Slashdot's biggest selling point, as it's always been, is the conversation the stories generate.
Exactly. And how does the new design reflect this?
On the new design it looks like you cannot link to a specific comment or thread. Check out your user page and look at your comment history. No links to comments, no comment scores.
I suppose comments are simply an unsightly appendage in their new "modern" design (they must clash with all the bullshit social media icons everywhere). Just think of all the "old cruft" they could get rid of if there were no comments: threaded layout, moderation, meta-moderation, karma, all users with a UID less than 7 digits, etc. Replace all that with a flat "top 20" comments listing and a little "Like this on Facebook!" button and it'll be nirvana.
It makes the comment section - which is a large part of the slashdot experience - seem like something tacked onto the end of a news article where people post one line responses.
I hope to hell someone with a say in the matter reads this and understands what it really means. I'll give you a hint:
If you make this change, you will kill Slashdot.
I'm not exaggerating even slightly. Many people spend time here to read and participate in the commentary. By shoehorning the comments into that tiny space beneath the article you're saying "comments aren't important", something which will in all likelihood be soon followed by "comments are a liability" and then "comments now require moderation before being posted". People tolerate the Slash-Bi(sexual) crap now because it takes a second seat to the real meat of the articles and commentary. By reversing those roles you're telling 85% of the active userbase that they're no longer welcome.
Whatever site is left after this change takes effect -- maybe it will make enough advertisement and tracking money to satisfy Dice, but it won't be Slashdot and it won't last a year. Remember what happened to Digg? Yeah, I didn't think so.
By the way, if anyone hasn't gone and looked at the comments section on an article, go look now and then tell me I'm wrong.
Seriously? I hated Why's Guide... it was stupid. I'm sorry. Just get to the point.
As someone not interested in learning Ruby I actually enjoyed reading Why's Guide. It's very creative and clever and fun. Why clearly has a talent for creative writing (and for drawing cute little foxes).
That said, would I use it as a way to really learn how to program in Ruby? Absolutely not. I'd much rather have something closer to an O'Reilly animal book, or Learn Python the Hard Way.
Lua's reference guide is great, but I prefer a bit more than just a language's grammar since part of learning a new language is understanding its "why" and "how" as well as the "what" (for me, at least).
Why not 'candybar', or whatever non-commercial name? Seems like a silly choice.
Well, probably because "candy bar" doesn't start with a K.
And I'm not sure I buy the "not familiar with" story. More likely somebody made an offhand suggestion of KitKat and marketing messed their shorts over the idea of "cross marketing opportunities".
Patents are, and should be, about technical issues only
Well, I'd have to say this fails on those merits as well. I fail to see how "show an advertisement based on message content" is either inventive or non-obvious to an expert in the field.
Oh, but they have a "computing device" and a "cloud". APPROVED.
Judging by the other replies, I seem to be one of the few people who actually finds the redesign to be easier to read. I always hated the old design, though I'm not a regular visitor of Yahoo Sports in any way. Come to think of it, that may be why - are we sure this isn't just a case of Change is Bad?
Really? A partially-transparent background with a huge colorful distracting picture of a stadium behind it is easier to read? The huge animated advertisement at the top and an unintuitive fixed nav bar on the left and a sometimes-floating-sometimes-fixed nav bar on the right? Are we sure this isn't just a case of Shiny is Good?
I know, replying to APK about magical hosts files is pointless, but here we go anyway:
Can you answer these two questions:
How many domains and subdomains does Facebook operate? Please make sure to include those added in the last 4 hours!
Can you enumerate every domain used to host advertising and/or malware on the planet? Please make sure to account for dynamically changing and the infinite number of wildcard domains!
If you cannot give me exact answers, then your hosts file method is useless and obsolete. Please wake up and stop peddling your crap here.
