Profile

Cover photo
Ingo Chao
1,389 followers|12,146 views
AboutPostsPhotosVideos

Stream

Ingo Chao

Allgemeines  - 
 
XING kündigt heute an, dass der Support für IE7 ab Mitte Juni eingestellt wird. Per Conditional Comment kommt ein Banner auf die Seite, das auf eine längere Update-Info-Seite verlinkt.
Bereits seit November 2012 werden Nutzer des IE7 und anderer veralteter Browser von uns zum Updaten aufgefordert.
Wer zu jung ist, um sich an diesen Browser zu erinnern: er ist der Letzte, der noch hasLayout kennt. Das war irgendwas Seltsames mit CSS und dem Konzept des Block Formatting Context. Muss man nu nicht mehr wissen. Ade und komm bloß nicht wieder.
 ·  Translate
6
1
Marc Haunschild's profile photoOliver Sperke's profile photoPeter Müller's profile photo
2 comments
 
Ich finde es auch gut. Gerade die Großen sollten den Support für veraltete Browser früher einstellen, um den Druck zu erhöhen, aktuelle und im Zweifel sicherere Software zu nutzen... ;-)
 ·  Translate
Add a comment...

Ingo Chao

Shared publicly  - 
 
"The mass must be high enough for the star to undergo an energy crisis, with its core ultimately running out of fuel and collapsing under its own weight to form a black hole. Some of the matter falling onto the nascent black hole becomes redirected into powerful jets that drill through the star, creating the gamma-ray spike"
1
Add a comment...

Ingo Chao

Shared publicly  - 
 
"Conditional sibling class names for IE patching | 456 Berea Street" http://feedly.com/k/10XhcoF
1
1
Tom Livingston's profile photo
 
So not only do you have to have a wrapper, you also have an extra empty div just for the purpose of having the IE specific hook. I'm not smart enough to determine which is worse - the class on <html> (or <body>) or this but I have used the <html> tag version for a while and haven't experienced (or heard about) any issues with it.

Interesting though. Worth pondering. I mean, who am I to argue with Roger Johansson! :-)
Add a comment...

Ingo Chao

Shared publicly  - 
 
the 'all' property, the 'default' value. 
1
1
Add a comment...
Have him in circles
1,389 people
Elmar mc.fly Lecher's profile photo

Ingo Chao

Shared publicly  - 
 
 
Für den Aufbau einer agilen Organisation (App-Entwicklung) suche ich iOS- und Android-Entwickler, Visual und UX-Designer, QA-Experten und Scrum Master in Hamburg in Festanstellung. Wer also Lust hat, direkt an der Elbe in einem tollen Team so richtig coole Apps zu bauen, darf sich gern bei mir melden.
 ·  Translate
1
Add a comment...

Ingo Chao

Shared publicly  - 
 
 

What Blink means for Chrome Security

The Chromium project recently announced that we’ve forked WebKit as the Blink project <goo.gl/yF9QJ>. Amidst all the other discussion about what this means, I’d like to give my perspective on how it impacts Chrome security going forward. As always, these are my own thoughts, and don’t necessarily reflect the positions of Google, the Chromium Project, or anyone else.

So... I think it’s safe to say that the Chrome security team has taken a very active role in WebKit security over the last several years, and really led the pack in making Webkit more robust against exploits. We’ve fuzzed at previously unheard of scale <goo.gl/R718K>, paid out hundreds of thousands of dollars in bug bounties <goo.gl/PGr89>, performed extensive code auditing, fixed many hundreds of security bugs, and introduced a slew of hardening measures. And while we're very proud of the work we've done on WebKit security, the fact is that it’s getting harder and harder for us to make a big impact anymore.

The big issue is a side effect of Chrome’s design. While our architecture has tremendous strengths (beyond just security), it’s also very different from other WebKit-based browsers, and grows even more so with the rest of the WebKit project's increasing focus on the WebKit2 layer. These differences have forced us to make increasingly difficult decisions, like sidelining major security enhancements that don’t fit well with WebKit. Meanwhile, we were regularly handling security regressions resulting from things like differing release schedules, and maintaining legacy behavior required by WebKit as an API. These growing pains are common enough when a project like WebKit evolves to encompass such a broad set of consumers, but eventually you can reach a point where the burden on some members is just too high.

