• jmcs@discuss.tchncs.de
    link
    fedilink
    arrow-up
    90
    ·
    1 year ago

    *Badly outdated Chrome with a bunch of critical vulnerabilities.

    Don’t forget every Electron app comes with its own Chrome.

    • qaz@lemmy.world
      link
      fedilink
      arrow-up
      41
      ·
      edit-2
      1 year ago

      Last time I checked the version Electron used by Discord was severely out of date causing several issues that had been solved months ago upstream. That’s the fault of Discord, not Electron but there are several issues with Chromium that I have to deal with on every Electron app I use. Compose sequences are still partially broken. I reported it at Chromium but they responded with a video of them testing it on Windows (not with a VM), said they couldn’t reproduce the issue (with a Linux specific input method?!) and then marked it as unreproducible.

        • SmoothIsFast@citizensgaming.com
          link
          fedilink
          arrow-up
          20
          arrow-down
          1
          ·
          1 year ago

          They use plain text and there biggest shareholder is the Tencent (the CCP let’s be real) are you surprised? It’s literally a data farm for China…

        • dinckel@lemmy.world
          link
          fedilink
          arrow-up
          7
          ·
          1 year ago

          They updated to a version that included a patch for that exploit, however it doesn’t matter in the grand scheme of things, because they’re still on 22.x, support for which has already been terminated

      • halva@discuss.tchncs.de
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        Problem is, for any somewhat big project (like discord) updating Electron without something breaking is a nightmarishly complex venture as Electron doesn’t seem to care about backwards compatibility.

        • I Cast Fist@programming.dev
          link
          fedilink
          English
          arrow-up
          12
          ·
          1 year ago

          The error is in picking Electron in the first place. One particular case that I’ve had with several Electron apps are zombie processes. You close the window, but you check the task manager and see 4-5 processes hanging in there, eating resources for no reason.

          • qaz@lemmy.world
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            1 year ago

            I agree that it’s silly to package your app as a website with a browser but what other options do you have? GTK is difficult to get working on Windows, wxwidgets requires installing libraries on every system and Qt is either paid or LGPL. The only real crossplatform options seem to be Flutter and some .NET frameworks.

            • I Cast Fist@programming.dev
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              FreePascal + Lazarus have been desktop crossplatform for many years. “But it’s Pascal! Nobody uses Pascal! And the defaults are fugly!”, fair enough, but it offers compatible crossplatform UI with a single codebase.

              Java also lets you write UI stuff and keep a single codebase for multiple platforms, thanks to the JVM. It always looks “weird” or “ugly” next to whatever OS’s default UI is and also needs a compatible JRM installed, but it works.

              Nowadays, web/javascript projects can opt for Tauri or Neutralinojs instead of Electron. They use the OS’s native HTML renderer, no browser required.

    • rdri@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Steam is using CEF v85 (not Electron but still). Should have gone “please be aware to not visit even slightly shady websites until we update it” but instead went “oh you must like security, so we announce that we will drop Windows 7/8 support in half a year (because CEF Microsoft doesn’t support it anymore) so you could play your games more securely”.