Where debating everything under the sun is only the beginning

The silent autoupdate feature is implemented using a scheduled task. Those of you familiar with the Windows Task Scheduler should be able to use it to retrieve information about the task.

Unlike Chrome, Opera knows how to write a proper auto-updater.

Wonder how many of you are using Chropera?

Not that it would make any difference to me but since we are at it - is there an option to disable auto-updates or you have to manually kill updater.exe (or whatever it's named like)?

Quote from: krake on 2014-04-05, 08:07:37

Not that it would make any difference to me but since we are at it - is there an option to disable auto-updates or you have to manually kill updater.exe (or whatever it's named like)?

If it uses the Windows Task Scheduler, you can just disable or remove the scheduled task. That's kind of the meaning of proper.

One important exception to silent autoupdate happens if you have installed Opera from a standard user account and elected to install for the “Current User” to a folder requiring administrative privileges. The installer will allow you to proceed as usual, but it will not create a scheduled task.

There's always an option

Opera Max a new app to transcode already crappy Web videos into an even lower bitrate.

Except the "parts I won't miss" have already been taken out twice.

And that annoying rich valley girl on the demo. She is so unattractive and opposite of what Opera was before that I don't want to look any further. The rich bitch could afford to actually pay for her "data plan" to watch the tubular videos on the not so tubular flat shitty cellphone screen.

If you have a limited data plan you would miss those pixels less than the capability to watch video.

Opera 12.17 is available for download.

As per this site http://ftp.opera.com/pub/opera/ there's only Windows version, no Linux.

As per this site http://ftp.opera.com/pub/opera/ there's only Windows version, no Linux. So they have dumped Linux.

Opera <15 itself is not vulnerable to Heartbleed simply because it uses an openSSL version that does not have the Heartbeat implementation compiled in.

The only insecure part was the automatic updater, which indeed used a vulnerable version of openSSL and that was, what was addressed with the update. I don't know if the Linux version needs the openSSL library as part of the Opera distributtion because the normal Linux package and MacOSX come with their own openSSL implementation, so it would be up to the OS to provide a secure variant (1.0.1g as of today).


About Heartbleed being no problem for a client:
That is not entirely true. If you visit a Website that is secured by a  TLS connection that can use Heartbeat, the server can reverse attack you exactly the same way as a client can attack the server - provided it is a hacked server or one deliberately set up by some crooks.

A vulnerable OpenSSL implementation at the client side will happily provide the same last 64 kByte of the SSL stack no mater where it is running. The server could grab almost everything that is on the stack, if it only probes often enough via the connection you have opened by yourself by visiting the site (meaning: your FW will let it through because it is a user initiated connection done by an allowed software, aka "the browser").

In the end that could mean that the server could grab all of the information that is on the stack no matter if it is in the same tab or in other tabs where you have a SSL connection open because normally there is only "one stack to rule them all" (AFAIK - don't sue me about that). In that stack there might be session cookies or other stuff you do not want to go to other pages.

(Golden rule for online banking and other critical stuff: Close all other connections before, then start a clean browser with no tabs open and then go directly to your banking site.)

People are already calling version 12.14 "insecure" without providing any evidence on how exactly it is less secure than 16 or 17.