Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Patches 10 Chrome Bugs, Pays Out $10K

Posted by timothy on from the splat-splat-splat dept.

CWmike writes "Google patched 10 vulnerabilities in Chrome on Thursday, but it didn't award any of the researchers who reported bugs its new top-dollar reward. Google divulged no details of the vulnerabilities and, as is its custom, it blocked public access to its bug-tracking database — a practice meant to keep attackers from using the information before most users have upgraded. Some rivals, such as Mozilla, do the same; others, like Microsoft, do not. Sergey Glazunov banked $4,674 for reporting four bugs, including the previous maximum $1,337 each for two of the quartet. A researcher known as 'kuzzcc,' who has also reported flaws in Opera to that browser's Norwegian maker, took home $2,000 for uncovering a pair of Chrome vulnerabilities. But no one received Google's new biggest bounty, which the company set at $3,133.70 last month, after Mozilla had increased its maximum vulnerability payment to $3,000."

95 comments

  1. Money talks. by pspahn · · Score: 2, Interesting

    Meritocracy at work. It's nice to see, and I'm sure I will hear all sorts of complaints about how it is neither fair nor effective.

    --
    Someone flopped a steamer in the gene pool.
    1. Re:Money talks. by Suki+I · · Score: 4, Informative

      Meritocracy at work. It's nice to see, and I'm sure I will hear all sorts of complaints about how it is neither fair nor effective.

      Getting paid to help is always good. Especially on things many of us try to help on even if there is not pay incentive.

      --
      Home of The Suki Series
    2. Re:Money talks. by Anonymous Coward · · Score: 1, Interesting

      "I'm sure I will hear all sorts of complaints about how it is neither fair nor effective."

      Out of curiosity, why is that? It seems odd that anyone would complain about people getting paid a modest sum of money to do useful work.

    3. Re:Money talks. by Anonymous Coward · · Score: 0

      The price of running this idea through the PR-department must have been much larger than the sum of the prices. But I still like the idea of handing out cash.

    4. Re:Money talks. by jamesh · · Score: 2, Insightful

      Out of curiosity, why is that? It seems odd that anyone would complain about people getting paid a modest sum of money to do useful work.

      My guess would be because some people like to complain.

    5. Re:Money talks. by tylerni7 · · Score: 1

      One could fairly easily sell these sorts of bugs for much more than a "modest sum." I believe the common counter argument is that those finding these bugs should be given something closer to the "market price" (for bugs in something as wide-spread as IE, this can be on the order of hundreds of thousands of dollars).

      I don't really agree with this argument, just thought I'd fill you in on why some people would be complaining. The fact that these bugs were found and patched means that it can't be a horrible arrangement though.

    6. Re:Money talks. by Anonymous Coward · · Score: 2, Interesting

      Yes you're right. Some people don't like to accept compensation for things like this (research, volunteering, contributions). It isn't uncommon for one of them to feel trapped by their own rules of ethics, desiring payment but unwilling to take it, and then they despise others for accepting it... and themselves for wanting it.

    7. Re:Money talks. by Anonymous Coward · · Score: 1, Interesting

      Getting paid to help is always good. Especially on things many of us try to help on even if there is not pay incentive.

      Getting paid by a company that makes money from your help is not only good, but it is also fair. For them time translates into money, why wouldn't it work the same for the guys helping them ?

    8. Re:Money talks. by Anonymous Coward · · Score: 3, Interesting

      If the goal is to find vulnerabilities, then yes. This is great way to encourage people to do just that.

      If the goal is to maximize security for the average user, this pay-per-pwn reward scheme is a tangent at best.

      "Meritocracy" does not mean rewarding people to do work. That's just "labor". Meritocracy means rewarding the right people for doing the right job, where the job in this case is ostensibly to improve security. Here, we have an incorrect solution to a problem, and therefore the quality of people performing in this regard are irrelevant -- hiring the best bricklayer in town to setup your internet connection is not meritocracy at work. It's actually a form of waste.

