Roughly 2 weeks ago Google patched a critical vulnerability, CVE-2023-4863, that was being exploited in the wild. The broad impact of the root cause of the vuln and the fact that it will have a long tail of unpatched software has been poorly communicated. You can read more in @dangoodin 's excellent article on Ars Technica.
As pointed out in the article above, Electron is based on Chromium and is impacted. Electron is bundled in a ton of apps that people might overlook.
I threw together the following shell command to help macOS audit which versions of Electron apps are installed.
find /Applications -type f -name "*Electron Framework*" -exec <br></br> sh -c "echo "{}" && strings "{}" | grep '^Chrome/[0-9.]* Electron/[0-9]' | head -n1 && echo " ;<br></br>
When run, you should see something similar to the following:
/Applications/Visual Studio Code.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework<br></br>Chrome/114.0.5735.289 Electron/25.8.1<br></br><br></br>/Applications/Slack.app/Contents/Frameworks/Electron Framework.framework/Versions/A/Electron Framework<br></br>Chrome/116.0.5845.188 Electron/26.2.1<br></br>
So wait building all these "secure" chat apps on a browser engine packaged in a thin layer of UI, with its insane number of dependencies and the gigantic, immense attack surface that this entails, was somehow a bad idea?
Who knew! Who could have foreseen this! Shocking, really.
Want to see #Electron apps on #Linux support autostart in a standard way like macOS and Windows, without developers having to write Linux-specific code?
We can make it happen! Linux uses Portals which abstract away the details and can be implemented in frameworks like Electron to be used the same way as on other platforms.
Any Electron app on Linux (like Discord, Bitwarden, Slack, etc.) would benefit from this work, whether running as a #Flatpak or not.
Die Anwendung ermöglicht den Konsum von YouTube-Videos auf dem Desktop und schützt die Privatsphäre der Anwender:innen. Weil es eine Electron-Anwendung ist, sei zur Vorsicht gemahnt.
Before #electron, there were many apps built upon #Firefox's engine via xulrunner. It's very unfortunate that #Mozilla ceded this space and allowed Chrome-based apps to fill in the gap. Regardless of your opinion about browser based apps, it's unfortunate that they're such a platform monopoly now.
Has anyone got #goldwarden running on their #linux distribution? The application opens for me, but none of the buttons are clickable. I tried to make sense of the Getting Started section in the wiki and used the commands outlined alongside flatpak run to no avail. https://github.com/quexten/goldwarden
Would be nice not to have to stare at #bitwarden ('s) smeary scaled #electron UI and instead use a nice #gtk4 app like Goldwarden. 🤓️
Do I do the workaround to be able to install #bitwarden in #nixos by permitting the insecure package #electron which is listed in the error message as EOL #endoflife
{
nixpkgs.config.permittedInsecurePackages = [
"electron-24.8.6"
];
}
or is there a better solution (other than bitwarden-cli).
Looks like my comment about #Electron caused general shock and panic 😛 Don't worry, I still think desktop apps written in HTML suck for the users - it's just that it really is hard to build a good looking native UI even for one platform, so I see how using web tech makes more practical sense. #MacDev
HASTE = Hypersonic Accelerator Suborbital Test Electron
"Rocket Lab’s new HASTE launch vehicle, derived from the Electron rocket, will provide high-cadence suborbital flight test opportunities to advance hypersonic system technology development"
So, I finally got my Framework Laptop. A day early, too! Beautiful machine, I must say. I put the RAM and SSD in, followed the instructions and I made my choice of operating system.
I hesitated a lot between @fedora and Elementary, but in the end, I went with Fedora because it was recommended and I love @gnome. When @elementary 8 releases, I'll make sure to check it out, though.
Battery life has been surprisingly good! I've done a lot of things on it today, lots of downloading, opening and closing stuff, with constant downloading and music streaming in the background. I've been losing around 10% per hour.
Honestly, it's all good hardware side. I'm still not a fan of the keyboard which could be a deal breaker as this is the one thing that I'm stupidly picky with, but I think I just need to get used to it.
My issues are more with the software and on that, there isn't much the @frameworkcomputer team can do.
First off, the animations in GNOME just aren't smooth and I can't seem to figure out why, I'm never getting that buttery smooth 60 fps scrolling, for exemple. But I can deal with this.
No, my two big gripes for now, are : Scrolling speed. I've looked it up and I found people complaining about of a simple "scroll speed" adjuster in GNOME for years. It's a massive issue right now, scrolling is just ridiculously sensitive and because I'm not a very technical person, I haven't been able to figure out how to fix it. :(
Another thing is... what's up with #electron apps? I use three. Notesnook, Cider 2 for Apple Music and #Signal. All three look blurry.
Notesnook takes it one step further by being especially weird at this. I used two versions of the app. The Flatpak. And the Appimage. Both have their own annoyances. The flatpak is crisp af, I love it, BUT... it's header is light theme only, not following the theme of GNOME and the mouse cursor gets either huge or tiny when using it. The Appimage though, follows the theme correctly, has normal size cursor... but is a blurry mess.
@notesnook Is this something you can fix? Or is this just out of your control?
It's my understanding that Electron apps and Wayland are not into each other? I hope they accept one another soon and kiss, because this is really bothering me. And I hate that I don't know how to contribute to this, so I'm sitting here. Complaining. While not contributing anything. Like an asshole. :(
A latency-hating emulator of 8- and 16-bit platforms: the Acorn Electron, Amstrad CPC, Apple II/II+/IIe and early Macintosh, Atari 2600 and ST, ColecoVision, Enterprise 64/128, Commodore Vic-20 and Amiga, MSX 1/2, Oric 1/Atmos, early PC compatibles, Sega Master System, Sinclair ZX80/81 and ZX Spectrum....
Acorn Electron - An Unexpected £20 Dirty Treasure - Pixel Refresh (www.pixelrefresh.com)
Dive into the world of Acorn Computers! A £20 discovery, as I journey through my Acorn Electron restoration and history.
CLK (github.com)
A latency-hating emulator of 8- and 16-bit platforms: the Acorn Electron, Amstrad CPC, Apple II/II+/IIe and early Macintosh, Atari 2600 and ST, ColecoVision, Enterprise 64/128, Commodore Vic-20 and Amiga, MSX 1/2, Oric 1/Atmos, early PC compatibles, Sega Master System, Sinclair ZX80/81 and ZX Spectrum....