I think the idea is you'd let the user know. "This password would take approximately 4.5 days to crack. For your security, you will be required to change this password after 3 days. Alternatively, you may pick a longer, more secure password to lengthen this interval (for example, a 16 character password will only require a change after XX years)." Or something.
Bad guys can already do this right now, and the url still shows the bank's domain, so non-technically inclined users are no less protected.
Technically inclined users probably never navigated to the url in the first place.
Your specific example is a flaw in the specific website, and there is little Chrome can do when a website is coded in a insecure way that persists across all browsers (and web standards).
You type in the URL just like normal. This only affects how urls are displayed while you navigate around. Clicking on the "chip" shows the full url and allows you to edit it as normal.
I imagine it is to help combat phishing. Seeing store.steampowered.com with the green lock will, for sure, mean you're actually logging onto Steam, while any attempt to phish with a different domain will show something different (and many phishing domains are quite different, they just try to prey off of people not knowing how to isolate the domain).
I don't even see how that line is relevant to anything. If you're accessing it through VPN, the link from the VPN to Hulu is still going to be unencrypted due to lack of SSL.
Going after the people who wrote the software will have no effect, since they do not and cannot control how the software is used. What happened to Napster etc all but ensured that was how future file sharing software would be written.
Noscript and many similar tools allow selective blocking of JS based on domain... 99.9% of ads are served from dedicated domains so you just block them and the main site is unaffected.
There is a reason lights already don't alert you to how long until they turn green. If you know when a light is going to turn green, you'll be ready to immediately speed through. But the guy crossing the other way is trying to beat the red light. Suddenly your chances of getting into an accident go way up. Without knowing when the light turns green, it will probably take you a bit longer to get going.
encfs looks really cool in that it will transparent encrypt files and they look like regular files to dropbox etc, but they can go on any file system and encfs will still recognize the encryption when they come out. So that's always an option.
Sadly, the Windows port of it that I've tried is really buggy. I had to use it inside a Linux VM to really use it.
199.16.156.38 and 199.16.156.230 are also showing up as IP addresses for twitter.com. So that could help someone maybe (hint: c:\windows\system32\drivers\etc\hosts)
Of course it does. Microsoft is very good with backwards compatibility, especially from NT onward, and that's assuming Mozilla wasn't interested in supporting their most commonly used platform (I'm pretty sure Windows is). This is just talking about the port to Metro, which has seen poor reception.
Of course I doubt Firefox would have been a "true" Metro app... I don't think Chrome was... as part of MS' attempt to be anti-competitive with web browsers in Windows 8, they allow the default web browser to inject itself into Metro, but still run outside of the sandbox (otherwise, they would have to use the IE rendering engine! At least AFAIK). But you still want the UI to look Metro. Anyway, if the browser is not the default, it can still run but only on the desktop in its traditional UI. This restriction also applies to IE.
You have to be a Comcast subscriber to use the service and presumably your account is associated with whatever activity you do, just as if you'd done it from your home connection.
Right now I'm finding it unplayable, it needs a patch.
Game crashed to desktop within five minutes of its first launch, while trying to sign on to their online thing.
The online sign in system just doesn't work. If you go to their website it works just fine, but the game client can't log in. No error message or anything, it just sits there.
No way to redeem the Steam keys I got, eg the soundtrack and comic book. Probably part of the online system.
Voices do not play or play low enough that I can't hear them. This pretty much means I got lost in the first few minutes of gameplay and this was what motivated me to quit and try again later.
Some settings don't seem to be properly persisted between sessions, like invert mouse y and subtitles.
Performance seems extremely poor. I have a Radeon HF 58xx card and a quad-core 2.67ghz i5. According to the game page I meet the minimum requirements and then some, so I was surprised when, on normal graphics settings (which were recommended to me) the game performed poorly with wild fluctuations in FPS. Most of the time it would be a steady (if ugly) ~40, but then it would drop to 1FPS for a few seconds for no perceivable reason at all.
I am going to have to wait for a patch I guess and hope it fixes most of these issues.
The more important bit is that your PC needs to have contacted the cheat DRM server. The only way this should happen is if you have a cheat installed that is trying to contact it. It's not something you would try to do with a web browser without the cheat.
If it just MD5ed fhe files, the games would be hacker heaven, since you don't need to touch the files.
There are tons of ways to do this. You can attach a custom DLL to run code, or just inject code directly. You can do this when the program starts up even before it has a chance to run any code itself. You could modify your graphics driver to change the way the game renders so that the game itself sees everything about itself is fine because it is.
Also, files for the actual game are hashed, at least in Source. That is an sv_pure check and is not a VAC thing (though working around it would trigger VAC).
Slashdot Mirror
Congratulations, you've figured out Chrome OS! :)
Works for me with that version.
Make sure if you're using blocking extensions (Noscript, etc) that they are allowing frames and JS from gstatic.com and google.com.
