Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Apes IE8, Adds Clickjacking, XSS Defenses

Posted by timothy on from the damn-dirty-apes dept.

CWmike writes "Google has announced that it added several new security features to Chrome 4, including two security measures first popularized (some later shot down as having 'zero impact') by rival Microsoft's IE8 last year. The newest 'stable' build of Chrome includes five security additions that target Web developers who want to build more secure sites, said Adam Barth, a software engineer on the Chrome team. The two aped from IE include 'X-Frame-Options'" a security feature that helps sites defend against 'clickjacking' attacks, and cross-site scripting protection.'"In Google Chrome 4, we've added an experimental feature to help mitigate one form of XSS [cross-site scripting], reflective XSS,' Barth said. 'The XSS filter checks whether a script that's about to run on a Web page is also present in the request that fetched that Web page. If the script is present in the request, that's a strong indication that the Web server might have been tricked into reflecting the script.'"

90 comments

  1. Thanks by iamapizza · · Score: 0

    Thanks for adding the security features to Chrome, developers at Google. That is all.

    --
    Always proofread carefully to see if you any words out.
    1. Re:Thanks by iamapizza · · Score: 1

      Would I have been so forgiving if it were IE that were late with their security additions?

      --
      Always proofread carefully to see if you any words out.
    2. Re:Thanks by RobertM1968 · · Score: 1

      Would I have been so forgiving if it were IE that were late with their security additions?

      I dunno... though I also dont know if this security addition works in IE8 either... ;-)

      --
      StarTrekPhase2 - The Five Year Mission Continues!
    3. Re:Thanks by Anonymous Coward · · Score: 0

      Thanks for adding the security features to Chrome, developers at Google. That is all.

      that's just plain ridiculous

    4. Re:Thanks by Jurily · · Score: 2, Funny

      I read it as "Chrome Apes, IE8 Adds Clickjacking"...

    5. Re:Thanks by sakdoctor · · Score: 1

      I hope this new Chrome security works on the clickjacking on google's own SERPs.

    6. Re:Thanks by GameboyRMH · · Score: 1

      Hahahaha! (the clickjacking happens when running searches while logged into a Google account).

      --
      "When information is power, privacy is freedom" - Jah-Wren Ryel
    7. Re:Thanks by Anonymous Coward · · Score: 0

      Agreed. The only people I want stealing my personal data are the good folks at Google.

  2. Chrome Apes? Moronic Monkies? by syousef · · Score: 2, Funny

    Anyone else getting flashbacks from Planet of the Apes?

    Is that the new code name for the next version of Chrome? Ubuntu Panhandling Panda, now featuring Chrome Apes! Download now! Steve Balmer your Monkey Boy days are numbered, so dance while you can, it's the year of the Google Desktop.

    --
    These posts express my own personal views, not those of my employer
    1. Re:Chrome Apes? Moronic Monkies? by Anonymous Coward · · Score: 0

      FYI, "to ape" also means "to imitate", although this does not seem to be frequently used.

    2. Re:Chrome Apes? Moronic Monkies? by Velska1 · · Score: 1, Insightful

      Believe me, it's used frequently enough for any fluent speaker in conversations, let alone native speakers. It's an old one, besides, I found it in a dictionary from the 1950s.

      --
      Every problem has a solution that is simple, easy and wrong. Selling our Liberty for a little Security is a much too de
    3. Re:Chrome Apes? Moronic Monkies? by jez9999 · · Score: 3, Insightful

      I'm a native English speaker and it seems like a bizarre, stupid usage of the word to me. But then, Slashdot headline have always had trouble making sense.

      --
      == Jez ==
      Do you miss Firefox? Try Pale Moon.
    4. Re:Chrome Apes? Moronic Monkies? by Anonymous Coward · · Score: 0, Offtopic

      I'm a native american, you insensitive clod!

    5. Re:Chrome Apes? Moronic Monkies? by cheesewire · · Score: 1

      The kids aped the apes, the apes aped the kids. The kids went ape.

    6. Re:Chrome Apes? Moronic Monkies? by VON-MAN · · Score: 1

      I'm no native English speaker but I know it's an normal English word. However, I've never heard someone use it when revering to software. And it sounds really derogatory. So yes, it's a weird use of the word.

