
Chrome browser for businesses - vikiomega9
https://enterprise.google.com/chrome/chrome-browser/
======
jpochtar
Is anyone else concerned that this means IT can choose to hold back the
version of Chrome in their organizations? Auto-updating Chrome has been low
key one of the best solutions to the pain of backwards compatibility with
older browsers. In the past we not only had to worry about compatibility
between browsers, we had to worry about compatibility between browser
versions. Further, auto-updating Chrome as dramatically reduced the time from
new web feature implementation to widespread deployment and thus usability. I
take it that turning off auto-updating will not be widespread, but I'd rather
not risk it

~~~
dingaling
Companies have far too much internal plumbing to permit browsers to auto-
update themselves. Being feature-compatible with the latest SV-poster-child
website is insignificant compared to maintaining stability for the tax-
management team's internal web app.

I was once involved in an IE6 -> IE8 upgrade for a Fortune 100 corporation. It
took nine months to analyze all the possible impacts and implement mitigations
before the first internal production release. And that was _fast_ on account
of teams being forced to particpate by C-officer mandate.

By the time the deployment was finished, which required several more months,
IE10 was mainstream in the Real World.

~~~
tomelders
I think this is a weak argument. The problem here is that companies think that
software can exist in some sort of "done" state, where no further updates or
development is required.

That has never been true.

The hardware and software changes. The infrastructure it connects to changes.
But most importantly, your workflows must evolve if you are to remain
efficient.

If you roll your own software, you either commit to constantly updating it, or
you commit to throwing a ton of money down the drain when its rots away to the
point where it is no longer fit for your workflow or for the world it operates
in.

Software is never finished, only abandoned.

~~~
DougN7
I question if you've worked with large enterprises. They freeze everything for
a decade or more. Think about a bank with 500 offices, a dozen tellers at each
office. Having their internal web app that everyone uses go down because of an
auto upgrade could cost them hundreds of millions. They have a very different
risk appetite.

~~~
illumin8
That doesn't mean this is a good practice. In fact, I would argue that this
type of thinking has created far more harm than good for both the IT industry
as well as the companies that adopt this harmful practice.

Case in point: many of these same companies that refuse to upgrade systems for
a decade or more are still running Windows XP and Server 2003. Due to the
negligence of their IT leadership, they are now vulnerable to all types of
security vulnerabilities that won't be patched, and have put both their
business and their customer's private data at risk.

This is no different than a state or local government refusing to maintain
critical infrastructure like bridges and tunnels. Negligence might be viewed
as conservatism for a few years, but when the bridge collapses because routine
maintenance wasn't performed, it becomes clear that the administration who
neglected maintenance was at fault.

The sooner the cancerous idea, that IT software can be frozen in some golden
state of perpetually providing business value with zero maintenance required,
dies, the better.

Modern, thoughtful IT leadership realizes the value in a continuously updated,
secure browser. Chrome is already winning the browser war in the Enterprise
for this reason alone. This just provides additionally needed controls like
white-listed extensions that are known to be safe.

~~~
gajjanag
> That doesn't mean this is a good practice. In fact, I would argue that this
> type of thinking has created far more harm than good for both the IT
> industry as well as the companies that adopt this harmful practice.

> Case in point: many of these same companies that refuse to upgrade systems
> for a decade or more are still running Windows XP and Server 2003. Due to
> the negligence of their IT leadership, they are now vulnerable to all types
> of security vulnerabilities that won't be patched, and have put both their
> business and their customer's private data at risk.

There are legitimate reasons for this though. The way I understand it, a big
chunk of the problem is that many software vendors refuse to properly separate
security related updates from regular updates. Firefox at least has an ESR
version, AFAIK there is no equivalent for Chrome. See also attitudes like that
mentioned in:
[https://news.ycombinator.com/item?id=9164251](https://news.ycombinator.com/item?id=9164251)

Similar examples can be given for MATLAB - I know of many professors who ask
students to run some old and fixed version of MATLAB for many years - they do
not want to waste their time dealing with the breakage that inevitably happens
with newer releases.

If all vendors actually put in effort into maintaining LTS versions, the
situation could be different.

I do agree that the idea of perpetual business value with zero maintenance in
a frozen state doesn't make sense - but as a business, I would always be
interested in minimizing my maintenance burden.

~~~
illumin8
As another commenter mentioned, LTS for Windows XP and Server 2003 is very
good - where else can you expect 15+ years of support?

> but as a business, I would always be interested in minimizing my maintenance
> burden.

