Hey. Google Keystone tech lead here. We are aware of the issue, and we've stopped the release. We're building a replacement that fixes the problem. In the meantime, to fix affected machines:
@norberg or any other Google Chrome/Keystone engineers:
WHY can you not make Chrome update like every other sane, well-behaved app?
Update notification -> User confirmation (or an OPTION for auto-updating) -> Download status.
Why do you insist on installing things into our startup sequence without our permission? If your intent is to "protect" users, increase the nagging. I'd be fine with Chrome refusing to load any website until Chrome is updated to the latest version.
Even Apple, who is notorious for making users' decisions for them, lets us choose when to update apps and operating systems.
Obviously they could have a consensual and transparent updating mechanism. This was not some sort of oversight.
Google's software is a cascade of lies and deceptions.
Think about this: when you start to tamper with Keystone agent, it never says anything to you, it just silently reinstalls itself somewhere else like spyware.
It will keep asking over and over for root access, without explaining why. They make it seem like your installation is incomplete without root access, but that is a lie. It will function fine running out of ~/Library/ as /Library. But there is no way to make it stop asking.
Google Earth, Google Drive, or many other Google products will re-install Keystone agent.
If I try deleting it, then that means I probably want it gone. They should prompt me to repair it or leave it alone.
You would think that Google would want to show off their updater. Even just a growl notification that an update has occurred.
But it makes sense why they don't want users thinking about it. If they were more transparent, they would say:
We've installed this software that will monitor your filesystem and make irreversible changes whenever we feel like it. Sometimes we will break things, but most of the time we won't and if we do break something, we will fix it. It is possible to disable, but you will have to search for it, because you will never discover it yourself. Oh, we could just have a checkbox in Preferences, but we want to make you work for it. And all you are doing is requesting that we stop updating, but we'll still be running.
it's telling that you're still willing to put up with all of this despite what appears to be several really, really angry posts about it.
you have tons of complaints in this thread about google's "bad behavior" but you continue to put up with it to by patronizing the company and their tools, without even apparently asking the question, "do i really need chrome?" or whatever. have you asked yourself why you keep their software on your computer if it's such a headache?
i'm sure i'll get the typical "but there's nothing better!!" response and there may not be, but it's telling of you personally that you are willing to get so upset with all of this and then... keep on keeping on.
Are the issues I've brought up not worth being frustrated about? Do you think I'm a hypocrite for complaining about the thing that I use?
What would you suggest I do?
I use Chrome sometimes. Firefox is bad in its own way, often emulating the worst of Chrome. Like, at least the Keystone agent is unobtrusive and you don't even know it is there. Last time I checked, Firefox's Updater.app is just as disrespectful to the user, but it is horribly inefficient and clumsy.
> WHY can you not make Chrome update like every other sane, well-behaved app?
Because that's how you end up with software that isn't updated, running old insecure versions.
As a user, I like it when my apps automatically update without me having to worry about it. The frustrating part about the Mac App Store is how it still makes you worry about updating apps.
> The frustrating part about the Mac App Store is how it still makes you worry about updating apps.
Wait, what? The Mac App Store updates your apps automatically in background (I know bc sometimes it tells me it can’t update a particular app until I exit it)
> I know bc sometimes it tells me it can’t update a particular app until I exit it
that's the part I find annoying. Contrast to iOS which doesn't have this problem. Obviously the model on iOS is a lot different (more restrictive backgrounding, apps are build to handle shutdown at any time), but its still a minor frustration I have with MAS.
While Sparkle is nice to have a standard way of updating apps, it makes the user worry about updating apps because it pops up dialogs and prompts you to download and install. I would much prefer it just update things for me automatically. If at all necessary, the Chrome approach of "hey, Chrome's been updated. next time you open the app you'll get the new version".
You can do this with sparkle! Our app that uses sparkle runs silent automatic background updates. No prompt for install needed! We could pop a changelog after update, to let the user know there has been one, but most often we don't.
You see a download bar on app icons in the Dock and Finder while they are updating, then a badge (blue dot prefix before the name) on recently updated apps.
Rarely (i.e. on new user accounts) it may ask you for the iCloud account (if it was a purchased app, I think) or administrator password (after some major OS installations).
How is that frustrating and "making you worry" about updating?
It seems like you haven't used the Mac App Store or have changed the default to manual updates.
MAS will download updates automatically, but it whinges and demands you tend to it if the app is open. Contrast to App Store on iOS, or Chrome, which just does everything in the background.
Obviously the model here is different, but its still a minor frustration to me.
