Gmail Calendar Documents Reader Web more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Chromium-discuss
Home
+ new post
About this group
Join this group
Message from discussion When will the Google Updater src code be available?
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Stellit  
View profile  
 More options Sep 5 2008, 5:14 am
From: Stellit <stellit.s...@gmail.com>
Date: Fri, 5 Sep 2008 11:14:17 +0200
Local: Fri, Sep 5 2008 5:14 am
Subject: Re: When will the Google Updater src code be available?
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
just use chromium nightly build rather than chrome from google.com/
chrome. Chromium nightly build is more "safe" than chrome from google  
side.
And you'd better update chrome ur self rather than "Updater".

regards,
Stellit

On Sep 5, 2008, at 11:02 AM, boardrai...@googlemail.com wrote:

> If you're using the official web installer (see http://www.google.com/chrome/?hl=en)
> to get Google Chrome, in addition another program will be downloaded
> and installed on your box - the Google Updater. This small tool
> resides permanent in memory and stays even active if you choose to
> abandon Chrome by uninstalling it (maybe fixed somehow in the future).

> So lets have a small look on the Google Updater:
> If you're checking for an update for Chrome (via menu) the Google
> Updater gets active. It sends a HTTP(!) request to tools.google.com.
> The request header looks like this:

> POST /service/update2?
> w=3:u33IULhCnzW9wBlvFrT1ILtFQDuzPkshhzt4Ls93HeJd-8fXB3LeeTgd1N7b-
> eztU3eD5K5opEFOGELtUyYOwOhZgICKNaE3PRN4TQlxmKYrF9sKyxty86kTrPZTm_2JgXUYrflv MJqFSjILxaPDUkLjd7Av
> -7aMnJqXDOSlQxY
> HTTP/1.1
> If-Match: "zwx7omnGt-2HnRyZbaA4wDP1Ff4"
> Cookie: c=ANcH4TLRgw9du6N-
> l77_wxbdFP6AX1f7xGBJ0WhXdyPM4PmnObRJKgRdv-7fI465UpSlRX8meBCQ14WZrn3jt-
> hheBM2PCfw2g
> User-Agent: Google Update/1.2.131.11;winhttp;cup
> Host: tools.google.com
> Content-Length: 558
> Connection: Keep-Alive
> Cache-Control: no-cache
> Pragma: no-cache

> The request data contains some interesting xml markup:

> <?xml version="1.0" encoding="UTF-8"?>
> <o:gupdate xmlns:o="http://www.google.com/update2/request"
> protocol="2.0" version="1.2.131.11" ismachine="0"
> machineid="{6BDEBB78-7CA6-4529-826F-BE8262C42075}"
> userid="{11660812-092F-437C-95A4-8766595570E4}"
> requestid="{43C554F0-A20A-4598-93AF-FAC026AAD1A3}">
> <o:os platform="win" version="5.1" sp="Service Pack 2"/>
> <o:app appid="{8A69D345-D564-463C-AFF1-A69D9E530F96}"
>  version="0.2.149.27" lang="de" brand="CHMG" client=""
>  installsource="ondemandcheckforupdate">
>  <o:updatecheck/>
>  <o:ping active="1"/>
> </o:app>
> </o:gupdate>

> If attributes like machineid or userid raise your eyebrows, you'll
> start to investigate a little bit more. A quick look up in your
> Windows Registry reveal some new stored keys (among others).

> HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\mi
> HKEY_CURRENT_USER\Software\Google\Update\ui

> Flying through the src of chromium I couldn't locate code that is
> responsible for creating these keys. Conclusion: the Google Updater
> must be the culprit. Seems as the Updater is tagging your system with
> a machine-id and your Windows user account with an user-id. These to
> values are send with each update request to the Google servers.

> This leads me to a few questions:

> Google claims Chrome respective Chromium is open source (see
> http://groups.google.com/group/chromium-discuss/msg/6376a7793f3f0051).
> What about the Google Updater? Where is the src code for this program?
> (Please point me to the right direction if I missed that out.)

> What's the reason behind tagging each box and each user account with
> such GUIDs? Where does Google document these features of the Google
> Updater? What about users that don't want to get tagged this way?
> (Yeah, I know about Mozilla doing something similar, but there are
> significant differences. And I know about the Chrome EULA - not the
> Updater EULA).

> Why does Google use HTTP instead of a HTTPS request? Ok, first I have
> to be glad about that fact, it made it easier to get the request
> details. But for the future it seems to be more secure to use HTTPS
> for such purposes.

> Will the Google Updater be integrated with the Google Update Service
> used by Google Pack? Will this Google Update Service get open sourced
> too?

> How to configure the Google Updater? Where you can choose the update
> interval or choose to disable automatic update checks (besides
> renaming the .exe or disabling the auto-start for the Google Updater)?


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google