There exists an extension[1] for Google Chrome that enables the management of GNOME Shell extensions on extensions.gnome.org. I am currently reworking some of the details around how the fedora-chromium-config package works and I would like to know:
Would the Workstation WG be in favor of me adding a fedora-chromium-config-gnome subpackage that would automatically install the GNOME Shell Integration extension for Chrome/Chromium browsers? I can make its installation conditional on the presence of gnome-shell on the system if preferred.
Of the other changes I'm looking at making:
1. Enable Chrome's auto-detection of DNS-over-HTTPS. It ships as disabled by default in Chrome currently, but it can be set to an 'auto' mode that will prefer DoH if it can determine that the DNS server supports it.
2. Drop the user-agent extension. Ever since the advent of Chrome v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
3. There's a KDE Plasma integration extension too, maintained by the KDE upstream. Do we want to install that by default as well?
[1] https://chrome.google.com/webstore/detail/gnome-shell-integration/gphhapmejo... [2] https://github.com/tpopela/fedora-user-agent-chrome/issues/11
On Tue, Apr 26, 2022 at 5:48 PM Stephen Gallagher sgallagh@redhat.com wrote:
There exists an extension[1] for Google Chrome that enables the management of GNOME Shell extensions on extensions.gnome.org. I am currently reworking some of the details around how the fedora-chromium-config package works and I would like to know:
Would the Workstation WG be in favor of me adding a fedora-chromium-config-gnome subpackage that would automatically install the GNOME Shell Integration extension for Chrome/Chromium browsers? I can make its installation conditional on the presence of gnome-shell on the system if preferred.
I'd be fine with it. And yeah, making it conditional on GNOME Shell would make sense.
Of the other changes I'm looking at making:
- Enable Chrome's auto-detection of DNS-over-HTTPS. It ships as
disabled by default in Chrome currently, but it can be set to an 'auto' mode that will prefer DoH if it can determine that the DNS server supports it.
This breaks corporate VPNs very hard, so probably not.
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
I'd like to keep this, and this seems like something where Cloudflare should be fixed to deal with it. :(
- There's a KDE Plasma integration extension too, maintained by the
KDE upstream. Do we want to install that by default as well?
Yes, we should!
On Tue, Apr 26, 2022 at 6:52 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 5:48 PM Stephen Gallagher sgallagh@redhat.com wrote:
...
- Enable Chrome's auto-detection of DNS-over-HTTPS. It ships as
disabled by default in Chrome currently, but it can be set to an 'auto' mode that will prefer DoH if it can determine that the DNS server supports it.
This breaks corporate VPNs very hard, so probably not.
Could you expand on this please? I'd just like to have some information to kick back at the requesting parties.
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
I'd like to keep this, and this seems like something where Cloudflare should be fixed to deal with it. :(
I have no reason to believe that Cloudflare will do anything about this in the immediate future and in the meantime our users are suffering. If you have a better alternative, I'm all ears.
- There's a KDE Plasma integration extension too, maintained by the
KDE upstream. Do we want to install that by default as well?
Yes, we should!
For the record, I'm talking about: https://chrome.google.com/webstore/detail/plasma-integration/cimiefiiaegbelh... I forgot to include the link in the previous message.
On Tue, Apr 26 2022 at 07:14:57 PM -0400, Stephen Gallagher sgallagh@redhat.com wrote:
I have no reason to believe that Cloudflare will do anything about this in the immediate future and in the meantime our users are suffering. If you have a better alternative, I'm all ears.
It's just the same treatment that all other browsers have to suffer for ages....
On Tue, Apr 26, 2022 at 7:15 PM Stephen Gallagher sgallagh@redhat.com wrote:
On Tue, Apr 26, 2022 at 6:52 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 5:48 PM Stephen Gallagher sgallagh@redhat.com wrote:
...
- Enable Chrome's auto-detection of DNS-over-HTTPS. It ships as
disabled by default in Chrome currently, but it can be set to an 'auto' mode that will prefer DoH if it can determine that the DNS server supports it.
This breaks corporate VPNs very hard, so probably not.
Could you expand on this please? I'd just like to have some information to kick back at the requesting parties.
Last time I tried it a few months back, Chrome switched to DoH automatically under a variety of corporate VPN configurations I tested from my workplace (split DNS, tunnel DNS, etc.). The experience when that happens is confusing depending on how the VPN works. Mine just results in unresolvable things some of the time, but I know other workplaces have more painful experiences when that happens.