The argument that I'm trying to make is that by deferring maintenance until it
is too late, you're actually dramatically increasing your maintenance burden
in the long term. Testing and maintenance fixes for your app to support Chrome
updates, which rarely break anything, will be much lower over a 10+ year (or
probably even 5+ year) timeframe than just sticking your head in the sand and
making someone 10 years from now pay an astronomical cost to refactor the app
completely.

------
m-p-3
This isn't a new thing at all, but more awareness to the sysadmins shouldn't
hurt.

Also, let me point you to the Legacy Browser Support extension.

[https://chrome.google.com/webstore/detail/legacy-browser-
sup...](https://chrome.google.com/webstore/detail/legacy-browser-
support/heildphpnddilhkemkielfhnkaagiabh)

With proper GPOs you can force a domain/subdomain to open in IE directly from
any links.

~~~
reitanqild
For Firefox there is (was?) IETab which lets you open websites in IE tabs
inside Firefox. I think there was even an option to specify that certain
websites (e.g. the Intranet, certain banks) should always open in IETab.

Haven't used it for years but back when I was a Windows sysadmin it was the
final proof that FF was better than IE: in addition to being Firefox it could
also be IE : )

~~~
whateveracct
IETab - now that's a blast from the past o.O

~~~
technion
I've got a medical application that only works in Firefox running IETab.
Interestingly, it doesn't work in any version of IE. It's an odd product.

~~~
Quenz
How the hell did this app manage to get developed?

~~~
brongondwana
By somebody running IETab, duh

------
twblalock
One notable thing about the dominance of Chrome (and the decline of Firefox)
is that WebKit is now a de facto standard. The desktop and mobile versions of
Chrome and Safari are based on it, and according to Microsoft, "any Edge-
WebKit differences are bugs that we’re interested in fixing."
([https://en.wikipedia.org/wiki/Microsoft_Edge](https://en.wikipedia.org/wiki/Microsoft_Edge)).
That covers every major desktop and smartphone browser except Firefox.

At some point, developers are going to target their stylesheets for WebKit
only, because Firefox rendering differences are going to be seen as nuisances
that aren't worth overcoming in order to reach a tiny minority of users.
Firefox will have to work toward WebKit compatibility as Microsoft Edge does.

WebKit is doing pretty well for something that was originally part of KDE.

~~~
epalmer
I manage 134 branded sites for a university and a handful of other sites. We
target IE11, Edge, Safari, FireFox and Chrome compatibility with desktop and
mobile (ios, android). Once Microsoft announced sunsetting support for earlier
browser versions our job got a lot easier. We all said "thanks MS, took you
long enough".

In the last 30 days for the branded sites we have roughly these percentages of
sessions by browser:

    
    
      chrome  46%
      safari  32% 
      ie      11%
      firefox 8%
      edge    2%
    

This for about 370,000 sessions.

We will continue to support the same browsers for the next two to three years
and then adjust as needed.

~~~
mattwoodnyc
Thank you, I'm always interested in seeing browser metrics in other
industries. I'm assuming safari is so high due to your higher-ed audience.

~~~
epalmer
We have a lot of Mac users in the student body. More than 60%. Also iOS users.

~~~
twblalock
I bet the majority of your Safari numbers come from iOS users. A lot of Mac
users ignore Safari and use Chrome.

------
reitanqild
For me Chrome is already the new IE: good enough to saturate the market to the
point where devs stops caring about standards compliance.

Personally I have tried to like it, multiple times but I always get annoyed
and go back to FF. But then again I prefer Linux over Mac and Netbeans over
IntelliJ so maybe it's just me.

~~~
Quenz
I used to switch between Chrome and Firefox all the time before finally Chrome
won me over with the most convenient cloud sync for bookmarks, passwords, etc.

~~~
valarauca1
Password sync in browser is a piss-poor password manager solution. You should
just use a password manager

~~~
whyagaindavid
Why is password sync in browser bad? Care to explain? I hate to have another
password application; Dropbox sync t everywhere. Remember Firefox sync
encrypts everything before upload. So does chrome.

~~~
valarauca1
At rest the data isn't _necessarily_ encrypted. Also browser hacks are a dime
a dozen. It is the most exposed interface on your computer.

You are freely executing untrusted code from unknown parties, coming over
insecure and unencrypted channels. You really can't be sure _who_ is sending
HTTP.

And don't talk about sandboxes. There is a sandbox escape fix in every version
of Chrome. This isn't on google, there are way more attackers then fixers.

Basically webbrowsers are under constant concerted attack by every single bad
actor out there. And you trust them to sync and secure your passwords?

You have more faith in humanity then I.

------
krzyk
Is this about replacing one monopoly with another?

It is slowly starting too look like in the early 00's, most developers are
starting to support only chrome, with no testing in Firefox or latest IE.

On Android it is even worse, no one is testing with Firefox Mobile (Fennec) -
this is WinXP-IE6 all over again.

