Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Pushes New Chrome Release, Pays $14k Bounty

timothy posted more than 3 years ago | from the return-on-investment dept.

Google 182

Trailrunner7 writes "Google has released version 8.0.552.237 of its Chrome browser, which includes fixes for 16 security vulnerabilities. The company also paid out more than $14,000 in bug bounties for the flaws fixed in this release, including the first maximum reward of $3133.7. The new version of Google Chrome has fixes for 13 high-priority bugs, but the most serious vulnerability the company repaired in the browser is a critical flaw resulting from a stale pointer in the speech handling component of Chrome. That flaw, along with four others, was discovered by researcher Sergey Glazunov, who earned a total of more than $7,000 in rewards for the bugs he reported to Google."

cancel ×

182 comments

Sorry! There are no comments related to the filter you selected.

New business model: (5, Insightful)

Fluffeh (1273756) | more than 3 years ago | (#34873534)

1) Convince Microsoft to adopt similar bug strategy.
2) Start using software as it was designed to be used...
3) PROFIT!!

Yes, that's right. No step 4.

*sips coffee*

Re:New business model: (1)

froggymana (1896008) | more than 3 years ago | (#34873632)

I thought thats what Linux was for? Except that companies like Redhat get work done for free by part of the community.

Re:New business model: (1)

elh_inny (557966) | more than 3 years ago | (#34875416)

If they can pay this much for reporting bugs, why can't they pay $8k or so for h264 codec licensing???
This was a lame move on their side...

Re:New business model: (2)

Yvanhoe (564877) | more than 3 years ago | (#34875730)

Yes. Lame economical move. Wonderful ideological one. Google is not banking on money but on reputation. They believe that the protocols used on internet should be opened and not patent-encumbered. They think that this is a danger that would cost them more than $8,000. They see further than most. Kudos to them.

Re:New business model: (1)

mysidia (191772) | more than 3 years ago | (#34873808)

1) Convince Microsoft to adopt similar bug strategy.

If Microsoft adopted a similar strategy... I could make a slight change of profession and retire in a few months, a billionaire, at least on paper (M$ lawyers would probably have a 100 page document ripe with escape hatches to ensure M$ never had to pay a single bounty)....

Would have to do it quickly though, before Microsoft management realized what a mistake it is to have a security bug bounty on such a piece of software

Re:New business model: (0)

Anonymous Coward | more than 3 years ago | (#34873890)

4) buy yacht.

Re:New business model: (1)

Anonymous Coward | more than 3 years ago | (#34873956)

4) Sip coffee

You thought we wouldn't catch that?

Re:New business model: (1)

tokul (682258) | more than 3 years ago | (#34874144)

Yes, that's right. No step 4.

You still have to convince manufacturer that your reported bug is a bug and not a feature.

Re:New business model: (1)

aliquis (678370) | more than 3 years ago | (#34874206)

Exactly, because a competing business model goes like:

1) Convince the users missing features (games, flash, ..*) isn't really an issue because if you want to stay true to the brand you should realize you don't really need them.
2) Heck, life is even better without them. Because like, now you know you're superior, because you don't have all that crap you previously thought you wanted!
3) PROFIT!!

Yes, that's right. No step 4.

*sips tea*

(* High end GPUs, more diversity in configurations, upgradeability, user-replacable battery, standardisation, video calls, webm (?! Makes it on-topic?), ..)

Re:New business model: (1)

uglyduckling (103926) | more than 3 years ago | (#34874724)

You don't HAVE to buy from Dell, you know.

Re:New business model: (0)

Anonymous Coward | more than 3 years ago | (#34874812)

Yes, that's right. No step 4.

You still have to convince manufacturer that your reported bug is a bug and not a feature.

One more reason to extend your social network with some persons residing in mother Russia.

Re:New business model: (0)

Anonymous Coward | more than 3 years ago | (#34874166)

Microsoft is the number 1 software company in the world, imagine they start saying theyll pay people to do their job, thats a disgrace to their name and to their company mission. Theyve already won the world over in software I dont think they need to bribe people into using their components.