    7. Re:Chrome Apes? Moronic Monkies? by Anonymous Coward · · Score: 0

      This is a perfectly common use of the word ape. When satan is referred to as 'the ape of god', it doesn't mean he's some kind of evil gibbon.

    8. Re:Chrome Apes? Moronic Monkies? by thetoadwarrior · · Score: 1
      http://www.google.co.uk/search?q=define%3A+ape

      # any of various primates with short tails or no tail at all
      # imitate uncritically and in every aspect; "Her little brother apes her behavior"
      # copycat: someone who copies the words or behavior of another
      # caricature: represent in or produce a caricature of; "The drawing caricatured the President"
      # anthropoid: person who resembles a nonhuman primate

      You can thank me for the free English lesson later.

    9. Re:Chrome Apes? Moronic Monkies? by thetoadwarrior · · Score: 1

      It's mainly because English is being dumbed down and internet is a breeding ground for dumb English so you aren't very likely to hear decent English. Hell, even I could afford to read everything before I press submit.

    10. Re:Chrome Apes? Moronic Monkies? by thetoadwarrior · · Score: 1

      This is purely a guess and probably full of shit but I would assume it comes from the fact that monkeys and apes will often mimic humans and their movements so it makes perfect sense.

    11. Re:Chrome Apes? Moronic Monkies? by DMUTPeregrine · · Score: 1

      Some monkeys & apes are known to imitate others. Thus, to "ape" someone/thing is to imitate it. It's not derogatory or a particularly odd use, just less common now than it used to be.

      --
      Not a sentence!
    12. Re:Chrome Apes? Moronic Monkies? by VON-MAN · · Score: 1

      "Some monkeys & apes are known to imitate others."
      "to "ape" someone/thing is to imitate it"

      Thanks yes. I always thought that to be common knowledge.
      However, "ape" & "imitate" in google gives me a link to "www.thefreedictionary.com" where "to ape" is defined as "To mimic slavishly but often with an absurd result."

      And that's exactly what I was trying to say earlier: it's a pretty negative way of describing behavior. But then to use it in the context of software? Ridiculous! Software doesn't ape, or imitate. It emulates or re-implements. I really think it's a silly little article.

    13. Re:Chrome Apes? Moronic Monkies? by syousef · · Score: 1

      What is wrong with people? I made a joke, and they assume I don't understand the context? WTF?

      --
      These posts express my own personal views, not those of my employer
  3. Gayfield Penishands - The Movie! Soon at IMDB.com by Anonymous Coward · · Score: -1, Offtopic

    G4yfield P3nishands is a touching film about a 29 year old g4y emo man, with long p3nises for fingers. In the tradition of Edward scissorhands, we bring you:

    G4yfield P3nishands

    Watch as G4yfield stumbles around in his world where his p3nis fingers get him in all sorts of michief. With every simple sneeze, volcanic mayonnayse storms erupt.

    Will G4yfield P3nishands live a fruitful life? Is he to find love?

  4. Re:Gayfield Penishands - The Movie! Soon at IMDB.c by Anonymous Coward · · Score: -1, Offtopic

    g4y emo man

    No Wynona Ryder.
    FAIL.

  5. security by obscurity by Anonymous Coward · · Score: 0

    security by obscurity... just imagine how many developers will be baffled by this behavior, spending hours trying to find out what is wrong with their code...

    1. Re:security by obscurity by Lillebo · · Score: 1

      Probably because most "developers" are clueless script kiddies to begin with.

    2. Re:security by obscurity by Goaway · · Score: 1

      just imagine how many developers will be baffled by this behavior

      Imagining...

      Done. Zero developers were baffled.

      Imagining complete.

    3. Re:security by obscurity by Runaway1956 · · Score: 1

      I've had that thought a time or two, but never voiced it. Why don't we run a poll, and find out how many developers actually develop anything, and how many just tie scripts together, like the guy at the circus who makes dogs and horses out of balloons. It could get interesting!