So, with the Blink project we now have a chance to fix quite a bit of technical security debt that’s accumulated over the years. These changes are all things that fit well with Chrome’s architecture, but were not viable in WebKit given their impact on other platforms. Some of our immediate changes will include improvements to our basic memory hardening in Blink. We plan on making a number of memory-safety changes, like switching to bounds-checked containers and adding integrity checks at different points in HTML processing and rendering. And one really exciting development will be broad deployment of something we call binding integrity, which ensures that DOM objects are valid at the point they’re bound to JavaScript (nearly eliminating first-order stale pointer and type confusion vulnerabilities in the DOM).

Longer term changes will involve things like refactoring our loading, navigation, and history handling. The nature of bugs in these layers tends to be very subtle and complicated, and is usually due to WebKit’s behavior triggering discontinuities in Chrome’s architecture (e.g. inconsistent navigation state between processes). These issues have led to an array of vulnerabilities including: remote code execution, UXSS, spoofing, and sandbox escapes. With Blink we already have a good sense of how we’ll refactor these layers to directly reflect Chrome’s architecture. As a result, we expect to eliminate certain families of Chrome-specific vulnerabilities entirely.

Of course, the best part of making these architectural changes is that we’ll be able to move forward on some really big security efforts like Site Isolation <goo.gl/ZZttn>, which will allow Chrome’s sandbox to enforce the Web’s origin model at a process level. The practical impact is that even a compromised sandbox process would not be able to manipulate data from sites other than the one that originated it. This is particularly valuable on a platform like Chrome OS, which has an extremely robust sandbox. It means that code execution bugs will become dramatically less dangerous, and most UXSS bugs will be eliminated.

So, from my perspective Blink is an unambiguously positive thing for Chrome security, and I expect Chrome’s users to start feeling the security improvements over the coming months.

#chrome   #blink   #security  
2
1
Add a comment...

Ingo Chao

Shared publicly  - 
3
Add a comment...

Ingo Chao

Allgemeines  - 
 
Ian Hickson: "I've added a feature to HTML to enable users (and authors) to sort tables."

http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2012-December/038465.html
2
1
Stefan Münz's profile photoAlexander Melde's profile photoGunther Pilz's profile photo
4 comments
 
+Gunther Pilz Es ist in der Tat eine Frage, über die man trefflich streiten kann - ob eine Funktionalität wie Tabellensortierung noch in den Bereich von Beschreibungssprachen gehört, oder ob das nicht vielmehr eine prozedurale, algorithmische Angelegenheit ist, die den verfügbaren Programmiersprachen überlassen werden sollten. Das Haupt-Pro-Argument ist halt wie so oft die einfache Verfügbarkeit. Ist es nicht toll, sich mit einem einfachen <table sortable> oder <th sortable="numeric"> 200 Zeilen JavaScript-Code sparen zu können? Wenn immer wieder nachgefragte prozedurale Standardaufgaben sich mit ein paar Attributen und Wertzuweisungen erschlagen lassen, ist es finde ich durchaus angebracht, das als ökonomischen Vorteil zu betrachten. Die Frage ist halt immer, wo die Grenze sein soll, und was tatsächlich "häufig nachgefragt" wird. Ich habe ja in meinen eigenen Publikationen immer wieder auch Scripts zur Tabellensortieruntg drin gehabt - aber dazu vergleichsweise wenig Feedback erhalten, was mich davon ausgehen lässt, dass viele Leute das Feature gar nicht brauchen. Und wenn, dann wird es oft anders gelöst, z.B. wenn die Daten aus einer DB kommen, gleich durch geeignete DB-Abfragen. 
 ·  Translate
Add a comment...
People
Have him in circles
1,389 people
Elmar mc.fly Lecher's profile photo
Links
Other profiles
Basic Information
Gender
Male