Re:New business model: (1)

Anonymous Coward | more than 3 years ago | (#34874366)

Microsoft is the number 1 software company in the world, imagine they start saying theyll pay people to do their job, thats a disgrace to their name and to their company mission. Theyve already won the world over in software I dont think they need to bribe people into using their components.

How do you think they won the world over in software in the first place?

Re:New business model: (0)

Anonymous Coward | more than 3 years ago | (#34874760)

connect.microsoft.com - no pay outs - but still a very useful bug-reporting system

Re:New business model: (1)

c0lo (1497653) | more than 3 years ago | (#34874792)

1) Convince Microsoft to adopt similar bug strategy.
2) Start using software as it was designed to be used...
3) PROFIT!!
Yes, that's right. No step 4.

Step 2 is somehow flawed. Google paid the bounty for the security bugs and for Chrome only.

MS:
1. has a bigger "impact cross-section" thus won;t afford to pay too much for a bug leading to a 0-day exploit;
2. there is a stiff competition in the matter of monetary rewards for finding 0-days exploits (hint: some entities in a country used to be known as Soviet...). If somebody jumps into the game as a beginner and stay in the game long enough to be proficient in finding bugs, my bet... because of point 1 above, it won't take long to present her/his CV to the competition

Re:New business model: (0)

Anonymous Coward | more than 3 years ago | (#34875656)

Damn it c0lo!
Get out of here with your logics and reasoning!
We don't take kindly to that at Slashdot!

We like baseless accusations and magickery, with nonsensicalness to boot.

Re:New business model: (1)

Ginger Unicorn (952287) | more than 3 years ago | (#34875602)

You're conjuring up images of the boss guy in Office Space shagging the protagonist's girlfriend whilst sipping his coffee.

Fifteen enormous black gay cocks reaming timothy (-1)

Anonymous Coward | more than 3 years ago | (#34873536)

It's not rape, because rape implies unwillingness.

Re:Fifteen enormous black gay cocks reaming timoth (-1)

Anonymous Coward | more than 3 years ago | (#34874092)

What about statutory rape? I was fucking this smokin' hot 3 year old the other day with his consent, but I still had to pay his parents to keep their mouths shit because it technically still is rape.

Re:Fifteen enormous black gay cocks reaming timoth (1)

ciderbrew (1860166) | more than 3 years ago | (#34875364)

Depends, Canine Age 3 = Human Age 28 Years. You didn't state species :)

Chrome #1 (1)

TafBang (1971954) | more than 3 years ago | (#34873538)

It's just too sexy

Re:Chrome #1 (1)

Seumas (6865) | more than 3 years ago | (#34874288)

For a product claiming to be "8.x", it sure could use a lot of refinement. They haven't accomplished anything special with the tab interface (the biggest reason I can't adopt it for primary use -- I need Panorama and if not that, at least vertical nested tree tabs). There is a lot to be desired for extension selection and quality. And the thing I probably find most annoying, there doesn't seem to be a way to really organize the icon/button on the main bar that just about every extension installs. Causes what is otherwise normally a slick looking and clean interface into a cluttered piece of crap.

However, for *actually* only being about 2.0, it's doing pretty great and it's nice to have a viable third candidate in the mix to drive the others to improve (or a fourth, if you're one of those Opera crazies!).

Re:Chrome #1 (1)

TafBang (1971954) | more than 3 years ago | (#34874476)

I have about almost 50 tabs all on the bookmark toolbar. Of course they aren't titles and I just memorize the symbols used. But aside from all that. It's the fastest internet browser (that I'm aware of as of 2010 studies) and the extensions are great. Youtube AutoReplay, Divx streaming and Adblock. There are also extensions that an old colleague of mine uses to re-design the layouts of the web pages he visits to his liking. With Chrome being superbly user friendly and simple and being the fastest and the most sleek looking with great designs if you're an appearance type of person... it's listed as #1 in my book.

