The Null Device
Posts matching tags 'firefox'
Recently, the annual Pwn2Own contest took place; in it, participants try to take over a computer by exploiting security holes in a web browser, and capture the flag (in this case, a file on the computer's hard drive). This year, all the browsers but one fell; Firefox 3.6.2 (though it's not clear whether NoScript would have mitigated this), IE8 and Safari all fell; one of the hackers even pwned an (un-jailbroken) iPhone and made off with the SMS database. The one browser that remained standing: Google Chrome, not because it's bug-free, but because the sandbox mechanism makes exploiting bugs impractical:
"There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."
Why is it, you may have asked yourself, that a technological civilisation that can put men on the moon, map the human genome and create the Nintendo Wii and the iPod can't make a standards-compliant web browser that doesn't leak memory like a sieve. Well, there's some good news on the horizon: the developers of Firefox have embarked on a memory leak eradication drive:
Aaron suggested having an "about:memory" page showing a breakdown of Firefox's memory use (bug 392351). When I pointed out the bug to Brendan Eich, he excitedly assigned the bug to himself.
Robert Sayre created a script to load random pages and see whether they cause leaks. The random URLs come from the Yahoo directory (biased toward older, top-level pages), del.icio.us (biased toward newer, geeky pages), and AltaVista (biased toward pornography).I see they have their use cases covered.
Steve England tested the top 500 web sites, finding two leaks. Later, he tested the top 20 Firefox extensions and found leaks in several of them.And there are some interesting user comments on the page.
Could I suggest a test of a 10 minute session of scrolling and zooming around in google maps hybrid mode as something guaranteed to to eat over 1GB of memory?I'd venture to say, from personal experience, that Yahoo! Maps (which appears to be a clone of Google Maps, and and is, to the best of my knowledge, only used for geotagging photos in Flickr) appears to chew up more memory than Google Maps. Which is rather funny, what with Yahoo! employing some of the brightest minds in AJAX development today (Douglas Crockford, for one).
Anyway, good luck to the Mozilla developers. Speaking as one in the habit of leaving lots of windows open in a session, I hope that this will lead to a browser that doesn't chew up all of the computer's resources if used for more than a few hours.
Brad Fitzpatrick, the founder of LiveJournal and architect of OpenID, has put forward his thoughts on the social graph problem — which is to say, the present state of affairs in which each social software application has its own social graph (of which user is connected to whom) which its users have to independently maintain — and how to go about aggregating these graphs into something less unwieldy:
Currently if you're a new site that needs the social graph (e.g. dopplr.com) to provide one fun & useful feature (e.g. where are your friends traveling and when?), then you face a much bigger problem then just implementing your main feature. You also have to have usernames, passwords (or hopefully you use OpenID instead), a way to invite friends, add/remove friends, and the list goes on. So generally you have to ask for email addresses too, requiring you to send out address verification emails, etc. Then lost username/password emails. etc, etc. If I had to declare the problem statement succinctly, it'd be: People are getting sick of registering and re-declaring their friends on every site., but also: Developing "Social Applications" is too much work.
Facebook's answer seems to be that the world should just all be Facebook apps. While Facebook is an amazing platform and has some amazing technology, there's a lot of hesitation in the developer / "Web 2.0" community about being slaves to Facebook, dependent on their continued goodwill, availability, future owners, not changing the rules, etc. That hesitation I think is well-founded. A centralized "owner" of the social graph is bad for the Internet.Brad has written down a set of goals for a project to open up the social graph, in a way that allows sites to interoperate gracefully. This will include a common infrastructure that manages the social graph data, within an architecture which (much like OpenID) allows anyone to operate their own servers, and prevents any one entity from owning the graph. This will have an API, which returns all equivalent nodes of a node (i.e., given an identity on one service, the owner's identities on all other services registeded), the edges in and out of a node, the aggregated friends of a node across all services, and any missing friends (i.e., any pairs of nodes connected on one service but not another).
From the user's point of view, this will allow some fairly nifty magic to happen, saving users the hassle of registering on yet another social network site and rounding up their friends:
A user should then be able to log into a social application (e.g. dopplr.com) for the first time, ideally but not necessarily with OpenID, and be presented with a dialog like: "Hey, we see from public information elsewhere that you already have 28 friends already using dopplr, shown below with rationale about why we're recommending them (what usernames they are on other sites). Which do you want to be friends with here? Or click 'select-all'."Brad acknowledges that there will be uncooperative sites, who, owning the lion's share of the social-networking sphere, don't see it in their interest to prioritise interoperating with other sites (no names are named, though I'm betting that it'll be a cold day in Hell before MySpace plays nice with something like this; after all, it may tip their users off to the existence of other sites and depress banner-ad impressions). Thus he proposes a browser add-on which implements the system on uncooperative sites, by means of screen-scraping.
What's happening with this proposal? so far, they have prototypes of the APIs, working on the data for 5 sites (LiveJournal and Vox are, not surprisingly, two of them), the start of a Firefox plug-in to drag MySpace, kicking and screaming, to the party, and the start of a website allowing users to register their points of presence in social networks; a limited beta is expected at some time in the future. There are apparently a lot of people from different organisations working on this, much as there were on the OpenID project, and a Google group has been set up for discussion of the details.
Note that this only covers social network (i.e., "x is a friend of y") data, and not the actual content (birthdays, photos, favourite movies/bands). There is another project named Move My Data, which aims to make the actual user data portable between accounts, though so far it seems to consist of a vague proposal.
Firefox crashed for me three times today. It just crashed twice in succession.
The crashes, apparently, are caused by Firefox allocating more and more memory for web pages, DHTML objects and such, never freeing any and, once memory runs out, dying horribly. Apparently our technological civilisation, which has put men on the moon and mapped the human genome, is incapable of implementing a web browser that does not leak memory like a sieve and spontaneously die from time to time.
I've heard it claimed that Mozilla/Firefox's memory leak is not a bug but a feature; the theory being that it's Nature's own caching mechanism, ensuring that the browser runs more and more efficiently (at least until it exhausts all system memory and dies, that is). Which is a nice piece of sophistry.
Anyway, for those using Firefox, there is a minor salvation in the Tab Mix Plus extension's session management facility, which saves your session and, should your browser crash, offers to restore it for you. Of course, should Firefox happen to die when reloading all the saved pages, it could be a problem, but not to worry: another feature (and definitely not a bug) is that, if that happens, Tab Mix Plus throws out some of the pages (seemingly at random) before the next attempt; thus, you eventually get to a set of pages which will reload without crashing, and all is well with the world. What would we do without such self-regulating mechanisms?
The Mozilla Foundation has posted the winners of a Firefox extension contest. Interestingly, three of the winners (Reveal, Showcase and FoXpose) are implementations of an Apple Exposé-style thumbnail view, only for browser tabs and windows.
Mozilla FireFox: the "We're here, we're furry, get used to it" browser? (via David Gerard's LJ)