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
  6. but what about jQuery? by Anonymous Coward · · Score: 0

    I'm interested into how this ties in with commonly used external scripts, such as the jQuery and Yui frameworks which are commonly fetched from their respective servers, rather than hosted locally on the server of the website, so they're cached etc.

    1. Re:but what about jQuery? by MemoryDragon · · Score: 1

      Hehe I am pretty sure this feature is disabled if you fetch the Google build of those scripts from the cloud...
      (

    2. Re:but what about jQuery? by Goaway · · Score: 1

      It does not affect that in any way whatosever.

    3. Re:but what about jQuery? by WiFiBro · · Score: 1

      I assume (danger!) that they are only looking for XSS in the GET, POST and COOKIE input.

  7. Cross-site scripting by commlinx · · Score: 4, Interesting

    Recently I starting doing a bit of web development after being out of the loop for a while. I was working on a project and it was convenient to have the XHTML / JS running on my development machine while doing a few AJAX calls to my development server. After it failed at first I found I could add Access-Control-Allow-Origin: * to the HTTP header to allow cross-site access.

    It made we wonder if you wanted to exploit cross-site vulnerabilities couldn't you setup a proxy in the middle that returned information from the original site but added that to the header? Anyway just got me wondering and maybe someone more knowledgeable could comment on it.

    1. Re:Cross-site scripting by NNKK · · Score: 4, Insightful

      At that point you're already a man in the middle and can send whatever you want to the browser, why on earth would you need to exploit XSS vulnerabilities?

    2. Re:Cross-site scripting by icepick72 · · Score: 1

      Maybe men in the middle have a particular fetish for that kind of attack.

    3. Re:Cross-site scripting by TorKlingberg · · Score: 4, Informative

      If you are going to use Access-Control-Allow-Origin you should probably be aware that it is very new, and many browsers out there do not support it. Firefox added it in version 3.5.

    4. Re:Cross-site scripting by MrCoke · · Score: 1

      Because you want to do something "useful" instead of just snooping?

    5. Re:Cross-site scripting by Quantumstate · · Score: 1

      No you are missing the point. The man in the middle can modify stuff going through so they just change the page itself rather than trying to use fancy XSS attacks.

  8. Stay classy /. by WiiVault · · Score: -1, Flamebait

    A few potentially good ideas somehow changes a decade of standards abuse and generally shitty security? I hope the submitter realized that the only reason MS even bothered with any of this is thanks to them getting an ass pounding over the last few years for not giving a shit about security. Your welcome MS drones.

    1. Re:Stay classy /. by 1s44c · · Score: 3, Insightful

      I hope the submitter realized that the only reason MS even bothered with any of this is thanks to them getting an ass pounding over the last few years for not giving a shit about security. Your welcome MS drones.

      MS have never got the 'ass pounding' their security record has earned. If the security problems they cause cost them just 1% of what they cost their customers they would be bankrupt fairly quickly.

      Software is weird, where else would you not be responsible for the faults in the products you sell?

    2. Re:Stay classy /. by Anonymous Coward · · Score: 1, Insightful

      Because if you were, you probably wouldn't be able to purchase the software as it'd be seriously more expansive than it is today.

    3. Re:Stay classy /. by Anonymous Coward · · Score: 0

      expensive != expansive

    4. Re:Stay classy /. by Kevin+Stevens · · Score: 2, Insightful

      Your house is seriously insecure, even if you have a steel door and have window panes are made of bullet-proof glass, you probably live in a stick frame building where a drill and a sawz-all can gain me access to the interior in an hour or two. Yet no one seems to get excited about the insecurity of our houses.

      When our houses get robbed, we recognize that the wrongdoing is being done by the criminal. Yet when our computers are hacked, we place the wrongdoing on the provider of the software.

      I have never really understood why software is held to such lofty standards, particularly on consumer desktops. It would be one thing if file sharing of your entire filesystem was enabled by default in typical software, but lets be real- hacks these days require really clever methods to exploit systems, and if it wasn't for very intelligent, very dedicated people constantly pounding and poking our software, we wouldn't have to worry at all. Yet an uneducated teenager can break into a house in a few minutes with little more than a stick to break a window, and we seem to all go about our day without any outrage at all.

