Tumblr Mangles Developer Relations
Last week I logged on to Tumblr and was confronted with this abomination:
Missing e notice from tumblr. Way to encourage API development, guys.
Needless to say, this is pretty disturbing, and I wonder what Tumblr is thinking by posting this.
Continue reading: Tumblr Mangles Developer Relations »
Chrome Just Isn’t Up To Firefox’s Snuff
Three weeks ago I decided to give Google Chrome
a shot at replacing Mozilla Firefox as my primary browser. And believe me, it was a fair contest: I only called upon Firefox when I could not get Chrome to work.
Unfortunately, I had to call on Firefox at least once every other day. And while I still run across the occasional Web site that requires me to use Internet Explorer — mainly, Web sites that use some Microsoft technology, such as LiveMeeting or an ActiveX control of some sort — that’s maybe once or twice a month.
(And no, I have not given IE a chance to be my primary browser. When it truly embraces Web standards, then I will consider it. Internet Explorer is barely in the neighborhood of standards compliance right now, never mind on the same street. Safari? C’mon, man. Opera? Seriously, stop now, you’re embarrassing yourself.)
So I’ve made up my mind: Chrome gets sent back to the minors to work on its skills, and Firefox — older, fatter, slower, but far more dependable and experienced — is back as my ace starting pitcher.
Google’s Web Browser Has Its Problems, Too
Remember last month, when all the Internet was crowing about how “no one even attempts hacking Chrome” at Pwn2Own, an annual hacking contest with a primary focus on Web browsers?
The implication was, of course, that the Chrome Web browser cannot be hacked; or, at least, that its architecture is so good, and that hackers know this so well, that Chrome somehow becomes the Sword In The Stone, if not the Holy Grail.
This, of course, is nonsense. Fast-forward to today, where Google announces patches to three major Chrome security holes.
While Google isn’t revealing the specific nature of the three holes — “the referenced bugs may be kept private until a majority of our users are up to date with the fix” — their titles alone are alarming: “cross-origin bypass” suggests it’s pretty easy to spoof / forge where a request comes from; and all “memory corruption” causes concern about at least forced crashing, if not unauthorized access to system privileges.
Is Chrome a bad browser? Hardly. Has it had problems? It sure has. Did the refusal of hackers to go after Chrome during Pwn2Own mean Chrome is invincible? Not at all.
For one, there’s money to be made at this competition, and time is limited, so it only makes sense to go after the browsers you know can be compromised easily: Internet Explorer, Firefox and Safari, which was most easily hacked in previous Pwn2Own contests and leverages the same base technologies — WebKit and Chromium — used to power Google Chrome.
For another, these other browsers have been out longer and are used more widely than Chrome. That means knowledge of how they are built, information about glitches that could prove to be exploitable, etc. is greater.
Or I may be completely wrong. It could be that Chrome is, indeed, completely feared within the black- and white-hat communities alike.
Whatever the case, my point is that Google is not infallible, Chrome can be exploited, and why no one bothered to try to do so during a specific competition is hard to say.
Take with a grain of salt the hype you hear about hacking and security, especially if it’s proclaimed loudly. Anything complex is vulnerable to compromise and collapse, be it the Mayan civilization or even the Oracle DB server. Chrome is no different.
All links in this post on delicious: http://delicious.com/dougvdotcom/googles-web-browser-has-its-problems-too
