Create an Account
username: password:
 
  MemeStreams Logo

MemeStreams Discussion

search


This page contains all of the posts and discussion on MemeStreams referencing the following web page: Google's Chrome. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet.

Google's Chrome
by Acidus at 2:01 am EDT, Sep 2, 2008

Its early (Actually very very late). Still trying to understand the implication of this. Lots of people in the web security space and beyond have been saying it for years: The browser is the new OS and JavaScript is the new shell code.

Only it was never designed to be an OS.

The long awaited Google OS is an open source web browser. I'm going to sleep.

(PS. Did I miss read page 10 through blurry sleep dep eyes? Did google really couple an input fuzzer to a web crawler for public sites?)


 
RE: Google's Chrome
by Decius at 9:39 am EDT, Sep 2, 2008

Acidus wrote:
Its early (Actually very very late). Still trying to understand the implication of this. Lots of people in the web security space and beyond have been saying it for years: The browser is the new OS and JavaScript is the new shell code.

Only it was never designed to be an OS.

The long awaited Google OS is an open source web browser. I'm going to sleep.

(PS. Did I miss read page 10 through blurry sleep dep eyes? Did google really couple an input fuzzer to a web crawler for public sites?)

So we've gone back to a heavy weight multi-process architecture because we can't figure out how to write code that doesn't crash? I'm not saying this is a bad idea, but its a capitulation to the war on software bugs. We can't protect you from vulnerabilities but we can keep those bugs from taking the whole browser down with them if you're lucky enough to have encountered them without a payload attached.

Having said this, the process sandboxing sounds like a good idea. There will inevitably be papers on how to escape it.


  
RE: Google's Chrome
by Simon C. Ion at 9:13 pm EDT, Sep 2, 2008

Decius wrote:
So we've gone back to a heavy weight multi-process architecture because we can't figure out how to write code that doesn't crash?

I wish that MSFT would have done this to explorer.exe a decade ago.
Kicking off a separate process for each Explorer window -and maybe the desktop and taskbar- would have saved me months of lost time!


 
RE: Google's Chrome
by Simon C. Ion at 9:09 pm EDT, Sep 2, 2008

Acidus wrote:
(PS. Did I miss read page 10 through blurry sleep dep eyes? Did google really couple an input fuzzer to a web crawler for public sites?)

It sounds like they did.
PS: their comic/AJAX/whatever breaks the back button and makes it impossible to link to individual pages. Bad Google.


 
RE: Google's Chrome
by Hijexx at 12:25 am EDT, Sep 3, 2008

Acidus wrote:
Its early (Actually very very late). Still trying to understand the implication of this. Lots of people in the web security space and beyond have been saying it for years: The browser is the new OS and JavaScript is the new shell code.

Only it was never designed to be an OS.

The long awaited Google OS is an open source web browser. I'm going to sleep.

(PS. Did I miss read page 10 through blurry sleep dep eyes? Did google really couple an input fuzzer to a web crawler for public sites?)

Noticed if one tab has a JavaScript alert up, you cannot switch to the other tab without responding. For something that is supposedly multi-process, I'd expect the same behavior as, say, two sep FF instances in that sitch.


 
 
Powered By Industrial Memetics