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
I'd like to keep this, and this seems like something where Cloudflare should be fixed to deal with it. :(
I have no reason to believe that Cloudflare will do anything about this in the immediate future and in the meantime our users are suffering. If you have a better alternative, I'm all ears.
Yeah, I dunno. Does Cloudflare know about it yet?
- There's a KDE Plasma integration extension too, maintained by the
KDE upstream. Do we want to install that by default as well?
Yes, we should!
For the record, I'm talking about: https://chrome.google.com/webstore/detail/plasma-integration/cimiefiiaegbelh... I forgot to include the link in the previous message.
I figured that was the one you're talking about. There's also a Firefox counterpart too that I think would be worth having too.
On Tue, Apr 26, 2022 at 7:22 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 7:15 PM Stephen Gallagher sgallagh@redhat.com wrote:
On Tue, Apr 26, 2022 at 6:52 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 5:48 PM Stephen Gallagher sgallagh@redhat.com wrote:
...
- Enable Chrome's auto-detection of DNS-over-HTTPS. It ships as
disabled by default in Chrome currently, but it can be set to an 'auto' mode that will prefer DoH if it can determine that the DNS server supports it.
This breaks corporate VPNs very hard, so probably not.
Could you expand on this please? I'd just like to have some information to kick back at the requesting parties.
Last time I tried it a few months back, Chrome switched to DoH automatically under a variety of corporate VPN configurations I tested from my workplace (split DNS, tunnel DNS, etc.). The experience when that happens is confusing depending on how the VPN works. Mine just results in unresolvable things some of the time, but I know other workplaces have more painful experiences when that happens.
I just did a bit of research on it. I guess I can see where it might be problematic enabled by default, but Firefox (upstream, not sure about our build) has had it enabled by default for three years. I guess I don't love the idea of being inconsistent here.
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
I'd like to keep this, and this seems like something where Cloudflare should be fixed to deal with it. :(
I have no reason to believe that Cloudflare will do anything about this in the immediate future and in the meantime our users are suffering. If you have a better alternative, I'm all ears.
Yeah, I dunno. Does Cloudflare know about it yet?
I don't know. I've reported it to Gitlab and asked them to reach out to Cloudflare via their support channels, but I don't think that's happened yet. They haven't even responded to our bug report at all so far. Even if they do, Fedora represents such a small percentage of Cloudflare's potential user base that I cannot see them prioritizing a fix very highly.
- There's a KDE Plasma integration extension too, maintained by the
KDE upstream. Do we want to install that by default as well?
Yes, we should!
For the record, I'm talking about: https://chrome.google.com/webstore/detail/plasma-integration/cimiefiiaegbelh... I forgot to include the link in the previous message.
I figured that was the one you're talking about. There's also a Firefox counterpart too that I think would be worth having too.
https://addons.mozilla.org/en-US/firefox/addon/plasma-integration/ I presume?
It probably is worthwhile, but as I'm only maintainer of the fedora-chromium-config package, it's out of scope for this particular discussion.
(Long-term, it might not be a bad idea to rename from fedora-chromium-config to fedora-browser-config and handle Firefox and/or other browsers in a common place. For now, though, I'm trying to limit it to what I am already familiar with.)
On Tue, Apr 26, 2022 at 7:30 PM Stephen Gallagher sgallagh@redhat.com wrote:
On Tue, Apr 26, 2022 at 7:22 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 7:15 PM Stephen Gallagher sgallagh@redhat.com wrote:
On Tue, Apr 26, 2022 at 6:52 PM Neal Gompa ngompa13@gmail.com wrote:
On Tue, Apr 26, 2022 at 5:48 PM Stephen Gallagher sgallagh@redhat.com wrote:
...
- Enable Chrome's auto-detection of DNS-over-HTTPS. It ships as
disabled by default in Chrome currently, but it can be set to an 'auto' mode that will prefer DoH if it can determine that the DNS server supports it.
This breaks corporate VPNs very hard, so probably not.
Could you expand on this please? I'd just like to have some information to kick back at the requesting parties.
Last time I tried it a few months back, Chrome switched to DoH automatically under a variety of corporate VPN configurations I tested from my workplace (split DNS, tunnel DNS, etc.). The experience when that happens is confusing depending on how the VPN works. Mine just results in unresolvable things some of the time, but I know other workplaces have more painful experiences when that happens.
I just did a bit of research on it. I guess I can see where it might be problematic enabled by default, but Firefox (upstream, not sure about our build) has had it enabled by default for three years. I guess I don't love the idea of being inconsistent here.
