online sites with a unique email address-user based on the site name, to a specific subdomain dedicated to the task.
Basically, *@subdomain.... addresses are directed to me, unless i disable specific email addresses in sendmail.
What actually broke mail are the idiot spam blocking systems that simply blackhole a message they think is spam.
The whole ethos behind SMTP was to ensure a message was delivered - never ACK'ed until fsynced to disk, and a handshaking mechanism that meant that any race conditions would result in duplicate deliveries rather than mail loss.
spam filters buggered all that.
I was corresponding with an occupational therapist working at the local council a while back - it turned out that certain mails were never received. Investigating further there was one particular word that was considered rude (i forget what is was, but the context was innocent) and the whole message was discarded without sender or recipient being made aware...
What happens when a vulnerable patient of hers has email "ignored" the same way?
If you can't reject at source, flag it someway to the recipient. blindly blackholing messages is the sole reason email can no longer be relied on.
(Actually, that's not true. Another is when suspected spam is shoved automatically into a separate folder that no-one ever reads)
You must be too young to remember the Microsoft Internet Explorer fiasco. It didn't matter what browser you used, websites were designed to be bug-compatible with IE.
More conforming browsers were accused of being broken if a site "optimised" for IE didn't render properly.
And ill thoughtout IE html extensions became defacto-standards. It started with Netscape, but Microsoft took it to the next level.
It wasn't about an open web, it was about everyone using your product, because they couldn't reliably use any alternative.
So the alternatives had no choice but become bug-compatible, and support all the stupid extensions.
Microsoft basically had control over HTML and the web. Sound familiar?