It's not like the existence of this bugtracker is a secret from anybody, not for 2+ years. It's even referenced in every release announcement.
Slashdot videos: Now with more Slashdot!
Typical bug trackers allow you to classify something as a security issue, which automatically hide the bug from public. Some automatically do that to crash reports.
And I botched up the link to the tweet: https://twitter.com/Dinnerbone...
Both parties admit that it could have been handled better.
I specifically asked Nathan Adams (Dinnerbone) about it on Twitter; he said that it would've been handled better if the exploit was logged with the bug tracker to begin with, instead of trying to talk directly to people.
Undoing fat-fingered moderation, should be +1 Insightful
You need Developer mode to install "unpacked" extensions, which essentially means "in development", with no auto-update.
On Windows, they disabled the ability to install packaged extensions from other sources, Developer mode or not. unless you have a domain-level enterprise policy to whitelist some.
On other platforms, you're free to install extensions from any source.
On any platform, you're free to install Chrome Apps from any source. The reasoning being that apps do not silently run in parallel and with access to your browsing.
What this summary neglects to say is that Google is open to the idea of adding them back. Quote (link mine):
[...] CNNIC will be working to prevent any future incidents. CNNIC will implement Certificate Transparency for all of their certificates prior to any request for reinclusion. We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place.
Not sure if trolling or being funny. You succeed at both.
P.S. Google Translate in a pastebin (since the page has enormous amount of comments, it won't directly translate): http://pastebin.com/b56n2TnV
There is a post (in Russian) that explains Yandex's position better.
It's quite long-winded, but boils down to the fact that several phone manufacturers were told that they will be globally denied access to Google services if they ship a Russian regional version with Yandex's competing services pre-installed.
It's not just a matter of "in Russia, choose between having Google Play / Google services and Yandex", but "try to pre-install competitors in one market and we won't give you Google Play access anywhere".
[...] they will have to either test on Developer Edition, Nightly, or one of the unbranded builds [...]
Yes, there was much outcry when Chrome killed non-signed extensions installs, but at least it allows to load a development ("unpacked") version of any extension in the stable version. This is essential for testing, after all, to ensure it works and you can debug it on the platform most users actually run.
If FF does not allow it, well, nuts.
Quoting the same article
For wireless notebooks on battery power, OOB communication is available when the system is awake and connected to the corporate network, even if the OS is down.
So no magical "I'll maintain that WiFi connection even when asleep"
Fast forward a few days, and someone tracked that bug down to an incorrect setting in Chrome code: https://codereview.chromium.or...
So yes, it was very straightforward, and wasn't drivers' fault.
If you edit the video (even doing nothing) with YT tools, it will reprocess it from the source that's still kept by Google, according to https://twitter.com/Christophe...
There are some problems with this.
1. This is not optional for videos that support it. If it was processed as 60fps video, then 1080p and 720p streams will only be served as 60fps.
2. Chrome has an outstanding crippling bug for months now in H/W decoding: https://code.google.com/p/chro... with the only viable workaround "disable HW decoding"
Those two combined together mean that 1080p60 is unwatchable on decent but not sparkling-new laptops under Windows, dropping frames / freezing constantly.