      I just don't understand this.

    5. Re:Stay classy /. by mister_playboy · · Score: 1

      Breaking into a house requires the criminal to be at the house physically and people understand that. Breaking into a computer can take place from virtually anywhere and that seems much more abstract. Since most people don't understand exactly what happened to allow the criminal access, they place the blame with someone who they assume does understand, the software manufacturer.

      If a little kid gets hurt and you try to comfort them, they often get angry at you, at least briefly. Same basic idea.

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
    6. Re:Stay classy /. by 10101001+10101001 · · Score: 2, Interesting

      Your house is seriously insecure, even if you have a steel door and have window panes are made of bullet-proof glass, you probably live in a stick frame building where a drill and a sawz-all can gain me access to the interior in an hour or two. Yet no one seems to get excited about the insecurity of our houses.

      In large part because, as you point out, it's impossible to make a house physically secure (although security guards can hypothetically do a good job). Similarly, it's impossible to make a computer physically secure (after all, it's in a house or building and those security guards still aren't perfect). Meanwhile, software, being a virtual good, can actually provide absolute security within the confines of the computer that runs it being physically secure. Hence, there's a higher standard held on software.

      When our houses get robbed, we recognize that the wrongdoing is being done by the criminal. Yet when our computers are hacked, we place the wrongdoing on the provider of the software.

      No. In both situations, the wrongdoers are the criminals. The issue comes to the point, really, of whether any blame can be put upon the constructor of your house (or its parts) and the constructor of your computer (or its parts). For homes, if someone sold a lock that, as sold, should be reasonably able to stop being hacksawed through was in fact hacksawed through, you'd still have reason to blame the lock maker. Similarly, software that is clearly defective against what it reasonably should block would leave blame upon the software maker. The issue, then, is merely that Microsoft (and most software makers) regularly admit their software is faulty (the need for Windows Update). The only real thing left, then, is to point out that Microsoft has such a poor reputation, no person should reasonably expect their software to be secure; if that's your position, I agree that blame is being badly cast on Microsoft.

      I have never really understood why software is held to such lofty standards, particularly on consumer desktops. It would be one thing if file sharing of your entire filesystem was enabled by default in typical software, but lets be real- hacks these days require really clever methods to exploit systems, and if it wasn't for very intelligent, very dedicated people constantly pounding and poking our software, we wouldn't have to worry at all. Yet an uneducated teenager can break into a house in a few minutes with little more than a stick to break a window, and we seem to all go about our day without any outrage at all.

      Again, software can be actually made secure. Most the "easy" exploits have been fixed because they are actually fixable. There's nothing you can do to prevent a teenager from being able to break into a house (well, not legally, anyways); you can in many states/areas shoot the teenager after they enter. The comparison is rather apple and oranges.

      --
      Eurohacker European paranoia, gun rights, and h
    7. Re:Stay classy /. by forgottenusername · · Score: 1

      Locking your front door and window is merely a deterrent to your fairly normal, average civilized person. It's illusionary security, a social construct that says "hey, this is private, keep out". Same thing with passwords on accounts and firewalls.

      Software is held to lofty standards because people don't understand it and blindly have faith in OS vendors, AV vendors etc to magically keep them safe. So when those software companies fail to protect them from threats they don't even really understand they get angry as only ignorant people who got duped can get ;)

    8. Re:Stay classy /. by hairyfeet · · Score: 1

      While I agree the users blame the OS the problem with that is as a PC repairman I'd say a good 9 out of 10 infected PCs I have come across my desk can be traced back to PEBKAC. It doesn't matter how many times you warn them, if you wave a cookie in their face they WILL ignore any and all warnings and go around all your nice defenses.

      So I would say it isn't the OS it is the user. Just to see if it would help I put one of my PEBKAC customers on Linux. He was one of those "hot pron" guys that would click on anything that had the word porn in it. Did Linux help? Nope, he completely borked the machine in less than a week, to the point the thing wouldn't even boot. How did he manage? He decided he didn't like the package manager and instead Googled "Cool Linux Programs" and then went and installed a bunch of crap he found on Freshmeat and ended up in dependency hell. As they said in Forrest Gump "Stupid is as stupid does". No matter how much you try to idiot proof a box as long as you are not allowed to lock them into a thin client situation the idiot WILL find a way to fuck things up.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  9. Moderation abuse 101 by WiiVault · · Score: 1, Offtopic

    Off topic? The summary is pure troll.

