Faster Browsing With RAM Disks

November 20, 2008 by Eliot 70 Comments

esperancedv

A coworker approached us today wondering if they could get a performance boost using Samsung’s newly announced 256GB SSD. Most of their work is done in browser, so we said “no”. They’d only see benefit if they were reading/writing large files. Their system has plenty of RAM, and we decided to take a different approach. By creating a filesystem in RAM, you can read and write files much faster than on a typical hard drive. We decided to put the browser’s file cache into RAM. Continue reading “Faster Browsing With RAM Disks” →

Chrome And Firefox Showing JavaScript Improvements

October 18, 2008 by Eliot 18 Comments

With new betas for both Firefox and Chrome being released, CNET decided to find out how good their JavaScript performance was. Both browsers got a performance boost with Firefox slightly edging out Chrome. You have to turn on TraceMonkey, Firefox’s new Javascript engine in 3.1b1, to get the improvement. We never thought Google was that serious about building a new browser. They just want wanted Firefox to get their act together and suck less. It seems to be working.

[via Lifehacker]

Ubiquity, A Browser Command Line

August 27, 2008 by Eliot 19 Comments

During the last day the web has been abuzz about Mozilla Labs’ Ubiquity. It’s an addon for Firefox that can help you streamline how you get things done on the web. In the example above, they show constructing an email with a map and reviews using mostly keyboard driven input. The addon is quick to install and we think you’ll find it saving you a lot of time on tasks you’d normally hit the search box for. In the popup, you can do quick Wikipedia lookups, define words, translate, perform calculations, and many other operations. You can email a page to someone by just typing three words. The best part is: anyone can write a command that will expand Ubiquity’s function. Greasemonkey helped fix broken websites and we think Ubiquity will help make interactions between sites much easier. We can’t wait to see what clever uses people come up with.

IBM Sees Influx In Zero-day Exploits

August 26, 2008 by Benjamin Eckel 7 Comments

IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

Best Firefox 3 Extensions

August 23, 2008 by Eliot 43 Comments

We generally try to limit the number of extensions we install for security, performance, and because we use a lot of different systems. That’s not to say there aren’t a lot of interesting addons out there and Mozilla has recently announced the winners of their Extend Firefox 3 Contest. Lifehacker has a full rundown of each of the winners. Nothing really stands out in our eyes (although we might try Last.fm’s toolbar).

The three extensions we always end up installing are Firebug, Greasemonkey, and Flashblock. What are yours?

Black Hat 2008: What’s Next For Firefox Security

August 8, 2008 by Kimberly Lau 23 Comments

Mozilla security chief [Window Snyder] made some surprising announcements about Firefox Next, Mozilla’s next major browser overhaul. In her chat at the Black Hat security conference, she introduced three new initiatives that focused on threat modeling, training, and vulnerability metrics. For the threat modeling initiative, she’s hired Matasano Security consultants to review Firefox’s code for weaknesses and recommend mitigation tactics to protect the browser from hacker attacks. This isn’t inherently unusual; what is abnormal is that the information, once the work is done, will be revealed to the public. The training initiative will have IOActive trainers working with Mozilla engineers on secure computer programming practices. At the end, according to [Snyder], online versions of the classes will be released to the public, along with the class materials. The last initiative revolves around security metrics, and is already in progress. Essentially, the project will ideally take the focus off of patch-counting and provide a better assessment of security and vulnerability issues. [Snyder] says “We’re in the early phase, working on incorporating feedback from the rest of the industry.” She also reveals some more Firefox developments, including possibly incorporating NoScript into the core browser and implementing protected mode, but they’re still a long way from becoming standard features.

Firefox 3 Vulnerability

June 18, 2008 by Eliot 1 Comment

TippingPoint’s Zero Day Initiative reported a critical vulnerability affecting Firefox 3.0 yesterday. It includes the 2.0 versions as well. It’s unreleased and Mozilla is working on a fix already. Whatever the exploit is, it does require the user to visit a malicious site or click a link to executed. It came in 5 hours after the FF3 release, but since it affects previous versions, we wonder if the researcher was just sitting on it to be first. The Zero Day Initiative pays researchers for the exploits they submit.