Chrome, Firefox and other browsers affected by critical WebP vulnerability - eviltoast
      • rambaroo@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        edit-2
        1 year ago

        Because it’s a hobby distro and that’s the kind of end result you should expect from those.

        • DarkThoughts@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          Eh, for now. All the rolling release distros I tried were a disappointment in one way or another and Nobara has quite a lot of issues too that I can’t find solutions for. But I guess I don’t have anything to hop onto at the moment.

          • Ludwig van Beethoven@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            I’m in the same boat, and KDE is quite buggy for me under Nobara, but I’m too lazy to maintain a rolling distro and I haven’t found anything yet that I like more.

            • DarkThoughts@kbin.social
              link
              fedilink
              arrow-up
              1
              ·
              1 year ago

              I tried Gnome first since I haven’t tested it long before their Unity overhaul and it was way worse. Really the worst desktop experience I’ve had (you can check my posts for a summary thread of my experience). The issues I have under KDE I did not have on any other distro so there must be something weird he’s done with it.

              • Ludwig van Beethoven@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                You might have just made me search for a distro to hop to. I looked at OpenSUSE but then realised that software availability might just be a pain in the fourth point of contact. Why god why me

      • Kras Mazov@lemmygrad.ml
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        GE probably didn’t had the time to update or simply forgot, might be a good idea to ask on the Nobara channel in his Discord server

      • Kyoyeou (Ki jəʊ juː)@slrpnk.net
        link
        fedilink
        English
        arrow-up
        34
        arrow-down
        1
        ·
        1 year ago

        May I Ask why people don’t like webp? I don’t know the reason? To my eyes now it is a more ecological way of having pictures because of their lower weight?

        • Gawdl3y@pawb.social
          link
          fedilink
          English
          arrow-up
          50
          arrow-down
          1
          ·
          edit-2
          1 year ago

          It’s a better format than JPEG, GIF, or PNG, while doing the jobs of all of those, but better (in most cases), and is an open format. It also has wide compatibility nowadays. The only major downside is a lot of social media services don’t even think about it being a potential format due to a lack of awareness/wide usage, leading to a degraded experience when someone shares a WebP somewhere (lack of auto-embedding as an example). I suspect this is why it gets a lot of hate here, which is unfortunate because it’s not at all the fault of the format.

          AVIF (based on AV1) is the up-and-coming format that beats WebP in most cases now, but support isn’t quite there yet (mostly due to Apple), and it has the same problems for social media as WebP. However, it doesn’t have any true lossless mode AFAIK. HEIF (based on HEVC) is also good, but is heavily patent-encumbered and not as open. JPEG-XL is dope and potentially even better in some aspects, but has very poor support across the board.

          • thedirtyknapkin@lemmy.world
            link
            fedilink
            English
            arrow-up
            28
            ·
            1 year ago

            one important tidbit in this whole situation that sheds a lot of light on where and why is adopted: webp is Google’s horse, jpegxl is adobe’s horse. that’s why jpegxl has poor web support, and why webp pisses off designers.

            • Lucidlethargy@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              6
              ·
              1 year ago

              It doesn’t piss off designers, but we’re pissed at Adobe for making us search for and download plugins to support it.

              Seriously, fuck Adobe.

              • thedirtyknapkin@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                eh, it’s just two stubborn corporate entities trying to throw their weight around. the only reason adobe looks bad here is because Google is winning. they both stubbornly refuse to allow the other’s standard on their platforms.

                jpegxl is the better format, without a doubt, but adobe is a fool if they think they can strongarm Google.

                to me, adobe is being foolish, but they’re both equally being evil.

                • Lucidlethargy@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  Google doesn’t really compete in the professional space, though. Adobe does, and we need these tools for a huge number of reasons. When I first started seeing webp’s, I kept trying to use them in projects and was unable. I was passing them through online converters for a little bit before realizing there was a plugin.

                  I don’t care which one wins, or which one is more heavily adopted… I just want to see ALL of those in my tools I need for my job.

          • Dee@lemmings.world
            link
            fedilink
            English
            arrow-up
            9
            ·
            1 year ago

            I know I get annoyed by webp because Telegram processes it as a sticker instead of a normal image. That’s my only gripe with it, but like you said that’s more Telegram than the actual format.

          • abhibeckert@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            1 year ago

            AVIF only beats WebP for heavily compressed images and it doesn’t beat it by much.

            If you want high quality images - then WebP is way better than AVIF. And if you want a lossless image then AVIF is totally useless. Lossless AVIF files are often 2x or 3x larger than an uncompressed image. WTF.