The ETag method is a clever solution to cookieless tracking. I find this method I stumbled upon a couple of weeks ago a bit startling. I had no idea the amount of information routinely sent from my browser/computer to web servers-- information about plug-ins, time zone, screen resolution, accepted headers, etc WITHOUT letting me know. It is enough to give more than 21 bits of identifying information and uniquely identifies me among the 3M visits.
Yep. It's absurd, and unfortunately many "privacy-enhancing" tools (for example, anything that alters the user agent) can actually make a browser more unique rather than less-so.
NoScript is an exception, and one that works very well. I know it's parroted on Slashdot a lot, but if you care about privacy and security on the web there isn't a single better option. Using Panopticlick on my browser as an example:
Without NoScript: Your browser fingerprint appears to be unique among the 3,316,576 tested so far. Currently, we estimate that your browser has a fingerprint that conveys at least 21.66 bits of identifying information.
With NoScript: Within our dataset of several million visitors, only one in 2,433 browsers have the same fingerprint as yours. Currently, we estimate that your browser has a fingerprint that conveys 11.25 bits of identifying information.
Still not great, but a lot better than unique. It's quite unfortunate that the web evolved with the assumption that arbitrary code may be executed in the browser. If we had started out instead with an opt-in approach to Javascript, I think things would be quite a bit better now in terms of privacy and security than they currently are.
Um, no. The sky is not falling. They reset the value of the pref. Big whoop.
about:config -> javascript.enabled = false.
You are a dumbass, and a part of the problem. A year from now they will remove the javascript.enabled option entirely because "nobody is using it because it's a hidden preference" and "we need to make room for more twitterbook bullshit".
Chances are you can still modify those options through the about:config page (I hope).
Removing an option from the UI is the first step to Mozilla deleting the option altogether. Look to autoHide tabs for an example of this already happening, and tabs-on-bottom planned on being removed. When they force tabs on top I will stop using/upgrading Firefox.
This is why I get pissed off by the asshats who say "don't complain about the UI option, you can change it in about:config". 1-2 years after the UI is changed, the option, in all its forms, will be gone.
Java is a brogrammer language. It's for people that find writing real programs, in real languages, too hard.
Well consider this your lucky day! With Java 8 you can now write JavaScript to run inside of Java! Sayeth TFA:
Netscape created a piece of software called LiveScript to allow for scripting on its Web servers. It decided to port it to its browser and needed a fancier name, so it licensed the Java trademark from Sun and called it JavaScript -- which would long promote the confusion that JavaScript had very much to do with Java. However, after the apAOLcalypse, some members of the 12 colonies of Netscape were not done and sought to continue Netscape's plan of rewriting their browser in Java. In order to do so, it needed to create an implementation of JavaScript in Java. Netscape called the project Rhino; as with turducken, ours is not to question but to enjoy.
So just in case the seemingly unquashable confusion between Java and JavaScript wasn't bad enough, it's about to get worse. But I guess you can't blame Oracle -- they heard you like to use JavaScript and Java, so now you can JavaScript with your Java while you Java with your JavaScript. Or something. Plus throw in some Node.js bullshit for good buzzword coverage.
While there are many places that it can be useful to run JavaScript from within Java....
Can't wait to use the new 046102 047111 005113 tag!
This would be funny if you were talking about HTTP instead of HTML, and if your "046102 047111 005113" were something contextually meaningful, like hexadecimal.
Application-level multiplexing avoids repeating TCP slow start when the user agent starts downloading additional resources in parallel, such as style sheet, script, and images, or when the user agent stops a download before it has finished.
That's what persistent connections in HTTP 1.1 are for. You know, that spec from 1999.
If you aren't bright enough to notice that an "ad" is not related to what you were searching for and ignore it, then you have more serious problems than worrying about whether the government is adequately protecting you from Google.
Did you intentionally misrepresent what the issue is, or are you just that obtuse?