This honestly. I've considered getting my parents a Chromebook because they're not technically literate (by their choice) enough to manage a Windows install. Non-automated updates is part of how we got into supporting IE7 forever. If updates were optional, they'd be on the same version I originally installed for them. This non-technically literate demographic is much larger than any of the vocal minority on HackerNews.
Those of us who are fine with running slightly outdated software are probably safe from whatever minor vulnerabilities we might be exposing ourselves to. Regardless, the choice should always be left up to the user. It doesn't have to be one way or the other to make you and me both happy—there can be an "auto-update" setting and a "never check for updates" setting.
100% agree. I shouldn't have to go to war with Google to use their product on my update terms. It's my machine, not Google's. They can ask that I update but they cannot demand.
I’m sure most engineers on the team feel awful. They’re clearly trying, and maybe in a day or so we should figure out the nags ember breakdown. But for the time being, let’s let engineers do their job?
There is no legitimate reason for a user-space install to manipulate system directories. So for an install to do so, there must have been an conscious decision made and code written to make real.
Therefore, for this system manipulation to have both been introduced and released, "most engineers on the team" either raised no problems with it or did not consider the implications of this decision.
> But for the time being, let’s let engineers do their job?
They did their job, which resulted in the release of this system destabilizing product.
Perhaps the job they should have done was to consider their work product be one which did not assume complete control of the machine onto which it runs?
Ok, but with newer macOS releases, SIP is enabled. I'm assuming the Google developers working on this are doing their developer work on newer SIP enabled releases....
No. They bear some responsibility for their abusive updating mechanism. They did bad and they should feel bad.
Users have no choice but to take whatever updates they throw at us, and have no recourse but to sit around and wait for another update to be pushed.
There is no way to roll updates back, and disabling updates is obfuscated and hidden away behind an obscure terminal command that nobody would discover on their own.
Google invited themselves into the guts of our computer on the pretense of updating their browser, and then they made a mess.
If Google explicitly laid out what they were doing and asked permission, many users would not grant it, which is why they are so covert about it. It isn't that it is being unobtrusive, it is that it is hiding.
I swear, only Google can get away with this. Nobody was this defensive when Microsoft pushed Windows 10 on people.
2 days ago keystone and the updater was pumping 100% cpu
Killing it resulted in a relaunch and 100% cpu. There is no way to stop this except for unloading the launch agent, AND launchdaemon. Removing the application and killing the instance.
The os platform providers updates.. use that instead of crafting your own malware.
How would you like it if your car suddenly has a top speed of 15mph, and no power steering, because someone wanted to update the number of radio presets.
Huh. My wife uses Chrome (won't switch to Safari, even as she constantly complains about her battery life—go figure) and the last couple days she'd been saying that her battery life on her Macbook Air had suddenly dropped to like 25% of what it had been, leaving her seeking wall power every hour or so. Wonder if it was that.
Of course then it stopped booting at all yesterday so if it was that then it must have pushed the 4.5yr old battery over the edge and killed it. Or overheated something until it died. I don't think those fans have ever been cleaned.
Especially since the OS will prevent the attempt from succeeding on most Mac installations. Presumably it is a sloppy mistake, but one in an attempt to do … something … that is probably nefarious.
I suppose that's how it happened; some code to tamper with `/var` was accidentally (most likely - I doubt this was intentional/malicious) added into the update script. When this was tested and run through QA, everything looked OK because everyone is running Mac OS with SIP enabled
Makes me wonder if other software might be attempting to damage the system (totally by mistake) but SIP is preventing it, making it quite deadly to use said good software if you happen to turn off SIP for stuff like debugging
What's the bet Google disclaim any and all liability for this? eg the time taken to fix this, loss of income, etc.
Seems an awful lot of work related computers (eg Avid systems, and more) have been rendered inoperatable until someone manually boots and fixes each one.
Honestly, if you're going to go this far, why not switch to Firefox or another Chromium/Blink-based browser, like Brave?
It seems kind of counter productive to kill off the auto update system when you can just as easily switch to a browser that just doesn't do what Keystone does.
I stopped using firefox years ago when chrome got good, and was happy. I wasn't happy with chrome recently (especially memory and CPU usage), and tried switching back to firefox shortly after the quantum release. I've been happily using it since, and have found comparable or lower resource usage. It actually does fine for me, even with tons of tabs (or as fine as any web browser does).
Sure. I hear that, but there have been some specific MacOS issues that have lead to it performing worse on MacOS than on other platforms, and they seem to be getting addressed in the Nightly builds.
In general, I've found it to be much better than Chrome, but as always YMMV.