It's disabled by default in Fedora's build of Firefox for the same reason. Firefox prompts you on the first run about it because we disable it by default.
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
I'd like to keep this, and this seems like something where Cloudflare should be fixed to deal with it. :(
I have no reason to believe that Cloudflare will do anything about this in the immediate future and in the meantime our users are suffering. If you have a better alternative, I'm all ears.
Yeah, I dunno. Does Cloudflare know about it yet?
I don't know. I've reported it to Gitlab and asked them to reach out to Cloudflare via their support channels, but I don't think that's happened yet. They haven't even responded to our bug report at all so far. Even if they do, Fedora represents such a small percentage of Cloudflare's potential user base that I cannot see them prioritizing a fix very highly.
- There's a KDE Plasma integration extension too, maintained by the
KDE upstream. Do we want to install that by default as well?
Yes, we should!
For the record, I'm talking about: https://chrome.google.com/webstore/detail/plasma-integration/cimiefiiaegbelh... I forgot to include the link in the previous message.
I figured that was the one you're talking about. There's also a Firefox counterpart too that I think would be worth having too.
https://addons.mozilla.org/en-US/firefox/addon/plasma-integration/ I presume?
Yep!
It probably is worthwhile, but as I'm only maintainer of the fedora-chromium-config package, it's out of scope for this particular discussion.
(Long-term, it might not be a bad idea to rename from fedora-chromium-config to fedora-browser-config and handle Firefox and/or other browsers in a common place. For now, though, I'm trying to limit it to what I am already familiar with.)
Makes sense. Feel free to reach out to the KDE SIG (Matrix[1], tracker[2], list[3]) and see if anyone might be willing to help out here. Your best bet would be either via Matrix or the tracker.
[1]: https://matrix.to/#/#kde:fedoraproject.org [2]: https://pagure.io/fedora-kde/SIG/issues [3]: https://lists.fedoraproject.org/archives/list/kde@lists.fedoraproject.org/
On Tue, Apr 26 2022 at 07:21:31 PM -0400, Neal Gompa ngompa13@gmail.com wrote:
Yeah, I dunno. Does Cloudflare know about it yet?
I actually attempted to contact them once to let them know that their official instructions for configuring 1.1.1.1 using gnome-control-center are wrong. (The instructions failed to uncheck the Automatic toggle, so 1.1.1.1 gets used in *addition* to DNS from DHCP rather than exclusively. I'd link to this, but don't feel like completing their "checking your browser before accessing cloudflare.com" captchas today.) I don't think they've fixed it as of yet. Presumably they would react more urgently to all Fedora users being broken, though? It's probably just a matter of getting attention of the right people.
Michael
On Tue, Apr 26, 2022 at 7:42 PM Neal Gompa ngompa13@gmail.com wrote: ...
It's disabled by default in Fedora's build of Firefox for the same reason. Firefox prompts you on the first run about it because we disable it by default.
OK, I didn't realize our Firefox ships without it as well. I'll keep this out for now, then.
I'd appreciate a review on https://src.fedoraproject.org/rpms/fedora-chromium-config/pull-request/5 (particularly the KDE extension, since I don't run Plasma) before I push this to Rawhide.
On Tue, Apr 26 2022 at 05:48:16 PM -0400, Stephen Gallagher sgallagh@redhat.com wrote:
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
We're OK with dropping Fedora user agent from Chrome, Firefox, and WebKit. I will handle the WebKit change and notify the Firefox devs. Seems you've already handled Chrome. Thanks!
On Wed, May 4, 2022 at 11:10 AM Michael Catanzaro mcatanzaro@gnome.org wrote:
On Tue, Apr 26 2022 at 05:48:16 PM -0400, Stephen Gallagher sgallagh@redhat.com wrote:
- Drop the user-agent extension. Ever since the advent of Chrome
v100, various sites (particularly those that rely on Cloudflare[2] such as Gitlab.com) have been having difficulties when this is enabled. As its utility is limited (mostly just for metrics purposes), I think the easiest solution is to just remove it.
We're OK with dropping Fedora user agent from Chrome, Firefox, and WebKit. I will handle the WebKit change and notify the Firefox devs. Seems you've already handled Chrome. Thanks!
We are?
On Wed, May 4, 2022, 12:29 PM Michael Catanzaro mcatanzaro@gnome.org wrote:
On Wed, May 4 2022 at 12:12:58 PM -0400, Neal Gompa ngompa13@gmail.com wrote:
We are?