Consider a (real-life example) search for "VLC". Most of the very popular software products (open source and otherwise) have had completely unaffiliated third-party companies take out advertisements with Google and Bing on their names. We're not talking about somebody stupidly ordering "100% REAL FOR SURE GUCCI BAGS" from some Chinese knockoff site. These are often intentionally misleading attempts to get people to download an executable (usually an installer filled with extra crap wrapped around the official VLC installer).
So what happens? You get "normal users" searching for "VLC" because their computer-smart relative told them it was a good way to watch their archive of MPG cat videos from 1998. They're told "Search Google for VLC. It should be the top result." And guess what, when they follow these instructions their computer gets crap installed (at best) or added to a botnet (at worst). The problem is compounded by the fact that many tech people use AdBlock and so don't even see the "sponsored" results most of the time.
I don't think many people are concerned about a search for "The Hobbit BluRay" turning up a sponsored result for an Amazon store page. That's fine and what people expect for search results advertising. It's when the advertisement is specifically targeted and intended to mislead that concerns are raised and that's exactly what the FTC's regulation is for.
Personally I think Google should take a more proactive role in open-source software downloads specifically. Searching for "VLC" or "Firefox" should not display any advertisements; instead, Google should recognize the popular open-source projects and display clear links to the official download sites. Anything else is near-complicity with malware peddlers.
If you'd bother to think a second before posting, what the OP meant was that you won't see the code of a GPL project being used as a general implementation reference standard. It wasn't a slam against the GPL, simply pointing out that the BSD license allows anyone to read and use the ideas in the code without much in the way of limitation or requirements. For example, a Microsoft engineer could read over the code for the BSD TCP/IP stack and then implement one for Windows using those ideas as a reference. That would never happen with GPL'd code because the license is more restrictive (again, not necessarily a bad thing).
(PS: Wordpress is a "blogging standard"? WTF does that even mean? That blogging software is by definition a mess of security holes?)
But they did at least one thing horribly, horribly wrong, and have at the same time managed to popularize it amongst many other products. Firefox jumped on board a while ago to some extent, but this new UI looks like they've gone balls-to-the-wall to "COPY CHROME" mode (just look at their new "Firefox menu" icon. It's a damned copy-and-paste of Chromes! What the hell! I don't understand why, but today's user interface designers are like marketing consultants -- they're all in a perpetual race to mindlessly emulate whoever seems to be popular at the moment. Usability studies, what are those?)
Anyway, the horrible misfeature is dicking around with non-client window areas (cutely referred to now as "chrome" so that it sounds unimportant and worth messing around with). It used to be a huge faux-pas in a professional well-designed system to screw around with things like window borders, title bars, system menus, caption buttons, etc. In fact, you could usually tell when a program was complete crap because it tried to make some horrible non-square window with an all custom-drawn non-client area.
Microsoft's best practices for Windows applications dictated for the longest time that you shouldn't mess around with or try to change the non-client area because of the horrible mess of UI inconsistency, user confusion, future fragility, and others (they still do but now just say you should "avoid drawing" there). However, now even they are embracing this stupidity, for example in Visual Studio 2012. Specifically the window caption buttons are a bastardized custom-drawn version of the Windows 8 buttons. What this means is that on Windows 7, if I repeatedly click where the Minimize caption button (to minimize all of my maximized windows), depending on where I click it, I will click the Restore button on programs that use the "normal" Windows 7 non-client area.
I despise the Chrome user interface and if Firefox keeps drunkenly stumbling down that same back alley of UI design then I'll finally stop using the browser. Their plan to completely remove the Addon Bar is another sign they're really only interested in becoming Chromium. My bet is that inside 2 years they'll drop Gecko completely and just adopt WebKit.
I think you misunderstood the entirety of this discussion thread. You might want to go back and re-read it. However, on this one point:
I shall bow to your mastery the picosecond you post a piece working code showing how to "read the entire contents of Firefox's private memory" from an unprivileged user process launched after Firefox started and without using any Firefox vulnerabilities to do it.
Assuming Firefox is running with the user's standard permission level (which is the default), ReadProcessMemory will allow you access to it's memory space. And barring that, you can always use CreateRemoteThread.