Also make sure WebGL is working (I dunno if it uses it or not but it looks 3D) in chrome://gpu/).
A quick Google search (yeah, not exactly unbiased) doesn't seem to show anything in the top results. I found a reddit thread if you want to look through it, though.
I think the idea is you'd let the user know. "This password would take approximately 4.5 days to crack. For your security, you will be required to change this password after 3 days. Alternatively, you may pick a longer, more secure password to lengthen this interval (for example, a 16 character password will only require a change after XX years)." Or something.
This is for desktop... not sure about the mobile ports of Chrome.
Bad guys can already do this right now, and the url still shows the bank's domain, so non-technically inclined users are no less protected.
Technically inclined users probably never navigated to the url in the first place.
Your specific example is a flaw in the specific website, and there is little Chrome can do when a website is coded in a insecure way that persists across all browsers (and web standards).
You type in the URL just like normal. This only affects how urls are displayed while you navigate around. Clicking on the "chip" shows the full url and allows you to edit it as normal.
The "chip" is just the domain name, which is trivial to work out client-side.
I imagine it is to help combat phishing. Seeing store.steampowered.com with the green lock will, for sure, mean you're actually logging onto Steam, while any attempt to phish with a different domain will show something different (and many phishing domains are quite different, they just try to prey off of people not knowing how to isolate the domain).
I don't even see how that line is relevant to anything. If you're accessing it through VPN, the link from the VPN to Hulu is still going to be unencrypted due to lack of SSL.
640K ought to be enough for anybody.
Going after the people who wrote the software will have no effect, since they do not and cannot control how the software is used. What happened to Napster etc all but ensured that was how future file sharing software would be written.
It is in the works. You can check their progress by opening chrome://flags/#high-dpi-support and enabling the experiment.
Noscript and many similar tools allow selective blocking of JS based on domain... 99.9% of ads are served from dedicated domains so you just block them and the main site is unaffected.
There is a reason lights already don't alert you to how long until they turn green. If you know when a light is going to turn green, you'll be ready to immediately speed through. But the guy crossing the other way is trying to beat the red light. Suddenly your chances of getting into an accident go way up. Without knowing when the light turns green, it will probably take you a bit longer to get going.
encfs looks really cool in that it will transparent encrypt files and they look like regular files to dropbox etc, but they can go on any file system and encfs will still recognize the encryption when they come out. So that's always an option.
Sadly, the Windows port of it that I've tried is really buggy. I had to use it inside a Linux VM to really use it.
It uses the NTVDM, which emulates DOS. Windows doesn't actually run on top of DOS anymore.
199.16.156.38 and 199.16.156.230 are also showing up as IP addresses for twitter.com. So that could help someone maybe (hint: c:\windows\system32\drivers\etc\hosts)
Of course it does. Microsoft is very good with backwards compatibility, especially from NT onward, and that's assuming Mozilla wasn't interested in supporting their most commonly used platform (I'm pretty sure Windows is). This is just talking about the port to Metro, which has seen poor reception.
Of course I doubt Firefox would have been a "true" Metro app... I don't think Chrome was... as part of MS' attempt to be anti-competitive with web browsers in Windows 8, they allow the default web browser to inject itself into Metro, but still run outside of the sandbox (otherwise, they would have to use the IE rendering engine! At least AFAIK). But you still want the UI to look Metro. Anyway, if the browser is not the default, it can still run but only on the desktop in its traditional UI. This restriction also applies to IE.
You have to be a Comcast subscriber to use the service and presumably your account is associated with whatever activity you do, just as if you'd done it from your home connection.
As long as we're talking Android, Tasker is invaluable for getting your phone to configure itself based on location, or time of day, or whatever.
JuiceDefender helps increase battery life.
Nova Launcher is just better than the stock launcher and has a ton of features I can't live without.
Right now I'm finding it unplayable, it needs a patch.
The online sign in system just doesn't work. If you go to their website it works just fine, but the game client can't log in. No error message or anything, it just sits there.
Some settings don't seem to be properly persisted between sessions, like invert mouse y and subtitles.
I am going to have to wait for a patch I guess and hope it fixes most of these issues.
Considering how many people text while driving, it might PREVENT one!
The more important bit is that your PC needs to have contacted the cheat DRM server. The only way this should happen is if you have a cheat installed that is trying to contact it. It's not something you would try to do with a web browser without the cheat.
If it just MD5ed fhe files, the games would be hacker heaven, since you don't need to touch the files.
There are tons of ways to do this. You can attach a custom DLL to run code, or just inject code directly. You can do this when the program starts up even before it has a chance to run any code itself. You could modify your graphics driver to change the way the game renders so that the game itself sees everything about itself is fine because it is.
Also, files for the actual game are hashed, at least in Source. That is an sv_pure check and is not a VAC thing (though working around it would trigger VAC).