Steganography. Of course it alone won't keep a good virus researcher from figuring out what's going on, but Facebook/whoever will just see a legitimate profile (and that may make it that much harder to get it taken down).
Messages posted, postings on others' walls, images posted, even friends made in a particular order could all carry hidden meaning for watching malware.
Except you didn't have to buy the shareware. They were more like what demos were today (and in some cases, like today's "donate-if-you-enjoy" freeware).
.. when you install an unverified, experimental Firefox extension from an untrusted author! Firefox extensions are great because of their power to affect the entire browser and even the host computer, which is what made Firefox popular IMO. But this comes with obvious risks you shouldn't ignore!
One of the points made that first cast the claims into doubt was that some (most?) new cars now will cut the engine if you press the gas and brake at the same time. One specific case that they were trying to reproduce they concluded that if the gas was stuck and the driver had REALLY been holding down the brake, the engine would have shut off.
"while the majority of windows XP users still haven't upgraded to SP3"? Citation needed. SP3 is delivered via Windows Update. I had it before I switched to 7, my company it using it. It's been out for quite a while. I don't see why the majority of XP users would not be using it...
He's just doing basic stuff here with that extension. When you try to install any extension Chrome throws up a warning that the extension can access your personal data on whatever sites the extension author has requested access to in the manifest.json file. Ignore that warning at your own peril, especially if it doesn't match with what the extension description says it should do.
Lots of extensions inject content scripts. Lots of extensions do random AJAX calls to random sites that the user doesn't have open in a tab. That he put the two together to steal data is hardly revolutionary.
The only problem I see is that if the author specifies enough websites in their extension permissions, Chrome truncates them to "multiple sites" which is a bit ambiguous.
Actually TF2 isn't bad compared to other games. Source has lag compensation that actually tries to adjust the game temporally based on a player's lag... in short, it figures out where everyone was from that player's POV at the moment they shot and uses that to figure out if the player hit with his shot, etc. I've played online games where even 70-100ms ping is unplayable (I'm looking at you, D.I.P.R.I.P.) but TF2 can remain smooth at 150, and playable at 200-300ms (though the lag becomes noticeable then as people can more easily seem to hit you around corners... in actuality they're hitting you where you were 300ms ago).
On the other hand, unless you compile code into the game itself to compensate for input lag in a similar fashion, I expect any game would be similarly frustrating over 50ms lag or so.
Microsoft has since the leak you described moved "bugward compatibility" into something called "shims". They are basically compatibility fixes that only affect specific applications, to ensure newly written apps won't run into the compatibility hacks. More info.
The biggest problem is that when Twitter (or whoever) goes to deliver the update, at the user's home network a router or firewall will block Twitter from connecting. Of course this can be overcome if the client sends a heartbeat packet via UDP at regular intervals to Twitter so that the router thinks you're actively communicating, so when Twitter pushes data back via UDP the router knows who it's for and lets it in.
Of course, UDP isn't exactly a standard web tool. I know ASP.NET supports it through.NET, PHP supports it through its socket_* functions, but some web-based clients such as Chrome extensions can't do UDP. I dunno if Adobe AIR can or not.
Indeed, it is definitely faster than 3.6. Only problem I've noticed so far is that if you were using a third party theme with 3.6, 4.0b1 will happily use it even if not compatible, so you have to switch it manually.
The best solution may be to set up a private proxy such as CGIProxy on your own web server behind HTTP auth. Then access it via HTTPS only (on slashdot I think I read a story where someone's site was blocked for such a proxy... using HTTPS greatly reduces the chance of that). I think there was speculation on slashdot a while ago that the Chinese government could probably issue signed SSL certs if they wanted to and thus easily perform man-in-the-middle attacks. You should probably check to be sure the cert matches what you expect (especially the issuer) before using your proxy. Also if you know of a site that has a bad SSL cert (self-signed, etc) if it's suddenly valid while in China that could be another warning sign.
There's also Tor but it is quite blockable by blocking connections to its dictionary servers, so I'd be surprised if it worked in China.
You make a lot of good points but there are a lot of holes as well you should be aware of.
Apparently the Firefox memory leak bugs interact with some weakness in Windows XP SP3, and that causes Windows to become unstable. It seems that whoever debugs Firefox might also gain a good reputation from finding a major problem in Windows.
...what? Ok first of all, there is a explicit barrier between kernel land and user land. In kernel land, bugs crash the OS. These are blue screens. In user land, bugs crash the individual programs that cause them. Firefox limits the amount of memory it uses in an attempt to be sure plenty is left free for breathing space. Short of a malfunctioning driver (not Firefox's fault) it's simply not as easy as you seem to imply for an OS crash to happen. Sometimes some apps include drivers than run in kernel space but Firefox is not one of them.