Both of these assume the processes are on an equal security context footing. If one is elevated or across a session boundary, etc, then it becomes much more difficult (but not impossible).
But for corporate users, a system level exploit allows things like installing sniffers and key loggers so that more passwords can be collected. Including the admin/root passwords.
Absolutely. What takes it to the next level is that most (effectively all) Windows sysadmins will log into workstations using their user credentials which are members of the Domain Admins group. If a standard user is able to gain administrative access on their computer and then get a sysadmin to log in to "look at a problem" (very easy), they will likely gain full control over the local domain. This includes the ability to distribute a malicious binary over the network to every computer in the domain, allowing them to collect personal credentials and information from every other person in the company.
Even without getting a Domain Admin to log into their workstation, there is potential for other security problems. For example, the user might extract the hashed passwords stored in the active directory credential cache which likely contains an entry for a Domain privileged user. They could then attempt brute force decryption on this (salted and hashed) cached password. With modern GPU farms such brute force attacks aren't as crazy as they used to be, especially if the password is weak.
Slashdot Mirror
Slashdot's biggest selling point, as it's always been, is the conversation the stories generate.
Exactly. And how does the new design reflect this?
On the new design it looks like you cannot link to a specific comment or thread. Check out your user page and look at your comment history. No links to comments, no comment scores.
I suppose comments are simply an unsightly appendage in their new "modern" design (they must clash with all the bullshit social media icons everywhere). Just think of all the "old cruft" they could get rid of if there were no comments: threaded layout, moderation, meta-moderation, karma, all users with a UID less than 7 digits, etc. Replace all that with a flat "top 20" comments listing and a little "Like this on Facebook!" button and it'll be nirvana.
It makes the comment section - which is a large part of the slashdot experience - seem like something tacked onto the end of a news article where people post one line responses.
I hope to hell someone with a say in the matter reads this and understands what it really means. I'll give you a hint:
If you make this change, you will kill Slashdot.
I'm not exaggerating even slightly. Many people spend time here to read and participate in the commentary. By shoehorning the comments into that tiny space beneath the article you're saying "comments aren't important", something which will in all likelihood be soon followed by "comments are a liability" and then "comments now require moderation before being posted". People tolerate the Slash-Bi(sexual) crap now because it takes a second seat to the real meat of the articles and commentary. By reversing those roles you're telling 85% of the active userbase that they're no longer welcome.
Whatever site is left after this change takes effect -- maybe it will make enough advertisement and tracking money to satisfy Dice, but it won't be Slashdot and it won't last a year. Remember what happened to Digg? Yeah, I didn't think so.
By the way, if anyone hasn't gone and looked at the comments section on an article, go look now and then tell me I'm wrong.
Seriously? I hated Why's Guide... it was stupid. I'm sorry. Just get to the point.
As someone not interested in learning Ruby I actually enjoyed reading Why's Guide. It's very creative and clever and fun. Why clearly has a talent for creative writing (and for drawing cute little foxes).
That said, would I use it as a way to really learn how to program in Ruby? Absolutely not. I'd much rather have something closer to an O'Reilly animal book, or Learn Python the Hard Way.
Lua's reference guide is great, but I prefer a bit more than just a language's grammar since part of learning a new language is understanding its "why" and "how" as well as the "what" (for me, at least).
hosting 32 terabytes of DRAM memory and up to 384 processor cores with 8-threads per core.
Good news everyone! There's finally a machine that can run a Minecraft server without throwing a java.lang.OutOfMemoryError!
This looks like fake to me.
Maybe this whole thing is a false flag false flag!! Did you ever think about that??
Oh no, of course not. You sheeple don't know how to spot a conspiracy even when it's hovering menacingly right over you.
Why not 'candybar', or whatever non-commercial name? Seems like a silly choice.
Well, probably because "candy bar" doesn't start with a K.