Re:Chrome #1 (1)

c0lo (1497653) | more than 3 years ago | (#34874846)

Should I add the annoying behavior of not being able, most of the time, to copy/paste when posting in /. using Chrome?
( granted, maybe it's /.'s fault, but is so much easier to shoot at a bigger target. Besides, is not polite to blame the host, is it? ;) )

I just want Google on my check (2)

Deathnerd (1734374) | more than 3 years ago | (#34873550)

I don't care how much it's for, because if I ever get a check from Google, it's getting framed. Just sayin.

Re:I just want Google on my check (2)

TafBang (1971954) | more than 3 years ago | (#34873614)

I like your style. Perhaps as a Facebook display picture in hopes of getting some "likes" from potential femina mates

Re:I just want Google on my check (2)

mysidia (191772) | more than 3 years ago | (#34873848)

I like your style. Perhaps as a Facebook display picture in hopes of getting some "likes" from potential femina mates

I am afraid Google would run into the same problems Knuth and others did. When people post images of checks online, various scammers, the scum of the internet, find images of the checks online, make fake checks, or initiate fraudulent ACH transactions.... result: the account has to be closed.

Remember folks... checks are legal instruments and contain confidential bank account numbers printed on them, which (due to our insecure banking system) can easily be abused by scammers to steal lots of money. Never post an image for public consumption of a check someone else wrote to you.

Re:I just want Google on my check (1)

h4rr4r (612664) | more than 3 years ago | (#34874076)

or just redact the numbers from the image.

Re:I just want Google on my check (1)

mysidia (191772) | more than 3 years ago | (#34874190)

or just redact the numbers from the image.

Only Slashdot readers can be trusted to redact numbers from images.

Other people (esp. if they are government employees) will manage to screw up the redaction in some manner that makes the information recoverable

Re:I just want Google on my check (1)

c0lo (1497653) | more than 3 years ago | (#34874870)

Other people (esp. if they are government employees) will manage to screw up the redaction in some manner that makes the information recoverable

Not a monopoly of the govt bureacrats, though, even if I admit they excel at it
Recent history show similar cases with non-govt entities... stop here, I won't name them, don't want flames.

Re:I just want Google on my check (1)

TafBang (1971954) | more than 3 years ago | (#34874192)

yeah, I figured the people on here would have enough sense to do that.

Re:I just want Google on my check (1)

c0lo (1497653) | more than 3 years ago | (#34874852)

Remember folks... checks are legal instruments and contain confidential bank account numbers printed on them, which (due to our insecure banking system) can easily be abused by scammers to steal lots of money. Never post an image for public consumption of a check someone else wrote to you.

Or, at least, not if you care maintaining a good relation with that someone.
I know, I know, not very moral of me.

Re:I just want Google on my check (1)

martin-boundary (547041) | more than 3 years ago | (#34873784)

*Sigh*, some people would rather have a check from Don Knuth...

Re:I just want Google on my check (1)

Javajunk (1957446) | more than 3 years ago | (#34874178)

At this point, I'm pretty happy to have seen a Knuth check in reality. Owning one is a long term career goal.

Re:I just want Google on my check (1)

c0lo (1497653) | more than 3 years ago | (#34874890)

At this point, I'm pretty happy to have seen a Knuth check in reality. Owning one is a long term career goal.

While a noble goal, you do remember that ... human are mortals, Knuth is still human... you know how it goes, don't you? Hurry up man, you don't have that much time.

You gotta be kidding me. (2)

Brannon (221550) | more than 3 years ago | (#34874240)

It's just a company, dude.

A much better idea (1)

Troll-Under-D'Bridge (1782952) | more than 3 years ago | (#34874396)

Why not just scan it? Then you can frame the print out (hell, you can even print 10x larger), and mail the check to me. That way we both win. Google on your wall. Money in my pocket.

Re:I just want Google on my check (1)

Joe Tie. (567096) | more than 3 years ago | (#34874596)

I used to get android sales pretty consistently, and that was one of the best parts. There's just something kind of cool in checking your balance and seeing daily deposits from google.

Re:I just want Google on my check (1)

phantomfive (622387) | more than 3 years ago | (#34874994)

Uh.....if you want it that bad, you can just get a job there, you know? I hear they even hire janitors.

interesting (0)

Anonymous Coward | more than 3 years ago | (#34873554)

being that I am running 9.0.597.19 I think you got your number wrong.