            Lossless WebP images can be as good as a quarter the size of an uncompressed source.

            And as bandwidth improves and images don’t really get much bigger (we’re already at the limit of human visual perception for reasonable file sizes) for me that makes WebP a better compression algorithm than AVIF.

          • theneverfox@pawb.social
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            3
            ·
            1 year ago

            IDK what you mean by lack of auto-embedding, the support for it has been pretty fantastic from the start. I literally learned about it because I was looking though supported formats for a library, and it’s been in the list ever since

        • Valmond@lemmy.mindoki.com
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          3
          ·
          1 year ago

          This is just me, but when I download a PNG I know it’s lossless, when I download a jpeg I know it is lossy but probably a “photo-like” image, a gif? You get it.

          One firmat to rule them all will get you badly compressed pixel graphics and unnecessary large “photo” images and so on, not because the format is bad, but if it lets you do so, people will (and companies obviously).

          Most images on the internet are way under a MB, is there really that important to lower it slightly?

          • ipkpjersi@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            1 year ago

            Most images on the internet are way under a MB, is there really that important to lower it slightly?

            It’s because companies always want to include 100 or 200 or 1000 pictures, because of all the products they are selling, they want to sell them all and right away.

            It’s dumb, I hate it. lol

        • meseek #2982@lemmy.ca
          link
          fedilink
          English
          arrow-up
          17
          arrow-down
          10
          ·
          1 year ago

          Proprietary formats are the bane of humanity. No one company, doesn’t matter, should have control over a file format. They should all be free and universally interoperable. A PSD, for example, should present and store data the same way if used on Photoshop or Pixelmator.

          Companies are not your friends.

          • Gawdl3y@pawb.social
            link
            fedilink
            English
            arrow-up
            20
            arrow-down
            1
            ·
            1 year ago

            WebP is not proprietary. It’s an open format, is not patent-encumbered, and its reference implementation/libraries are open-source. It is driven mostly by Google, similar to Chromium.

            • meseek #2982@lemmy.ca
              link
              fedilink
              English
              arrow-up
              8
              arrow-down
              8
              ·
              1 year ago

              They took the open source WebKit to develop Chrome and Chromium.

              How did that turn out?

              Google wants to own images. Doesn’t matter if they made the licensing whatever. They make webp. They have a personal vested interest in control.

              You trust Google???

              • abhibeckert@lemmy.world
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                7
                ·
                edit-2
                1 year ago

                They took the open source WebKit to develop Chrome and Chromium.

                How did that turn out?

                Perfectly? Web browsers are way better now than they ever have been.

                Google wants to own images. Doesn’t matter if they made the licensing whatever. They make webp. They have a personal vested interest in control.

                WebP is a little better than PNG/JPEG and way better than GIF. That’s all that really matters.

                You trust Google???

                Hell no. I reluctantly watch a bit of content that’s exclusively available on YouTube. Don’t use anything else of theirs and I’d drop YouTube in a heartbeat if I could find that content elsewhere.

                • masterofn001@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  6
                  arrow-down
                  4
                  ·
                  edit-2
                  1 year ago

                  You may have already noticed, or may soon notice when it slaps you in the face, that google is inserting proprietary code into their browser, into android, and every other product they produce.

                  Then, one day, you will find all that free open source labour they used to build their empire is no longer open source. They control the web. And you have no idea what they are doing. And if you decide not to continue using their product you will be unable to access sites and services due to Google’s super duper friendly and only concerned for your wellbeing internet standards.

                  Google is evil.

                  Period.

  • Ethalia@feddit.ch
    link
    fedilink
    English
    arrow-up
    71
    arrow-down
    1
    ·
    1 year ago

    I’d just say Chromium browsers and Firefox instead of ‘other browsers’. Either way Firefox already put out a security fix so that’s neat.

  • Skullvalanche@lemmy.world
    link
    fedilink
    English
    arrow-up
    59
    ·
    1 year ago

    Just came here to say that this also affects any applications that use the libwebp library.

    That includes many apps that most people don’t think of as “browsers”.

    Electron based applications all use chromium under the hood, and are quite common/prolific these days.

    https://www.electronjs.org/apps

    Expect updates to a lot of things in the near future.

    • LaggyKar@programming.dev
      link
      fedilink
      English
      arrow-up
      25
      ·
      1 year ago

      Expect updates to a lot of things in the near future.

      And also a lot of things that remain unpatched for years