    1. Re:Moderation abuse 101 by Anonymous Coward · · Score: 0

      Hi

      I am an Anonymous Coward / troll and I would like to apply for the position of new Slashdot meme creator.
      I have many valuable ideas that regular members will find amusing and informative. My first idea is the 'I just farted' meme in which a user adds a semi-useful comment onto a discussion and then concludes with "BTW, I just farted." Hilarious!

      I hope this meets with your approval.

      BTW, I just farted.

      Regards

      AC/t

  10. Powerful M2TS Converter by johnismile · · Score: -1, Troll

    Hi, do you want to convert your M2TS files created by your Sony Camcorder and enjoy them on your Mobile Phone? With this powerful M2TS Converter to convert m2ts to mp4 Really nice software, just have a try now.

  11. Chrome Apes IE8, Adds Clickjacking, XSS by SharpFang · · Score: 0, Offtopic

    Defenses

    I like how Slashdot renders that headline.

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  12. Dumb article by Undead+Waffle · · Score: 5, Insightful

    Oh my god Chrome is copying IE by supporting for the http header X-Frame-Options that Microsoft wants web developers to start using. Don't they know you're supposed to invent your own browser-specific variation of what your opponent implements?

    I also like how they mention Chrome added 5 security features but they only cover the 2 that are already in IE.

    It's nice that all of the browsers are adding security features but can we cover one of them without focusing on who did what first?

    1. Re:Dumb article by Anonymous Coward · · Score: 0, Troll

      It's nice that all of the browsers are adding security features but can we cover one of them without focusing on who did what first?

      No. The lineage of any technology is always mentioned.

      Why is it a problem for you?

      It's actually kind of funny that Google releases something that MS initially did: Google copies Microsoft. Google is showing no imagination. First their own OS, Browser and now security features that MS originally put in their browser. What's this with Google?

      Did I mention that Microsoft were the first to put these needed security features? Of course when they did it, it wasn't needed, but apparently, their Goodness Google thought differently.

      Just what are the Microsoft haters going to do?

    2. Re:Dumb article by Robert+Zenz · · Score: 4, Insightful

      Google copies Microsoft. Google is showing no imagination. First their own OS, Browser and now security features that MS originally put in their browser.

      I didn't knew that MS invented operating systems and browsers, and when you write your own that you're copying from MS.

    3. Re:Dumb article by psetzer · · Score: 1

      I'm going to savor the day when there's an article about this awesome new feature in the Linux kernel that uses hardware encryption to verify the integrity of loaded kernel modules and prevent rootkits.

      --
      "Anyone who attempts to generate random numbers by deterministic means is living in a state of sin." -- John von Neumann
    4. Re:Dumb article by Anonymous Coward · · Score: 0

      I know , patent law is pretty tricky that way.

    5. Re:Dumb article by the_B0fh · · Score: 1

      doesn't tivo already do this?

  13. Protection on other browsers by pmontra · · Score: 4, Informative

    This post of NoScript's author Giorgio Maone dates back to one year ago and goes into the details of X-Frame-Options. His point seems to be that if you have JavaScript enabled, there are well-known ways to achieve the same result, unless you use IE (they can be circumvented). If you don't have JS enabled, NoScript on Firefox is already giving you the same degree of protection. Anyway (this is me) adding that level of protection by default on all browsers looks a nice thing to have.

  14. Ads by 1s44c · · Score: 2, Funny

    If Chrome can't block ads it's not ready for the internet. It doesn't matter what else it does and doesn't do, blocking stupid flashing graphics is the main function of web browsers these days.

    1. Re:Ads by Anonymous Coward · · Score: 0

      Don't expect this to be added to Chrome anytime soon. Why would Google help you block their main source of income?