Re:interesting (1)

Tubal-Cain (1289912) | more than 3 years ago | (#34873692)

You're on a beta. Mine says 10.0.639.0.

Re:interesting (4, Funny)

biryokumaru (822262) | more than 3 years ago | (#34873788)

My Chrome goes to 11.

Re:interesting (1)

Seumas (6865) | more than 3 years ago | (#34874308)

Well, considering Chrome 1.0 was just released two years ago, we'll be on Chrome 12x by the end of the year.

$7,000 is pretty cheap labor (0)

Anonymous Coward | more than 3 years ago | (#34873594)

for identifying a series of bugs missed by Google's fabled (and pampered) FT engineering staff, that might otherwise come to the world's attention by customers being exploited for $$ by overseas hackers.

Someone in the trade press should work on an article about the "prize-sploitation" of top software engineers....

Google won this round... (4, Insightful)

NFN_NLN (633283) | more than 3 years ago | (#34873624)

14K sounds like a pretty good deal for Google. That's less than 2 months of salary for even an intermediate tester.

Re:Google won this round... (1)

Your.Master (1088569) | more than 3 years ago | (#34874830)

Less than 2 months intermediate? I'd be surprised if beginning testers cost Google less than $84k/year when you include bonus, stock, benefits, office space, etc..

Then again, I'd also expect an intermediate tester to get more done than just 13 random bugs being found (1 every 3 work days). But maybe the quality of these 13 bugs is higher than you'd expect out of two months with a tester.

Then again...again, I expect even without a bounty some of these bugs would have been reported. I wonder to what extent people's behaviour is actually changed by this.

Re:Google won this round... (1)

tyrione (134248) | more than 3 years ago | (#34874878)

Less than 2 months intermediate? I'd be surprised if beginning testers cost Google less than $84k/year when you include bonus, stock, benefits, office space, etc..

Then again, I'd also expect an intermediate tester to get more done than just 13 random bugs being found (1 every 3 work days). But maybe the quality of these 13 bugs is higher than you'd expect out of two months with a tester.

Then again...again, I expect even without a bounty some of these bugs would have been reported. I wonder to what extent people's behaviour is actually changed by this.

If you think an entry tester is getting stock options, at their price, you're nuts. They also aren't getting $84k.

Re:Google won this round... (2)

omglolbah (731566) | more than 3 years ago | (#34875034)

He didnt say they did, he said it could cost -google- that much.

Office space, benefits and the likes cost quite a lot. Salary is not the only thing an employee costs ;)

I found a bug (2)

Octopuscabbage (1932234) | more than 3 years ago | (#34873690)

"Hello google, i found a bug." "Did you fix it?" "Yeah here is 100 man hours of work and 1,000 lines of code" "k, cool, heres $10"

Re:I found a bug (2)

TafBang (1971954) | more than 3 years ago | (#34873704)

Sergey is Taking our Jobs

Re:I found a bug (1)

c0lo (1497653) | more than 3 years ago | (#34874918)

;) He can't help: the Russian Mafia has a price on his head, he can no longer sell to them, he needs something to live on ;)

I'll be filing a bug report soon (5, Funny)

93 Escort Wagon (326346) | more than 3 years ago | (#34873694)

I've heard that h.264 support is broken in an upcoming release.

Re:I'll be filing a bug report soon (1)

mysidia (191772) | more than 3 years ago | (#34873872)

I've heard that h.264 support is broken in an upcoming release.

And what makes this bug security related? :)

Re:I'll be filing a bug report soon (1)

gQuigs (913879) | more than 3 years ago | (#34873896)

Since they haven't removed it yet... it's the worse kind of security risk.. Involving lawyers and patent laws.

Security relation direct (1)

SuperKendall (25149) | more than 3 years ago | (#34874212)

And what makes this bug security related? :)

Because the reality is that with h.264 support out, rather than double up all encoding efforts for WebM sites will simply make Chrome use Flash players with h.264 videos.