Firefox is the most unstable program in common use.
Somehow I doubt that. Businesses run all sorta of old legacy programs (and normal consumers do too) which I imagine would be far more unstable than a modern browser coded for and tested on modern OSs. To your credit, flash is responsible for lots of browser crashes (had a few Flash crashes last week myself) thanks to Firefox 3.6.4 maybe we'll see an improvement there.
Some of the instabilities occur because of the interaction of Firefox with Microsoft Windows, apparently, when Firefox reaches the limit of installed memory and begins to require virtual memory. Firefox is more stable in Linux, apparently.
Apparently, you don't quite known how memory management works in operating systems. The OS will swap process memory in and out of RAM/virtual memory all the time, a big time is when process switching or minimizing/restoring windows. The less physical RAM you're using and the more total memory is in use, the more swapping, of course. But Windows will not simply wait for physical memory to fill before starting to use virtual memory; it keeps a good chunk of physical memory free so that when it's needed Windows can provide it immediately rather than having to swap stuff to disk first. Furthermore the management of virtual memory is done entirely by the OS; apps cannot access physical or virtual memory directly and I find the idea that Firefox somehow has problems with it doubtful at best. I also doubt this is related to Linux stability since Linux does much the same memory management stuff AFAIK.
It seems that an organization that has more than $100 million in assets could stop other work and address the instabilities.
Be a little more realistic. I doubt they are sitting around all day and throwing parties. Contrary to popular belief, debugging is hard. Debugging bugs that cannot be reliably reproduced can be near impossible. Unreliable bugs also crash less, which means they're less likely to make the top crashers, and guess which bugs are the most important to fix first?
I would also like to point out the top crasher in your link looks like a Skype Extension DLL and not actually a Firefox component.
That's the disk cache, not the memory cache. It doesn't appear you can set an explicit limit on the size of the memory cache (which is a good thing, as doing so below an optimal size would only slow down Firefox needlessly).
Candidate means it's not the final release. They're still testing it and may make changes before releasing the beta officially. Expect it to be less stable than a real beta (but more than an alpha).
Slashdot Mirror
Steganography. Of course it alone won't keep a good virus researcher from figuring out what's going on, but Facebook/whoever will just see a legitimate profile (and that may make it that much harder to get it taken down).
Messages posted, postings on others' walls, images posted, even friends made in a particular order could all carry hidden meaning for watching malware.
Except you didn't have to buy the shareware. They were more like what demos were today (and in some cases, like today's "donate-if-you-enjoy" freeware).
.. when you install an unverified, experimental Firefox extension from an untrusted author! Firefox extensions are great because of their power to affect the entire browser and even the host computer, which is what made Firefox popular IMO. But this comes with obvious risks you shouldn't ignore!
"We are proud to announce the iPhone 5..."
One of the points made that first cast the claims into doubt was that some (most?) new cars now will cut the engine if you press the gas and brake at the same time. One specific case that they were trying to reproduce they concluded that if the gas was stuck and the driver had REALLY been holding down the brake, the engine would have shut off.
I always pay for gas in cash. I think I will not change this personal policy in the near future.
NOPE </random>
Mine do, you insensitive clod! :p
"while the majority of windows XP users still haven't upgraded to SP3"? Citation needed. SP3 is delivered via Windows Update. I had it before I switched to 7, my company it using it. It's been out for quite a while. I don't see why the majority of XP users would not be using it...
He's just doing basic stuff here with that extension. When you try to install any extension Chrome throws up a warning that the extension can access your personal data on whatever sites the extension author has requested access to in the manifest.json file. Ignore that warning at your own peril, especially if it doesn't match with what the extension description says it should do.
Lots of extensions inject content scripts. Lots of extensions do random AJAX calls to random sites that the user doesn't have open in a tab. That he put the two together to steal data is hardly revolutionary.
The only problem I see is that if the author specifies enough websites in their extension permissions, Chrome truncates them to "multiple sites" which is a bit ambiguous.
Actually TF2 isn't bad compared to other games. Source has lag compensation that actually tries to adjust the game temporally based on a player's lag... in short, it figures out where everyone was from that player's POV at the moment they shot and uses that to figure out if the player hit with his shot, etc. I've played online games where even 70-100ms ping is unplayable (I'm looking at you, D.I.P.R.I.P.) but TF2 can remain smooth at 150, and playable at 200-300ms (though the lag becomes noticeable then as people can more easily seem to hit you around corners... in actuality they're hitting you where you were 300ms ago).