    2. Re:Ads by StripedCow · · Score: 1

      Chrome is open-source, right? Anybody else could add this to Chrome.

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    3. Re:Ads by Ranzear · · Score: 2, Informative

      You're easily a month behind on this. https://chrome.google.com/extensions

      --
      Slashdot: Where opinions are just opinions until you have mod points.
    4. Re:Ads by mister_playboy · · Score: 5, Informative

      For users familiar with the ad-blocking in Firefox or Opera, Chrome's ad-blocking extensions are terrible in comparison. They don't render the ad, but they still waste bandwidth downloading it, negating half of their value.

      Chromium doesn't include a provision for real element blocking, so this issue would have to be dealt with in the browser itself, not just in the extensions.

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
    5. Re:Ads by W3bbo · · Score: 2, Insightful

      Some 'adblocker detection' services may flag your client if they see you've downloaded the page, but not the associated ad content, so they know your browser isn't displaying the ad, but if the client does download it they have no way of knowing if it's being rendered or not, short of using a DOM-inspection script. With the exception of Flash video adverts, I've never had any bandwidth problems with banners, except for those off-site advert scripts that delay the page loading.

    6. Re:Ads by Goaway · · Score: 1

      Well, then, I guess that means Chrome is ready for the internet, huh.

    7. Re:Ads by yuhong · · Score: 1

      Yep, I remember this article on Slashdot about it:
      http://tech.slashdot.org/story/09/12/17/1436257/Google-Says-Ad-Blockers-Will-Save-Online-Ads
      Also, note that part of why Larry and Sergey chose to use text ads for Google is that they found banner and pop-up ads annoying.

    8. Re:Ads by badkarmadayaccount · · Score: 1

      Do they follow the transfer through? Or can you stop it at the first byte?

      --
      I know tobacco is bad for you, so I smoke weed with crack.
    9. Re:Ads by JThundley · · Score: 1

      Here's how I block flash: Never install it in the first place.

      It's foolproof and works on all sites!

  15. What's the need for all this security stuff... by Hurricane78 · · Score: 2, Insightful

    ...when Google goes ahead, tracks your every move, and sells it to the same crooks anyway?

    (Not trolling here. As far as I heard, Google does track everything. And as far as I know, Google does sell that information to advertisers as its main business. Finally, as far as I know, those advertisers include all those spamming crooks and their friends.)

    --
    Any sufficiently advanced intelligence is indistinguishable from stupidity.
    1. Re:What's the need for all this security stuff... by StripedCow · · Score: 2, Insightful

      And as far as I know, Google does sell that information to advertisers as its main business

      Not so sure about that... in their privacy statement, they say that they inform advertisers only about the number of times their ads were clicked (that is, in total, thus no information about individual clicks is released).

      --
      If Pandora's box is destined to be opened, *I* want to be the one to open it.
    2. Re:What's the need for all this security stuff... by couchslug · · Score: 1

      "...when Google goes ahead, tracks your every move, "

      https://addons.mozilla.org/en-US/firefox/addon/3173

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    3. Re:What's the need for all this security stuff... by Anonymous Coward · · Score: 4, Informative
      Add .google-analytics. to your AdblockPlus rules. Then install the Better Privacy extension. Finally, remove all existing cookies from Google and make sure that in future the permissions are set to 'Block'. Done, Google is not tracking you anymore.

      (I work at Google, hence posting as AC.)

    4. Re:What's the need for all this security stuff... by thetoadwarrior · · Score: 1

      I'm glad no one else is tracking me and that Bing doesn't use the same tactics. If you don't like being tracked then you should attack everyone rather than just the guy on top who will just end up being replaced by someone doing the same exact thing.

  16. Adblock works fine in Chrome by brunes69 · · Score: 2, Informative

    I have Adblock and a ton of other extensions working just fine in Chrome. Just use the testing / developer streams which have plugin support.

    1. Re:Adblock works fine in Chrome by Anonymous Coward · · Score: 0

      Or, even better, just use the latest stable release. Chrome 4 went live a few days ago.