Have you SEEN the security advisories around Flash?

Re:I'll be filing a bug report soon (1)

jisatsusha (755173) | more than 3 years ago | (#34874430)

It affects the security of MPEG-LA's patent licensing income, obviously.

Re:I'll be filing a bug report soon (0)

mswhippingboy (754599) | more than 3 years ago | (#34874172)

No, not broken. Removed. And Microsoft is pissed about it!

http://www.pcmag.com/article2/0,2817,2375719,00.asp [pcmag.com]

Re:I'll be filing a bug report soon (2)

tyrione (134248) | more than 3 years ago | (#34874886)

Woosh!

Re:I'll be filing a bug report soon (1)

c0lo (1497653) | more than 3 years ago | (#34874952)

No, not broken. Removed. And Microsoft is pissed about it!

Huh! They should save their mouth-foam for the time YouTube clips will only be available in WebM encoding!

Re:I'll be filing a bug report soon (2, Insightful)

_Sprocket_ (42527) | more than 3 years ago | (#34874364)

I've heard that h.264 support is broken in an upcoming release.

That's a feature.

Re:I'll be filing a bug report soon (1)

c0lo (1497653) | more than 3 years ago | (#34874928)

I've heard that h.264 support is broken in an upcoming release.

My bet on Google's answer: "that's not a bug, that's a feature". Would you believe it?

Re:I'll be filing a bug report soon (1)

Peter Bortas (130) | more than 3 years ago | (#34874988)

They would be correct, so I'd believe it.

Re:I'll be filing a bug report soon (1)

c0lo (1497653) | more than 3 years ago | (#34875072)

They would be correct, so I'd believe it.

Maybe others would be willing to, but I simply can't argue for the contrary.

Re:I'll be filing a bug report soon (1)

pinkushun (1467193) | more than 3 years ago | (#34875130)

If you log a regression bug I will verify it!

It's a ploy! (1)

NotQuiteReal (608241) | more than 3 years ago | (#34873716)

To find out who is capable of finding the obvious ploys...

Wait a minute... (0)

wierd_w (1375923) | more than 3 years ago | (#34873740)

Perhaps I have been subjected to one too many script kiddies, but the total paid out looks suspicious...

3,133.7?

Looks suspiciously like 'leet to me. Now I'm surprised they didnt pay "Over 9,000" instead.

Re:Wait a minute... (1)

biryokumaru (822262) | more than 3 years ago | (#34873796)

Um, did you read the summary? They paid that Sergey guy OVER 9000!!1

Re:Wait a minute... (4, Funny)

russotto (537200) | more than 3 years ago | (#34873802)

3,133.7?

Looks suspiciously like 'leet to me.

Way to spot 'em, Captain Obvious.

Re:Wait a minute... (1)

pinkushun (1467193) | more than 3 years ago | (#34875216)

It's even color-coded on the Chrome release blog.

One of the best things about Chrome ... (4, Interesting)

Wrath0fb0b (302444) | more than 3 years ago | (#34873782)

Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%). Why can't other applications just keep themselves up to date automatically in that way? It's obviously not technologically impossible, we've seen it happen. Even Windows Update is vaguely alright in this respect once you disable the restart-nagging. Debian systems do fine after a simple 'apt-get update && apt-get upgrade -y' in the root crontab although the GUI will occasionally pester you.

Firefox has to be the worst offender in this respect, both in terms of actual software upgrades that block the UI and then add-ons that also block the main UI and then spawn a silly splash to inform you of the amazing upgrade rfom 2.1.6 to 2.1.6(b). Unless it requires a change in the terms of the license or more permissions (Android does this nicely), I don't care and I definitely don't need to be interrupted to see it.

Another free tip for the Mozilla team -- when I open an application is not the time to install any updates. In fact, that is the only time you can be nearly guaranteed that I want to use the application right this second. Schedule updates for when I close the app because it's pretty damn likely I don't need to use it for a few minutes.

Apple could learn the same thing about their infernal updates too, plus an extra special place in hell for pimping their other software at the same time. I still get calls from my parents "Do I need Safari?", hmm, no just upgrade iTunes when it asks you to. "What about quicktime?". Gah.