~~~
BinaryIdiot
I completely agree. It's re-enforced with Chrome's supplied dev tools which
are really, really nice (I always found them far better than Firefox's built-
in or Firebug).

It's going to be harder to unseat Chrome. IE 6 wasn't so difficult due to an
increase in competition who offered features that IE wasn't even working on
(standards, tabs, etc). How would you even unseat Chrome?

~~~
frik
Safari and nowadays Chrome DevTools are great.

I miss the "DOM" tab, that Firebug for Firefox had features had, and I haven't
found anywhere else. You can browse the DOM tree state and edit - similar to
Smalltalk and Windows Registry - very useful & powerful. Sadly, they just
killed Firebug, broke the addon, deactivated it with an update and replaced it
with a still not feature-complete (at the moment sub-par) solution.

~~~
bpizzi
I think that what you're asking for is already doable in the "Elements" tabs
of Chrome DevTools, no? Or maybe I didn't get what you really meant by "You
can browse the DOM tree state and edit"?

~~~
Manishearth
I think they're talking about the DOM tree, not the HTML element tree. Similar
to [https://addons.mozilla.org/en-US/firefox/addon/dom-
inspector...](https://addons.mozilla.org/en-US/firefox/addon/dom-
inspector-6622/)

------
vc4
It will be so much better for developers if there is another browser installed
apart from IE in all enterprises.

I still encounter companies downgrading to older version of IE to support
their legacy applications.

------
DannyBee
I thought this had been around forever? (I mean some form of installer and
deployment kit/admin tool)

I see other pages talking about it going back to 2010/2011

~~~
ksec
Wow, this is news to me. If it started in 2010/2011, then why are enterprise
still using IE?

~~~
gkoberger
Enterprises can't upgrade until all the software they depend on support
Chrome. And those services aren't in any particular rush.

------
newscracker
It's good to see that Chrome's auto-updates can be turned off and updates
pushed manually to users at a time of the IT administration team's choosing (I
had to dig down into a few links to find this information). But it seems like
there's nothing equivalent to Firefox ESR [1] in place, and Chrome would
continue to update with the same frequency as the general public release (of
the consumer focused version). Does anyone know if a longer term security-
only-updates model is available with this like Firefox ESR (just for the sake
of curiosity)? When I searched online I found a two year old reddit thread
that indicated there wasn't one.

[1]: [https://www.mozilla.org/en-
US/firefox/organizations/](https://www.mozilla.org/en-
US/firefox/organizations/)

------
therealmarv
Oh cool, a version for corporate rule fetishism admins who love controlling
their MSI files. Happy I don't work in such an environment.

~~~
sathackr
when the MSI file defaults to sending crash dumps that may contain
confidential financial information, to a server located in the developers
broom closet, yes, we have to control the MSI files.

Because admins have to answer to the auditors(and our conscience) when they
ask the question "How do you ensure that personal and confidential information
is not leaked from your environment"

Which is why Windows 10 is my worst nightmare.

~~~
dx034
I thought it can be switched off in the enterprise version of Windows 10?
AFAIK that's the only way how Microsoft was able to start convincing companies
to switch from Windows 7.

~~~
sathackr
They do provide a GPO object to turn off the "Telemetry" for Enterprise
versions.

But it still installs the entire Windows store with Candy Crush Saga,
Facebook, Minecraft, XBOX, etc. and they make it nearly impossible to remove.
Why on earth they would force that crap down the throat of their ENTERPRISE
customers is beyond me.

I fought with it for months and finally gave up and cancelled the deployment
project until MS offers a better way for enterprises to control the Window
Store.

Update: Added more below

\----

IE: When trying to build a secure environment, you must eliminate all
unnecessary attack surfaces. The customer did not need "XboxIdentityProvider"
installed their Windows 10 Enterprise environment. But this is something MS
feels must be installed on all Windows 10 PCs thus they made it nearly
impossible to remove.

------
vayarajesh
so much better for the web application world. Most of the support tickets /
issues are mostly related to the browser they are using. This is one step
closer to removing IE.\

------
valarauca1
This is a big negative for security. The best thing a sys-admin can do is
blindly click okay every update.

Out of date web browser bugs are pretty much THE mainstream hacking route. It
is the route of least resistance.

