On 11/23/11 10:03 AM, Aryeh Gregor wrote:
Can't browsers add instrumentation for this? You have users who have opted in to sending anonymized data. So for each user, on a small percentage of pages, intercept all bare-name property accesses in on*.
With enough work, this is possible. It'd involve a good deal of complexity or some perf hit, or likely both (even when not sending; there is _always_ a perf hit from having mode code in the codebase). Also, see below.
This would all have to be reviewed by security teams, but it should be doable in principle. The advantage is your sample would actually be representative, which could be important in some cases.)
In fact, I think it's 100% required here, I think, since a lot of the issues come from non-public applications (those behind various passwords, etc), and the audience for those is not representative.
Worse yet, we may not be able to get good statistics out of any sort of statistical scheme, even if the issue would be a stop-ship issue for users. For example, something that a quarter of our users hit every week that keeps them from using a single website they rely on would probably be considered a stop-ship bug, but would be lost in the noise of all the pages the users load during a week.
-Boris