And I'm not sure I buy the "not familiar with" story. More likely somebody made an offhand suggestion of KitKat and marketing messed their shorts over the idea of "cross marketing opportunities".
"Key Lime" would have been a great name.
Patents are, and should be, about technical issues only
Well, I'd have to say this fails on those merits as well. I fail to see how "show an advertisement based on message content" is either inventive or non-obvious to an expert in the field.
Oh, but they have a "computing device" and a "cloud". APPROVED.
Judging by the other replies, I seem to be one of the few people who actually finds the redesign to be easier to read. I always hated the old design, though I'm not a regular visitor of Yahoo Sports in any way. Come to think of it, that may be why - are we sure this isn't just a case of Change is Bad?
Really? A partially-transparent background with a huge colorful distracting picture of a stadium behind it is easier to read? The huge animated advertisement at the top and an unintuitive fixed nav bar on the left and a sometimes-floating-sometimes-fixed nav bar on the right? Are we sure this isn't just a case of Shiny is Good?
I know, replying to APK about magical hosts files is pointless, but here we go anyway:
Can you answer these two questions:
How many domains and subdomains does Facebook operate?
Please make sure to include those added in the last 4 hours!
Can you enumerate every domain used to host advertising and/or malware on the planet?
Please make sure to account for dynamically changing and the infinite number of wildcard domains!
If you cannot give me exact answers, then your hosts file method is useless and obsolete. Please wake up and stop peddling your crap here.
The ETag method is a clever solution to cookieless tracking. I find this method I stumbled upon a couple of weeks ago a bit startling. I had no idea the amount of information routinely sent from my browser/computer to web servers-- information about plug-ins, time zone, screen resolution, accepted headers, etc WITHOUT letting me know. It is enough to give more than 21 bits of identifying information and uniquely identifies me among the 3M visits.
https://panopticlick.eff.org/
Yep. It's absurd, and unfortunately many "privacy-enhancing" tools (for example, anything that alters the user agent) can actually make a browser more unique rather than less-so.
NoScript is an exception, and one that works very well. I know it's parroted on Slashdot a lot, but if you care about privacy and security on the web there isn't a single better option. Using Panopticlick on my browser as an example:
Without NoScript: Your browser fingerprint appears to be unique among the 3,316,576 tested so far. Currently, we estimate that your browser has a fingerprint that conveys at least 21.66 bits of identifying information.
With NoScript: Within our dataset of several million visitors, only one in 2,433 browsers have the same fingerprint as yours. Currently, we estimate that your browser has a fingerprint that conveys 11.25 bits of identifying information.
Still not great, but a lot better than unique. It's quite unfortunate that the web evolved with the assumption that arbitrary code may be executed in the browser. If we had started out instead with an opt-in approach to Javascript, I think things would be quite a bit better now in terms of privacy and security than they currently are.
Um, no. The sky is not falling. They reset the value of the pref. Big whoop.
about:config -> javascript.enabled = false.
You are a dumbass, and a part of the problem. A year from now they will remove the javascript.enabled option entirely because "nobody is using it because it's a hidden preference" and "we need to make room for more twitterbook bullshit".
Chances are you can still modify those options through the about:config page (I hope).
Removing an option from the UI is the first step to Mozilla deleting the option altogether. Look to autoHide tabs for an example of this already happening, and tabs-on-bottom planned on being removed. When they force tabs on top I will stop using/upgrading Firefox.
This is why I get pissed off by the asshats who say "don't complain about the UI option, you can change it in about:config". 1-2 years after the UI is changed, the option, in all its forms, will be gone.
Wow a share button?!?!
This is what Mozilla is wasting time on now?
Don't forget the NEW LOGO!
http://cdn.thenextweb.com/wp-content/blogs.dir/1/files/2013/06/firefox_logo.png
I'm at a loss for words, but that picture tells you everything you need to know about the UI/art direction types at Mozilla. It's painful.
"Smart parentheses" add no value to a document, either. They're just fluff. We should start using | for both opening and closing parentheses, no?