 

Re:One of the best things about Chrome ... (4, Informative)

BZ (40346) | more than 3 years ago | (#34873886)

> Schedule updates for when I close the app because it's pretty damn likely I don't need to
> use it for a few minutes.

It's not that simple. When you close the app in the case of a web browser, you're most likely shutting your machine down; you don't want to do the update then.

The only sane way to do it is what Google does: actually replace the binaries in-place as the program runs... We're working on getting there. :)

Re:One of the best things about Chrome ... (1)

h4rr4r (612664) | more than 3 years ago | (#34874094)

Replacing files in place is easy, if you use a sane OS.

Re:One of the best things about Chrome ... (1)

icebraining (1313345) | more than 3 years ago | (#34874096)

Can you do that on Windows?

Re:One of the best things about Chrome ... (1)

monkyyy (1901940) | more than 3 years ago | (#34874138)

to be honest it can wait till i feel like my computer can be on while the bowser is closed; as rare as that be
i dont see a problem as long as its not months behind

Re:One of the best things about Chrome ... (1)

wumpus188 (657540) | more than 3 years ago | (#34875826)

Sorry, but this is just a lame excuse. OSX allows app to listen for shutdown notifications - just don't do an update if your app is terminating because of system shutdown. I'm sure Windows and KDE/Gnome have similar mechanisms.

Re:One of the best things about Chrome ... (1)

dakameleon (1126377) | more than 3 years ago | (#34873906)

Some might consider that silent automatic update an issue, especially if the silently updated new version breaks somehow. Corporate IT departments particularly are none too keen on things that go about updating themselves.

As for your Firefox issue, go to Tools > Options > Advanced > Update and untick automatically update for Add-ons (and probably search engines). There, job done. Yes it isn't the best user interaction decision to update at startup and block the main UI from loading, but it doesn't mean you have to live with it when it clearly ticks you off so much.

Re:One of the best things about Chrome ... (2)

Wrath0fb0b (302444) | more than 3 years ago | (#34873984)

As for your Firefox issue, go to Tools > Options > Advanced > Update and untick automatically update for Add-ons (and probably search engines). There, job done. Yes it isn't the best user interaction decision to update at startup and block the main UI from loading, but it doesn't mean you have to live with it when it clearly ticks you off so much.

So now I have to manually check for updates? And this is your idea of fixing things?

Re:One of the best things about Chrome ... (1)

Mana Mana (16072) | more than 3 years ago | (#34874134)

: : it doesn't mean you have to live with it when it clearly ticks you off so much.

: So now I have to manually check for updates? And this is your idea of fixing things?

I am the anti-Wrath0fb0b. First thing years ago, I disabled "download & update automatically." I want to know when updates occur; plugins go kaput and such---bad. But that's just me. I have to thank you, I kinda noticed that Chrome updated itself and I didn't know when or if it just my imaginings. Now I know. I would have bought a clue but I can't find more than one useful toggle in the wrench toolbox. And I am a guy that likes Ikebana, wtf. I must need more engine time.

Re:One of the best things about Chrome ... (5, Informative)

mysidia (191772) | more than 3 years ago | (#34873926)

Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%).

Hm.. that idea wouldn't work on any systems I setup.

Software restriction policy all systems, Policy default: deny.

Programs can be executed from the default allowed directories. %programfiles% , %systemroot%\system32, etc, and some designated paths for placing executables in manually, in order to install them.

User profile directories including appdata are specifically excluded, because this is best common practice. Programs/executables don't belong in any user's profile or appdata folder (Especially not in any folder used as a default download directory for saving files or temporary directory used by a mail application for opening attachments in a viewer). Contents of appdata is a data folder, and all of a user's profile are data folders, not program folders.

Re:One of the best things about Chrome ... (2)

Wrath0fb0b (302444) | more than 3 years ago | (#34874120)

Programs can be executed from the default allowed directories. %programfiles% , %systemroot%\system32, etc, and some designated paths for placing executables in manually, in order to install them.