On the other hand, unless you compile code into the game itself to compensate for input lag in a similar fashion, I expect any game would be similarly frustrating over 50ms lag or so.
Microsoft has since the leak you described moved "bugward compatibility" into something called "shims". They are basically compatibility fixes that only affect specific applications, to ensure newly written apps won't run into the compatibility hacks. More info.
The biggest problem is that when Twitter (or whoever) goes to deliver the update, at the user's home network a router or firewall will block Twitter from connecting. Of course this can be overcome if the client sends a heartbeat packet via UDP at regular intervals to Twitter so that the router thinks you're actively communicating, so when Twitter pushes data back via UDP the router knows who it's for and lets it in.
Of course, UDP isn't exactly a standard web tool. I know ASP.NET supports it through .NET, PHP supports it through its socket_* functions, but some web-based clients such as Chrome extensions can't do UDP. I dunno if Adobe AIR can or not.
Indeed, it is definitely faster than 3.6. Only problem I've noticed so far is that if you were using a third party theme with 3.6, 4.0b1 will happily use it even if not compatible, so you have to switch it manually.
Sounds like someone forgot the global flag on their regex.
And Chrome has it's own experimental hardware acceleration in the dev branch.
The best solution may be to set up a private proxy such as CGIProxy on your own web server behind HTTP auth. Then access it via HTTPS only (on slashdot I think I read a story where someone's site was blocked for such a proxy... using HTTPS greatly reduces the chance of that). I think there was speculation on slashdot a while ago that the Chinese government could probably issue signed SSL certs if they wanted to and thus easily perform man-in-the-middle attacks. You should probably check to be sure the cert matches what you expect (especially the issuer) before using your proxy. Also if you know of a site that has a bad SSL cert (self-signed, etc) if it's suddenly valid while in China that could be another warning sign.
There's also Tor but it is quite blockable by blocking connections to its dictionary servers, so I'd be surprised if it worked in China.
Cache of the download mirrrors page: http://webcache.googleusercontent.com/search?q=cache:http://live.linux-gamers.net/%3Fs%3Ddownload
Universal translator, here we come!
But you wrote that comment in the past!
At first I thought you were just clueless, then I realized you were just a troll, now I'm just confused.
You make a lot of good points but there are a lot of holes as well you should be aware of.
...what? Ok first of all, there is a explicit barrier between kernel land and user land. In kernel land, bugs crash the OS. These are blue screens. In user land, bugs crash the individual programs that cause them. Firefox limits the amount of memory it uses in an attempt to be sure plenty is left free for breathing space. Short of a malfunctioning driver (not Firefox's fault) it's simply not as easy as you seem to imply for an OS crash to happen. Sometimes some apps include drivers than run in kernel space but Firefox is not one of them.
Somehow I doubt that. Businesses run all sorta of old legacy programs (and normal consumers do too) which I imagine would be far more unstable than a modern browser coded for and tested on modern OSs. To your credit, flash is responsible for lots of browser crashes (had a few Flash crashes last week myself) thanks to Firefox 3.6.4 maybe we'll see an improvement there.
Apparently, you don't quite known how memory management works in operating systems. The OS will swap process memory in and out of RAM/virtual memory all the time, a big time is when process switching or minimizing/restoring windows. The less physical RAM you're using and the more total memory is in use, the more swapping, of course. But Windows will not simply wait for physical memory to fill before starting to use virtual memory; it keeps a good chunk of physical memory free so that when it's needed Windows can provide it immediately rather than having to swap stuff to disk first. Furthermore the management of virtual memory is done entirely by the OS; apps cannot access physical or virtual memory directly and I find the idea that Firefox somehow has problems with it doubtful at best. I also doubt this is related to Linux stability since Linux does much the same memory management stuff AFAIK.
Be a little more realistic. I doubt they are sitting around all day and throwing parties. Contrary to popular belief, debugging is hard. Debugging bugs that cannot be reliably reproduced can be near impossible. Unreliable bugs also crash less, which means they're less likely to make the top crashers, and guess which bugs are the most important to fix first?
I would also like to point out the top crasher in your link looks like a Skype Extension DLL and not actually a Firefox component.
That's the disk cache, not the memory cache. It doesn't appear you can set an explicit limit on the size of the memory cache (which is a good thing, as doing so below an optimal size would only slow down Firefox needlessly).
If you don't like the state in which Mozilla releases Firefox, then don't buy it, or take it back for a refund!.... oh wait...
Candidate means it's not the final release. They're still testing it and may make changes before releasing the beta officially. Expect it to be less stable than a real beta (but more than an alpha).