Wow, you've somehow managed to make Lisp even more difficult to read
|defun proj |y x||+|*|flet ||ip |x y||sum |* x y|||||* |/|ip x y||ip x x||x||x|y||
Congratulations are in order, but I'm sure people will still keep using it :|
Mandatory minimum sentencing. Just another word for REVENGE! There ain't no justice.
Fixed that for you.
Java is a brogrammer language. It's for people that find writing real programs, in real languages, too hard.
Well consider this your lucky day! With Java 8 you can now write JavaScript to run inside of Java! Sayeth TFA:
Netscape created a piece of software called LiveScript to allow for scripting on its Web servers. It decided to port it to its browser and needed a fancier name, so it licensed the Java trademark from Sun and called it JavaScript -- which would long promote the confusion that JavaScript had very much to do with Java. However, after the apAOLcalypse, some members of the 12 colonies of Netscape were not done and sought to continue Netscape's plan of rewriting their browser in Java. In order to do so, it needed to create an implementation of JavaScript in Java. Netscape called the project Rhino; as with turducken, ours is not to question but to enjoy.
So just in case the seemingly unquashable confusion between Java and JavaScript wasn't bad enough, it's about to get worse. But I guess you can't blame Oracle -- they heard you like to use JavaScript and Java, so now you can JavaScript with your Java while you Java with your JavaScript. Or something. Plus throw in some Node.js bullshit for good buzzword coverage.
While there are many places that it can be useful to run JavaScript from within Java....
This is just plain bad.
It's what makes some of us 'socially'' awkward.
You have no idea how much those unbalanced quotes are bothering me....
er... what were we talking about? :)
Can't wait to use the new 046102 047111 005113 tag!
This would be funny if you were talking about HTTP instead of HTML, and if your "046102 047111 005113" were something contextually meaningful, like hexadecimal.
Application-level multiplexing avoids repeating TCP slow start when the user agent starts downloading additional resources in parallel, such as style sheet, script, and images, or when the user agent stops a download before it has finished.
That's what persistent connections in HTTP 1.1 are for. You know, that spec from 1999.
I can't believe you forgot Oscar Wilde.
Kids these days are a bunch of disrespecting dicks. -- Oscar Wilde
If you aren't bright enough to notice that an "ad" is not related to what you were searching for and ignore it, then you have more serious problems than worrying about whether the government is adequately protecting you from Google.
Did you intentionally misrepresent what the issue is, or are you just that obtuse?
Consider a (real-life example) search for "VLC". Most of the very popular software products (open source and otherwise) have had completely unaffiliated third-party companies take out advertisements with Google and Bing on their names. We're not talking about somebody stupidly ordering "100% REAL FOR SURE GUCCI BAGS" from some Chinese knockoff site. These are often intentionally misleading attempts to get people to download an executable (usually an installer filled with extra crap wrapped around the official VLC installer).
So what happens? You get "normal users" searching for "VLC" because their computer-smart relative told them it was a good way to watch their archive of MPG cat videos from 1998. They're told "Search Google for VLC. It should be the top result." And guess what, when they follow these instructions their computer gets crap installed (at best) or added to a botnet (at worst). The problem is compounded by the fact that many tech people use AdBlock and so don't even see the "sponsored" results most of the time.
I don't think many people are concerned about a search for "The Hobbit BluRay" turning up a sponsored result for an Amazon store page. That's fine and what people expect for search results advertising. It's when the advertisement is specifically targeted and intended to mislead that concerns are raised and that's exactly what the FTC's regulation is for.
Personally I think Google should take a more proactive role in open-source software downloads specifically. Searching for "VLC" or "Firefox" should not display any advertisements; instead, Google should recognize the popular open-source projects and display clear links to the official download sites. Anything else is near-complicity with malware peddlers.
Absolutely. And you can see that by noting that:
List of completely unrelated things
aren't standards. Oh wait.