We are!
Why?
On Wed, May 4 2022 at 12:38:55 PM -0400, Neal Gompa ngompa13@gmail.com wrote:
Why?
It was added to get usage statistics from some Wikimedia site that shut down 5+ years ago, so we haven't used it in a real long time. There's some value to website operators who find it interesting, I suppose, but that doesn't outweigh the disadvantages:
For Chrome, it has to go because of the version 100 Cloudflare trouble.
For WebKit, it's nice to remove it because of persistent troubles with specific websites that require debranding quirks.
For Firefox, I don't know any specific problems, but I wouldn't be surprised if it encounters version 100 trouble too.
For all of the above, it's another data point for fingerprinting users. Admittedly it is not a very big one, but it's better to not have it than to have it.
Michael
On Wed, May 4, 2022 at 1:05 PM Michael Catanzaro mcatanzaro@gnome.org wrote:
On Wed, May 4 2022 at 12:38:55 PM -0400, Neal Gompa ngompa13@gmail.com wrote:
Why?
It was added to get usage statistics from some Wikimedia site that shut down 5+ years ago, so we haven't used it in a real long time. There's some value to website operators who find it interesting, I suppose, but that doesn't outweigh the disadvantages:
For Chrome, it has to go because of the version 100 Cloudflare trouble.
For WebKit, it's nice to remove it because of persistent troubles with specific websites that require debranding quirks.
For Firefox, I don't know any specific problems, but I wouldn't be surprised if it encounters version 100 trouble too.
For all of the above, it's another data point for fingerprinting users. Admittedly it is not a very big one, but it's better to not have it than to have it.
I disagree. I *deliberately* want Fedora showing up and growing in this manner. If Chrome OS can advertise itself uniquely so it's broken out and people take note enough to test for it, I think it's equally worth it for Fedora to show up. I know it has positively influenced things in Fedora users' favor before in less than obvious ways, so I'd prefer to keep it.
In any case, Alberto Ruiz reached out to Cloudflare via Twitter, and it is now being looked into on their part.
On Sat, May 7, 2022 at 7:19 PM Neal Gompa ngompa13@gmail.com wrote:
On Wed, May 4, 2022 at 1:05 PM Michael Catanzaro mcatanzaro@gnome.org wrote:
On Wed, May 4 2022 at 12:38:55 PM -0400, Neal Gompa ngompa13@gmail.com wrote:
Why?
It was added to get usage statistics from some Wikimedia site that shut down 5+ years ago, so we haven't used it in a real long time. There's some value to website operators who find it interesting, I suppose, but that doesn't outweigh the disadvantages:
For Chrome, it has to go because of the version 100 Cloudflare trouble.
For WebKit, it's nice to remove it because of persistent troubles with specific websites that require debranding quirks.
For Firefox, I don't know any specific problems, but I wouldn't be surprised if it encounters version 100 trouble too.
For all of the above, it's another data point for fingerprinting users. Admittedly it is not a very big one, but it's better to not have it than to have it.
I disagree. I *deliberately* want Fedora showing up and growing in this manner. If Chrome OS can advertise itself uniquely so it's broken out and people take note enough to test for it, I think it's equally worth it for Fedora to show up. I know it has positively influenced things in Fedora users' favor before in less than obvious ways, so I'd prefer to keep it.
In any case, Alberto Ruiz reached out to Cloudflare via Twitter, and it is now being looked into on their part.
Oh, and just in case you weren't aware: Ubuntu does this too, so all it will look like to website operators is that we disappeared off the face of the earth.
<sarcasm> Yay! </sarcasm>
On Sat, May 07, 2022 at 07:19:00PM -0400, Neal Gompa wrote:
I disagree. I *deliberately* want Fedora showing up and growing in this manner. If Chrome OS can advertise itself uniquely so it's broken out and people take note enough to test for it, I think it's equally
Until we're getting mandated by school deparments, I don't think we'll have the scale to make the second part work.
On Sat, May 07, 2022 at 07:50:36PM -0400, Neal Gompa wrote:
Oh, and just in case you weren't aware: Ubuntu does this too, so all it will look like to website operators is that we disappeared off the face of the earth.
Honestly, I think it'd be best off to convince them to follow suit, so that it's a combined "Linux" pool. I certainly hope website developers aren't having to special-case things in Firefox for whether it's Fedora Linux or Ubuntu underneath.
desktop@lists.stg.fedoraproject.org