I've had the same feeling many times with both Firefox and Chrome in the past.
I think in the end that's something that you have to test out for yourself periodically, as it seems to be great differences of which is the best performer across OSs and devices. As a rule of thumb I try to do a short evaluation of each of them every ~5 releases.
It is much better (using v70 beta 8), but still has areas where performance lags behind Chrome. On a large board in https://miro.com/, for example, Firefox is laggy and jittery, whereas Chrome is buttery smooth.
We shall see. So far using some "tab discard" plugin is essential to reasonable performance. Somehow having many tabs/windows open slows down firefox a lot, event though they aren't wasting CPU (I have most javascript disabled).
I usually do chflags schg instead of chmod 000. I know it might seem like overkill, but Google is very sneaky, and I would not put it past Keystone to just change the permissions for itself.
Thank you! Because of Keystone, I have decided to treat Google Chrome as malware. I won't install it unless I really have to. One reason is that I have to test websites on Chrome. I can either run it on a virtual machine or disable the updater as you suggest.
I certainly understand the desire to rage kill google software update because they messed up, but people shouldn't actually do this because they'll be vulnerable to all future malware that targets chrome. And this varsectomany bug will never happen again.
This is not rage-killing. I've been doing this for several years because Keystone is a ridiculous resource hog and I fundamentally disagree with the notion that any software should be allowed to run (much less change the configuration of) my machine without my explicit permission. I'm willing to stay on top of the malware situation and update Chrome manually. I wish I didn't have to, but Google leaves me no other option.
Why does Keystone exist? Everyone else can do updates without having a launch agent, so why does Google insist on doing it this way? Given it deleted such a vital link, security looks to be compromised with this method.
Why did this happen in the first place? Why are you modifying system directories to the point where you can make an oopsie and brick entire machines? In what world is this okay?
You're missing the word "sorry" from your response.
My wife's a primary school headteacher (or K-12 as you say in the States). Her MacBook was disabled by this. Yes, she takes weekly backups, but schools don't have free money to spend on spare laptops for a few days' work, nor on unnecessary technician time to fix it. Fortunately I spotted this posting (thanks, HN poster!) on blearily checking HN this morning and instantly recognised this was what's happening.
Have some decency for the people whose lives you've just affected and apologise to them.
I understand the frustration, but please don't attack someone like this when they come to HN to supply information. It creates a hostile environment and disincentivizes people who have inside knowledge about a situation from showing up here. That makes HN a strictly worse place. It also breaks the site guidelines, which ask us all to Be kind, regardless of how strong and justified one's feelings are.
Understood. Difficult to get the tone right when a poster is clearly posting as a corporate spokesperson (esp. a first-time poster as here), but I'll consider that next time... though I'm rather hoping not for an omg-my-mac-won't-boot next time!
A truth stated passionately doesn't become false. A falsehood stated calmly doesn't become true. This is at the heart of why appeals to emotion are almost always logical fallacies.
I don't think dang is saying that the commenter was making false claims or anything. Just that it's very unlikely an upset comment will cause an overhaul in the google auto-update system. But it is very likely an upset comment will scare developers away from commenting on future situations like these. It just affects the health of HN negatively while not affecting Google. There's probably a reason norberg chose to register and comment on HN and not somewhere else like Reddit.
Content is wrong or it isn't. Tone is a logical fallacy.
Your true statement that tone will often matter is an interesting discusson on society and education. That it is also relevent on a site otherwise dedicated to intelligent discourse was the nugget I was hoping people would think about.
I'm addressing Google corporately. I presume @norberg is posting on behalf of his employers given that he states his job title immediately.
One of the first places "I'd" look? It's not my Mac. I'm not sure how many primary headteachers read Hacker News or have a spouse who does. I'm guessing <1%.
When the world's biggest software company actually bricks people's Macs with a software update, then "sorry" is the least I expect, frankly. But if you want to dismiss this with "dickhead", you do you.
> I presume @norberg is posting on behalf of his employers given that he states his job title immediately.
I'm torn on that one. I want direct communication to be possible without running it though PR or people with PR training, to improve response times especially in such "busy" situation. This requires us on the receiving end to be somewhat lenient. But on the other hand, I also don't find something better elsewhere, including the more official announcement[0] linked to. Thus this style seems like company policy and certainly deserves criticism.
eh? this is a mac bug. any software could trigger it. just happens that keystone is maybe the only one to be so dumb as to modify a system dir. that doesn’t excuse the root cause which lies in mac os.
The version of Keystone packaged with Chrome is not affected by this bug, so allowing it to reinstall Keystone will not recreate the issue.