If you'd bother to think a second before posting, what the OP meant was that you won't see the code of a GPL project being used as a general implementation reference standard. It wasn't a slam against the GPL, simply pointing out that the BSD license allows anyone to read and use the ideas in the code without much in the way of limitation or requirements. For example, a Microsoft engineer could read over the code for the BSD TCP/IP stack and then implement one for Windows using those ideas as a reference. That would never happen with GPL'd code because the license is more restrictive (again, not necessarily a bad thing).
(PS: Wordpress is a "blogging standard"? WTF does that even mean? That blogging software is by definition a mess of security holes?)
But seriously, Chrome did a LOT of stuff right.
But they did at least one thing horribly, horribly wrong, and have at the same time managed to popularize it amongst many other products. Firefox jumped on board a while ago to some extent, but this new UI looks like they've gone balls-to-the-wall to "COPY CHROME" mode (just look at their new "Firefox menu" icon. It's a damned copy-and-paste of Chromes! What the hell! I don't understand why, but today's user interface designers are like marketing consultants -- they're all in a perpetual race to mindlessly emulate whoever seems to be popular at the moment. Usability studies, what are those?)
Anyway, the horrible misfeature is dicking around with non-client window areas (cutely referred to now as "chrome" so that it sounds unimportant and worth messing around with). It used to be a huge faux-pas in a professional well-designed system to screw around with things like window borders, title bars, system menus, caption buttons, etc. In fact, you could usually tell when a program was complete crap because it tried to make some horrible non-square window with an all custom-drawn non-client area.
Microsoft's best practices for Windows applications dictated for the longest time that you shouldn't mess around with or try to change the non-client area because of the horrible mess of UI inconsistency, user confusion, future fragility, and others (they still do but now just say you should "avoid drawing" there). However, now even they are embracing this stupidity, for example in Visual Studio 2012. Specifically the window caption buttons are a bastardized custom-drawn version of the Windows 8 buttons. What this means is that on Windows 7, if I repeatedly click where the Minimize caption button (to minimize all of my maximized windows), depending on where I click it, I will click the Restore button on programs that use the "normal" Windows 7 non-client area.
I despise the Chrome user interface and if Firefox keeps drunkenly stumbling down that same back alley of UI design then I'll finally stop using the browser. Their plan to completely remove the Addon Bar is another sign they're really only interested in becoming Chromium. My bet is that inside 2 years they'll drop Gecko completely and just adopt WebKit.
I think you misunderstood the entirety of this discussion thread. You might want to go back and re-read it. However, on this one point:
I shall bow to your mastery the picosecond you post a piece working code showing how to "read the entire contents of Firefox's private memory" from an unprivileged user process launched after Firefox started and without using any Firefox vulnerabilities to do it.
Assuming Firefox is running with the user's standard permission level (which is the default), ReadProcessMemory will allow you access to it's memory space. And barring that, you can always use CreateRemoteThread.
Both of these assume the processes are on an equal security context footing. If one is elevated or across a session boundary, etc, then it becomes much more difficult (but not impossible).
But for corporate users, a system level exploit allows things like installing sniffers and key loggers so that more passwords can be collected. Including the admin/root passwords.
Absolutely. What takes it to the next level is that most (effectively all) Windows sysadmins will log into workstations using their user credentials which are members of the Domain Admins group. If a standard user is able to gain administrative access on their computer and then get a sysadmin to log in to "look at a problem" (very easy), they will likely gain full control over the local domain. This includes the ability to distribute a malicious binary over the network to every computer in the domain, allowing them to collect personal credentials and information from every other person in the company.
Even without getting a Domain Admin to log into their workstation, there is potential for other security problems. For example, the user might extract the hashed passwords stored in the active directory credential cache which likely contains an entry for a Domain privileged user. They could then attempt brute force decryption on this (salted and hashed) cached password. With modern GPU farms such brute force attacks aren't as crazy as they used to be, especially if the password is weak.