When Chrome closes it copies over the %ProgramFiles% version if the user have sufficient privileges to do so. That's the best place for it, but given that NTFS does not allow unlinking an exectuable when it is running, having it in %AppData% for the time being is the next best option.

User profile directories including appdata are specifically excluded, because this is best common practice. Programs/executables don't belong in any user's profile or appdata folder (Especially not in any folder used as a default download directory for saving files or temporary directory used by a mail application for opening attachments in a viewer). Contents of appdata is a data folder, and all of a user's profile are data folders, not program folders.

Wait, so if I instruct chrome to download an application, it shouldn't go in $USER/Downloads because executables aren't suppose to be in data folders? To where should setup.exe be downloaded then? In fact, how the heck is any updater supposed to work in this case? Even Firefox downloads an executable to %appdata%\Temp\ and then launches the process.

What you've described isn't best common practice, it's slavish attention to distinctions that are made for the sake of convenience -- allowing the a particular form to entirely straightjacket the function of software that keeps itself updated.

What's more, given that placing roadblocks to updating causes a huge decrease in user compliance, it's not even clear that such draconian measures even improve security. Having those 16 browser vulnerabilities patched as promptly as possible is far more important than adhering to whatever practices seem best in the abstract.

TL;DR: I'm very happy that Google does not adhere to 'best practices' that would result in more people using software with known vulnerabilities for longer.

Re:One of the best things about Chrome ... (1)

slimjim8094 (941042) | more than 3 years ago | (#34874186)

User profile directories including appdata are specifically excluded, because this is best common practice. Programs/executables don't belong in any user's profile or appdata folder

I disagree, though not for Windows. On Linux, it's pretty common practice to install software locally to a user. For example I have a newer version of Python installed on my webserver than the stock, and it's just in my home directory.

Though I understand that your needs are likely different, I'm just pointing it out.

Re:One of the best things about Chrome ... (2)

morgan_greywolf (835522) | more than 3 years ago | (#34874082)

Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%).

No wonder corporate shops don't allow Chrome.

Re:One of the best things about Chrome ... (1)

frdmfghtr (603968) | more than 3 years ago | (#34874486)

I was thinking the same thing for my home machine. I consider silent background updates "bad." Only one person should be authorizing software updates--me, and I want to know about it beforehand.

Re:One of the best things about Chrome ... (1)

uglyduckling (103926) | more than 3 years ago | (#34874774)

Yup, although Chrome seems particularly adept at getting round any corporate restrictions. At the [government institution] where I work, Chrome seems to be on about half the machines, usually installed by users. I'm always grateful to see it as lots of machines seems to still have IE 6 which is getting close to unusable on many web pages.

Re:One of the best things about Chrome ... (2)

willie150 (95414) | more than 3 years ago | (#34874842)

Google released Chrome for Business [google.com] in the last few months, add that to the policy settings [google.com] and you're pretty set.

At close is worse (1)

r00t (33219) | more than 3 years ago | (#34874466)

If I'm closing the browser, that probably means my battery is dying. My UPS is doing the extra-fast beeping that happens right before it cuts out.

That would be the absolute worst time to update. The power will cut out right in the middle of the update. Few software projects can reliably avoid self-corruption when that happens.

Re:One of the best things about Chrome ... (1)

master811 (874700) | more than 3 years ago | (#34874904)

No the the installation of Chrome in the %user% folder is an an absolute pain. I'm sure the only reason google did this is to make it easy to install, but that doesn't make it the best place. Programs go in program files/system directories, NOT in userdata. I also hate the fact it doesn't just "update", it creates an entirely new directory everytime for that particular version, so you end up with loads of redundant folders.
 
No other major app does this, why can google get away with it?

Have they fixed h.264? (0)

rampant mac (561036) | more than 3 years ago | (#34873930)

I prefer that as my video playback of choice. I don't want want the sub par [multimedia.cx] solution.

Re:Have they fixed h.264? (0)

Anonymous Coward | more than 3 years ago | (#34874222)

But you accept as gospel truth the unsupported rants of a random student whose only software engineering and video codec experience is on a hobby project? And that hobby project is in direct competition with the standard he's criticizing? Seems like a less than credible source to me.

