Tuesday, September 19, 2023

Google ending Basic HTML support for Gmail in 2024

Understandably they're saying little about it publicly, but word is getting around that Google's fast, super-compatible Basic HTML mode for Gmail will be removed in a few short months. "We’re writing to let you know that the Gmail Basic HTML view for desktop web and mobile web will be disabled starting early January 2024. The Gmail Basic HTML views are previous versions of Gmail that were replaced by their modern successors 10+ years ago and do not include full Gmail feature functionality."

There are also reports that you can't set Basic HTML mode now either. Most of you who want to use it probably already are, but if you're not, you can try this, this, this, this or even this to see if it gets around the front-end block.

Google can of course do whatever they want, and there are always maintenance costs to be had with keeping old stuff around — in this case, for users unlikely to be monetized in any meaningful fashion because you don't run all their crap. You are exactly the people Google wants to get rid of and doing so is by design. As such, it's effectively a giant "screw you," and will be a problem for those folks relying on this for a fast way to read Gmail with TenFourFox or any other limited system. (Hey, wanna buy a Pixel 8 to read Gmail?)

Speaking of "screw you," and with no small amount of irony given this is published on a Google platform, I certainly hope the antitrust case goes somewhere.

Tuesday, September 12, 2023

WebP chemspill patch on Github

A fix is in the TenFourFox tree for MFSA 2023-40, a/k/a CVE-2023-4863, which is a heap overflow in the WebP image decoder. Firefox 45 would not ordinarily be vulnerable to this but we have our own basic WebP decoder using Google's library, so we are technically exploitable as well. I was working on a fix of my own but the PM27 fix that roytam1 cherrypicked is cleaner, so I've added that patch and one two (a followup was needed) more for correctness. Although this issue is currently being exploited in the wild, it would require a PowerPC-specific attack to be successful on a Power Mac. You do not need to clobber to update your build.