------
kozak
Chrome is the new IE. Enterprise apps are being developer with the assumption
that they will only even be run on Chrome, and become fragile because of that
assumption. A recent example: someone has set up a race condition of timers
that was only working (i.e. resolving in a specific order that is needed for
the app to work) in Webkit-based browsers. No one cared to fix that, because
it did work in Chrome, and that's all that's needed.

~~~
bitmapbrother
Windows 10 is the new IE

------
eb0la
I guess this is more oriented to the devices like, meeting room hardware (can
it be plugged to a VoIP server / Avaya switch?) that predates Polycom and
Cisco markets... using hangouts.

I guess for the TCO for Digital Signage devices is cheaper than the incumbents
(cost of Android signage app/web app vs Windows app/web app + remote
management control).

------
lee
I don't see a Linux version on there. Does anyone know when/if Google will
provide one?

~~~
kijin
They will, if and when there is demand for a Linux version of Enterprise
Chrome from large Enterprises with deep enough pockets. Which might or might
not ever happen.

------
cylinder
This is a silly off-topic request, but any chance someone knows of a theme
(ideally Wordpress) that looks like this page? I actually really like it and
could use it for my next project.

------
ComodoHacker
Are there any real differences besides support?

------
lhaussknecht
We already deployed chrome in the enterise to run our Chrome packaged app. Too
bad Google EOLed packaged apps....

~~~
fbender
ServiceWorker/Progressive Web Apps is the way to go. Works in any* browser.

* Any modern and recent browser, so no Safari support, at least until summer '17.

~~~
fbender
Please explain the downvotes. Parent talked about "Chrome Packaged Apps" which
are vendor-specific. Instead, I pointed to the cross-browser solution that is
recommended by Google and works today.

------
nunez
I thought this was a thing for years...?

------
damiien
The hidden passwords sharing would be a killer feature, especially for
business.

------
mmanfrin
Are the benefits of these things to enterprise customers just the protection
against dumb employees?

~~~
djhworld
Protection and control.

------
iampherocity
My apologies.

~~~
dang
Comments like this will get your account banned from HN. Please post civilly
and substantively, or not at all.

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

[https://news.ycombinator.com/newswelcome.html](https://news.ycombinator.com/newswelcome.html)

We detached this comment from
[https://news.ycombinator.com/item?id=13277020](https://news.ycombinator.com/item?id=13277020)
and marked it off-topic.

------
purity_resigns
Chrome is but IE writ large.

------
eriknstr
So this is what Google Ultron looks like. Neat.

------
chipsz
CSS Bug: Navbar disappears, but hovering menu links still works.

Chrome 55.0.2883.95

------
A_Crazy_Idea
For all those businesses without intellectual property or databases.

------
B1FF_PSUVM
> automatically sign you into all your favorite Google services

I'm dying to do that. "Give me convenience or give me death", as Jello Biafra
so well put it.

(Now, if they could make apps _not_ automatically sniff out each other's use
of a Google account ... like, keep blogger and maps out of gmail's knickers
...)

------
ktta
I think most interesting part of all this is that they're offering support for
this[1]. So that and it now being a part of G suite is making it an 'official'
service/product.

And since Chromium browser is an open source browser which receives many
contributions from many developers[2], this will add Google to the list of
companies which take contributions from OSS and make money off it.

Please correct me if I'm wrong, but I'm not aware of any other OSS product
which contributes to their revenue in a direct way. Only thing that comes
close is Kubernetes and then Tensorflow, but both aren't in the same 'level'
that chrome is in now.

[1]:[https://enterprise.google.com/chrome/contact/?lsc=assist](https://enterprise.google.com/chrome/contact/?lsc=assist)
[2]:[http://www.chromium.org/Home](http://www.chromium.org/Home)

~~~
cimnine
Look at Elastic's product, i.e. Elasticsearch, Logstash, Kibana, etc. Or
Oracle with MySQL and Java. Redhat's OpenStack. Spring for Java. EhCache. Even
.NET from Microsoft is also starting to accept third-party work. There are a
lot of such examples, and that's usually a good thing. Because it means that
there is someone with a different interest, than just working on cool things,
behind the product (i.e. Money) and driving it foreward. Also, having
professional support offered makes it sometimes much easier when convincing
stakeholders to build upon an OSS product instead of a closed source
equivalent.

~~~
alrs
If Openstack were to belong to anyone it would be Rackspace, not Redhat. It
hasn't belonged to anyone for a very long time.

I'd put money on Openstack (minus Swift) being an entirely legacy project by
2020.