Supporting Chrome is moving back standards (0)

SuperKendall (25149) | more than 3 years ago | (#34874250)

I hate Flash video. In any browser I use, I deploy Flash Block or something like it to save resources.

The effect of Chrome removing h.264 video support has one direct effect - balkanization of the HTML5 <video> tag to where no-one is going to use it, thus forcing the re-appearance of Flash video in a lot of places it was starting to recede from.

I refuse to support backwards movement in standards. Yes WebM is an open standard - but one controlled by Google. At least h.264 has a much wider range of companies backing and directing it. The bigger open standard to worry about to my mind is support of the <video> tag so we can let browsers innovate around support for video playback rather than be forced to use whatever horror a partiular website has chosen to craft in Flash to view videos with. After is in comfortable use, then let's get widespread WebM support and try to move the industry there - Google is killing two birds (WebM by too early adoption and <video> by afore-mentioned market splintering) with one stone, and I'll not give them money to buy another sling.

Re:Supporting Chrome is moving back standards (0)

Anonymous Coward | more than 3 years ago | (#34874684)

Hey, are you a Mormon?

Re:Supporting Chrome is moving back standards (2)

dalmor (231338) | more than 3 years ago | (#34874906)

I posted this URL in another thread, but it is a great view of the whole video format "war" going on.

Even with chrome supporting h.264, in order to get maximum compatibility for video playback across all browsers(let's not leave out Android and Iphone), you still need to have the video in all 3 formats(below is copy/pasted from the site). Chrome isn't going "backwards" compared to where it stands now, unless you prefer having site visitors standardize on a set of browsers, in which case I can't argue with that:

      For maximum compatibility, here’s what your video workflow will look like:
            1. Make one version that uses WebM (VP8 + Vorbis).
            2. Make another version that uses H.264 baseline video and AAC “low complexity” audio in an MP4 container.
            3. Make another version that uses Theora video and Vorbis audio in an Ogg container.
            4. Link to all three video files from a single element, and fall back to a Flash-based video player.

http://www.diveintohtml5.org/video.html [diveintohtml5.org]

Re:Supporting Chrome is moving back standards (0)

Anonymous Coward | more than 3 years ago | (#34874936)

H264 may have much wider backing in some fields but that's just not visible in the browser usage share: After Googles decision I guess around 1% of the browsing happens on a browser capable of HTML5 + H.264. This game has just began.

This is about the web first and foremost, and the web grew because it is open and free to implement. People keep talking about the "industry" needs without realising that this absolute openness and freeness was crucial for the "web industry" explosion. I'm not ready to give up on that idea and accept H.264 just because Flash has already been accepted.

Re:Supporting Chrome is moving back standards (0)

Anonymous Coward | more than 3 years ago | (#34875504)

You are being dishonest.

HTML5 video tag was balkanized already and continue to be balkanized until some codec gets implemented by every browser. H264 cannot be implemented by free browsers. So, it's up to Microsoft an Apple to ship some codec that can be implemented and shipped freely.

Why the meager sum? (1)

iamacat (583406) | more than 3 years ago | (#34874266)

Certainly having a trouble free product is worth more than 10% of developer salary to google?

speech handling component ? (0)

sincewhen (640526) | more than 3 years ago | (#34874456)

Will they never learn?

Still no bookmark separators (1)

satan666 (398241) | more than 3 years ago | (#34874482)

Firefox has very nice bookmark separators which can keep groups of bookmarks nicely together.

However, Google has been stubborn as hell over this. They will not create bookmark separators.

I bet all techies and hardcore web users will not switch to Chrome over this. People on the web are
saying as much.

It is amazing that they are so adamant over this one feature. You know, I don't like that attitude.

Later Chrome...

Talk about cheap labor... (1)

Kenwoodism (1086661) | more than 3 years ago | (#34875254)

You know, for a company with a total equity of US $36.004 billion (2009) the sum of $14,000 being spent to improve their product doesn't seem that good of a deal for the people doing the work...
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?