  17. Chromium blog post on the new security features by Anonymous Coward · · Score: 0

    Chromium blog post on the new security features, some of which are rather interesting

  18. bit34 by Anonymous Coward · · Score: -1, Offtopic

    formed his own company a 2 I know i7 sux0rs, survey which [idge.net] things 1n YOU CAN. WHEN THE

  19. Off topic: In regards to the facebook icon... by Antiocheian · · Score: 0, Offtopic

    ... and the twitter icon as well, appearing on every story and even on my own journal:

    fuck off Slashdot.

    1. Re:Off topic: In regards to the facebook icon... by rgo · · Score: 1
      Take it easy gramps... they're making it easier for us to share interesting things in other networks. If you don't wanna share, then don't click the icons.

      It's not like they are showing tweets with the comments...

    2. Re:Off topic: In regards to the facebook icon... by mister_playboy · · Score: 2, Funny

      It's not like they are showing tweets with the comments...

      Please don't give them any ideas!

      --
      Do what thou wilt shall be the whole of the Law ::: Love is the law, love under will
    3. Re:Off topic: In regards to the facebook icon... by Antiocheian · · Score: 1

      You think that my problem is clicking the icons ? These are adblocked. You think if you wanted to share interesting things in other networks you couldn't greasemonkey them yourself ? Of course not.

      It's that they facilitate people who wish to share "interesting things" on gossip networks that bugs me.

  20. late? by Anonymous Coward · · Score: 0

    What's "late" about it? This isn't a fix for a security hole, it's a heuristic that helps cut down on some attacks. There is no strict need to implement it, it's just a "would be nice" feature.

  21. Mod parent up please, very informative! by e2d2 · · Score: 1

    Mod parent up please, very informative!

    1. Re:Mod parent up please, very informative! by badkarmadayaccount · · Score: 1

      Better - EasyList+EasyElement (USA), EasyPrivacy+Cederics Liste, Malware Domains subscriptions. Though Some sites - not only porn sites - mange to get passed that. I'm stumped why.

      --
      I know tobacco is bad for you, so I smoke weed with crack.
  22. Does it install in 'program files', on Windows? by Midnight+Thunder · · Score: 1

    Can anyone tell me whether it finally installs in 'program files', on Windows XP? I haven't been able to find a way with the previous versions, and this is my only hurdle to installing it on my work PC due to the anti-virus rules.

    --
    Jumpstart the tartan drive.
  23. No thanks, no more Chrome for me. by cheros · · Score: 1

    I stopped using Chrome. It comes from a supplier that sees privacy as a problem, and I don't feel I have enough control over what it does with the information it gains from my surfing - that's also why I don't use Google DNS. I also have no idea how to switch the "referrer" information off (in FF that's quite easy).

    So, personally I don't give a damn what Chrome (or any other Google app) does. I prefer FF, even when I switch to OSX later this year (yes, I'm switching control freaks :-))..

    --
    Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
  24. That's good, but work on usability too please by Daetrin · · Score: 1

    Improving security is great, but they really need to keep working on usability as well! I just installed Chrome for the first time yesterday and have been playing around with it. It seems pretty speedy but the UI is a bit weird.

    The lack of a title bar seems kind of weird. I don't know what they were going for with that, but it's the only window on my entire machine and it stands out, and not in a good way. At one point i tried adding a new tab while waiting for visual studio to start a debug session, and the UI hung up for a little bit, and for a few brief seconds Chrome acquired a title bar. I actually thought it looked better that way. A couple minor aesthetic gripes. I may eventually get used to having the tab bar above the toolbar, though currently it seems pretty funky to me.

    I haven't done a side-by-side comparison with Firefox yet, but my initial rough estimates seem to be that Chrome uses at least 75% as much memory as Firefox, possibly more, and at least as much virtual memory. I find the fact that Chrome has about 40 process running right now to be rather awkward, but hopefully it at least means that when i start closing large numbers of tabs that the memory will actually be released (unlike Firefox.)

    The biggest problem however is the tab bar. Personally i don't like having new tabs open in the middle of the bar, screwing up the ordering, but it was easy to find an extension to fix that behavior. However if you open up a lot of tabs they just get smaller and smaller until you can't see what each of them is anymore. And to my further frustration there's no way to access a list of the tabs. There are a couple extensions that offer some kind of tab index, but nothing that presents a simple list like in Firefox.

