Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Developers On Browser Security

Posted by ScuttleMonkey on from the never-ending-war-of-escalation dept.

CowboyRobot writes "Developers of Google's Chrome browser have spoken up in an article describing their approach to keeping the browser secure, focusing on minimizing the frequency, duration, and severity of exposure. One tool Chrome uses is a recently open-sourced update distribution application called 'Omaha.' 'Omaha automatically checks for software updates every five hours. When a new update is available, a fraction of clients are told about it, based on a probability set by the team. This probability lets the team verify the quality of the release before informing all clients.'"

5 of 61 comments (clear)

  1. Re:Beta testers by jayme0227 · · Score: 5, Interesting

    It's certainly better than having the entire user base beta test the patch for them which is where we're at now in most cases.

    --
    But then I realized the cable was blue, so I only gave it one star. I hate blue.
  2. Re:Beta testers by RoFLKOPTr · · Score: 5, Informative

    No, they're getting a random sample of their user base to test a ready-for-release patch so that in case there are a couple cases not within their testing scenarios where the patch is unstable or a security hole is present, they will be able to address that (if it's serious enough) before releasing it to the whole world. This is so much better than the current way of doing things, because patches are still tested in the shop to the same degree as they would be without Omaha, except this way there's even more to be sure that the patch works correctly.

  3. Now for a better scheduler by Anonymous Coward · · Score: 4, Interesting

    Now if they could stop running googleupdate crap ALL THE TIME (maybe use the OSs built in scheduling system to run every so often) and give me more control over when/how things get updated it will be much better.

    1. Re:Now for a better scheduler by Anonymous Coward · · Score: 4, Interesting

      It _is_ killable - ironically, part of what you have to do is delete the job from the scheduler which restarts the damn thing every so often.

      It could do with a more user friendly ticky box to turn it off, but it's not completely evil.

      One thing I've never understood is why MS didn't expose the Windows Update facilities to other vendors (with user approval, of course.) A one-stop shop for updates a la Ubuntu's Update Manager would be a hell of a lot less messy, and it would actually work for people who do the Right Thing and don't run with Admin / Power User privileges.

  4. Re:Russian Roulette Anyone? by InsertWittyNameHere · · Score: 5, Funny

    The "Don't Be Evil" policy currently only applies to a fraction of Google's userbase. Once they verify the quality of this policy they will release it to all users.

    Don't Be Evil [BETA]