I thought the whole point was Chrome UI, not Firefox..
A middle-click on the New Tab button works, assuming a Linux system.
Otherwise, it's relatively easy to write an extension that does it.
I fully support this proposal. In addition to APIs, I'd like to propose prohibiting caching any resources loaded over insecure HTTP, regardless of Cache-Control header, in Phase 2.N. The reasons are:
2) It won't break any websites, just some performance penalty for them.
3) Many website operators and users avoid using HTTPS, since they believe HTTPS is much slower than plaintext HTTP. After deprecating HTTP cache, this argument will be more wrong.
I'm sure the users will appreciate the extra traffic!
I can see 1 being a thing, but 2 is a penalty for the end-user on metered connections, and 3 is an argument for "Mozilla is much slower than [insert browser here]".
*ding ding ding*
And we have a winner!
If HTTPS then the IP will be enough by itself.
This is precisely what happened.
It's not like the existence of this bugtracker is a secret from anybody, not for 2+ years. It's even referenced in every release announcement.
Typical bug trackers allow you to classify something as a security issue, which automatically hide the bug from public. Some automatically do that to crash reports.
And I botched up the link to the tweet: https://twitter.com/Dinnerbone...
Both parties admit that it could have been handled better.
I specifically asked Nathan Adams (Dinnerbone) about it on Twitter; he said that it would've been handled better if the exploit was logged with the bug tracker to begin with, instead of trying to talk directly to people.
Undoing fat-fingered moderation, should be +1 Insightful
You need Developer mode to install "unpacked" extensions, which essentially means "in development", with no auto-update.
On Windows, they disabled the ability to install packaged extensions from other sources, Developer mode or not. unless you have a domain-level enterprise policy to whitelist some.
On other platforms, you're free to install extensions from any source.
On any platform, you're free to install Chrome Apps from any source. The reasoning being that apps do not silently run in parallel and with access to your browsing.
What this summary neglects to say is that Google is open to the idea of adding them back. Quote (link mine):
[...] CNNIC will be working to prevent any future incidents. CNNIC will implement Certificate Transparency for all of their certificates prior to any request for reinclusion. We applaud CNNIC on their proactive steps, and welcome them to reapply once suitable technical and procedural controls are in place.
Not sure if trolling or being funny. You succeed at both.
P.S. Google Translate in a pastebin (since the page has enormous amount of comments, it won't directly translate): http://pastebin.com/b56n2TnV
There is a post (in Russian) that explains Yandex's position better.
It's quite long-winded, but boils down to the fact that several phone manufacturers were told that they will be globally denied access to Google services if they ship a Russian regional version with Yandex's competing services pre-installed.
It's not just a matter of "in Russia, choose between having Google Play / Google services and Yandex", but "try to pre-install competitors in one market and we won't give you Google Play access anywhere".
[...] they will have to either test on Developer Edition, Nightly, or one of the unbranded builds [...]
Yes, there was much outcry when Chrome killed non-signed extensions installs, but at least it allows to load a development ("unpacked") version of any extension in the stable version. This is essential for testing, after all, to ensure it works and you can debug it on the platform most users actually run.
If FF does not allow it, well, nuts.