    After a little searching i found out the reason for these problems in a Chromium blog post. The designers are approaching the UI design from a heavily aesthetic angle. Which is good in theory, but they're also being fanatical about it. If they don't think a feature is aesthetically correct but can't think of a more aesthetically pleasing way to implement it they just won't implement the feature at all, even though they admit that the lack of that feature causes usability problems!

    And to wrap it all up, they say "In all of these areas we've resisted adding options to control behavior. Keeping our set of options minimal is a good forcing function for us as user interface designers to come up with the right approach, since we never rely on the crutch of making the user decide what we were unable to."

    Well i hate to tell you guys, but it doesn't seem to be working really well as a "forcing function" given that you've crippled an important part of the UI while dithering about what the "best" way to implement it is. The blog post was made a year ago and they apparently still haven't found a solution! And i find it very aggravating that they feel once they've come up with the "right" approach they don't want to provide options to do it any other way. Clearly if the user has a different aesthetic sense than the designer then the user is wrong! I've dealt with designers like this on projects before, and trying to convince them that the users can legitimately have a different opinion is a very frustrating task.

    I remember the painful process of Firefox developers trying to get their tab bar into a useful state under similar circumstances. Perhaps their solution isn't 100% aesthetically appealing to the Chrome designers, but it undeniably _works_, and leaving the users hanging while they try to figure out something more "aesthetically" and "spatially" pleasing seems like pure egotism to me.

    --
    This Space Intentionally Left Blank
    1. Re:That's good, but work on usability too please by Anonymous Coward · · Score: 0

      I like this post, it's critical but constructive and well thought out.

      It's also wrong. I don't like to nit pick at each point separately but your complain with chrome is basically you don't like how it looks. That's fine an all but we all know you won't please everyone.

      I like that there is no title bar, I like the way tabs open. The memory that chrome uses is excellent, simply because you can get it back. I could go into length about how you might have measured the memory wrong or why it doesn't matter or how clever it uses it but.

      I feel the important thing to remember is now that there is so much choice, pick what you like. Trying to get aesthetics changed is impossible because someone else is going to complain, you need to think about the reasons for the changes, e.g.

      No title(full) bar? - If your using a widescreen view, and extra 20-30px that bar takes up pretty much needlessly is great, and no status bar at the bottom.

      That's the example I'm going with anyway.

      Want to know the killer feature for me? Closing tabs. closing multiple tabs means leaving your mous over the X, clicking the correct amount of times. Firefox I've got to click twice the amount because it ignores the second click for some reason if it's over the X already, and if the tabs resize i've gotta move my mouse and onto the X again. Yes I find this annoying.

    2. Re:That's good, but work on usability too please by Daetrin · · Score: 1

      I should have put the "A couple minor aesthetic gripes. I may eventually get used to [them]" part at the top of the paragraph talking about aesthetic stuff, that was bad editing on my part and confused things, sorry.

      I agree with you that they can't fix the aesthetics to please everyone. I'm hoping that changes like that will be something that's easy to implement in extensions later.

      The part i'm more concerned about is the usability issues i talked about further down, particularly in regard to tabs. Like you said, they've improved some part of the tab interface in regards to Firefox. The fact that they then turned around and rejected usability features that Firefox perfected a long time ago in the hopes of _eventually_ implementing something better and more aesthetically pleasing is not okay in my book. If they had a way to handle large numbers of tabs other than a sliding tab bar and a drop down index that might be a little frustrating to those of us who preferred the old way, but it would be bearable. Getting rid of the old way but not replacing it with anything is just maddening, as is insisting that they're not going to add options because giving us a choice would indicate they had failed to find the "one true way." It is unrealistic, and somewhat hubristic, to believe that there is actually a "one true way" that is perfect for _everyone_ and that they will be the ones to find it.

      --
      This Space Intentionally Left Blank
  25. Chrome 4? by anexkahn · · Score: 1

    By this time next year we will be on Chrome Version 17!

    --
    Curious about Storage and Virtualization? Check out