      While I don't condone obscurity as a rule, it certainly does have practical benefits. Why not reap the benefits of obscurity where it is preserved, and openness where it is exposed? Practical moderation succeeds where ideological extremism fails. Paying people to dig up exploits before they're exploited is the same fallacy as using DRM to prevent "lost sales". Not only is the fix inconclusive, but by having it out there you know you've actually caused a nonzero number of machines to become compromised, and by offering a cash reward for these activities you're only creating more such incidents. Just as people refuse to buy DRM and pirate instead, leading to a circular argument for more DRM, there is no breakpoint at which the number of exploits will decrease; when such a thing happens it will merely lead to convincing the institutions that they need to offer more money (which was indeed another aspect mentioned in the story), which in turns raises more interest and turns out more exploits, and so on.

      In the end, a few people get a little bit of money, and a lot of people get hacked. Does that really sound like a meritous system to you?

    9. Re:Money talks. by Anonymous Coward · · Score: 0

      modest sum of money

      Don't get me wrong here.
      These people (likely) work their butts off with specialized training and sharp minds and (very likely) deserve every penny they get, but please don't label a sum of money > $1000 as "modest"; It's not like a Mechanical Turk payout.

    10. Re:Money talks. by similar_name · · Score: 1

      Nothing specifically to back it up, but I think sometimes that people really just want recognition. Google giving them a reward for finding a fix can be that recognition or hacking Google and compromising thousands of machines can be that recognition. Either way they will find the exploit. Better that Google recognizes them than a criminal enterprise.

    11. Re:Money talks. by Anonymous Coward · · Score: 0

      I know not to ask if you read TFA, but did you even bother to read the summary?

      "Google divulged no details of the vulnerabilities and, as is its custom, it blocked public access to its bug-tracking database — a practice meant to keep attackers from using the information before most users have upgraded."

    12. Re:Money talks. by hcs_$reboot · · Score: 1

      I agree and endorse that kind of behavior.
      However, for the same price, Google gets also a lot of free advertisement that contributes to improve their image. But I'm not complaining ...

      --
      Slashdot, fix the reply notifications... You won't get away with it...
    13. Re:Money talks. by Anonymous Coward · · Score: 3, Interesting

      I don't agree 100% with what the guy was saying, but this is what I think he was getting at.

      Chromium is an open source browser. Take current release. Take previous release. Diff. Derive any exploits. Construct drive-by attack for the many who haven't yet/never will update.

      On balance, though, I think the bug bounties are the way to go.

    14. Re:Money talks. by pspahn · · Score: 1

      Nature of the beast?

      Instead of objective discussion, /. seems to (these days) often revolve around people throwing anger around. I simply wouldn't be surprised when people find something... anything to bitch and moan about. Heck, my post was tagged as flamebait initially. I suppose that's not too far off, but it's simply discouraging when people are so quick to make knee-jerk reactions to anything just for the sake of doing so.

      Devil's advocate =! flamebait.

      --
      Someone flopped a steamer in the gene pool.
    15. Re:Money talks. by commodore64_love · · Score: 1

      You're basically accepting payment for lost life (which can never be recovered). "I'll spend 40 hours programming your software, and I want $1000 in return for my precious life wasted."

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    16. Re:Money talks. by DrEldarion · · Score: 1

      One of the nice things about Chrome is that it silently updates itself, so unless you go out of your way to disable that (and it's difficult...), everyone will always be up to date.

    17. Re:Money talks. by Abstrackt · · Score: 1

      You're basically accepting payment for lost life (which can never be recovered). "I'll spend 40 hours programming your software, and I want $1000 in return for my precious life wasted."

      I assume we're still talking about collecting bounties from Google when I make the following statement. If the work you do for the possibility of money feels like wasting your life maybe you should do something else, like work for the guarantee of money or simply treat it as a hobby.

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
    18. Re:Money talks. by commodore64_love · · Score: 1

      Granted - but my point was that I should not be criticized for accepting the money.

      It's MY life not somebody else's, and if I want to be compensated I have that right, and they can keep their dumb-assed hippy opinion ("work for free!") to themselves. I don't like Bible thumpers preaching at me, and I certain don't need hippies preaching at me either. If I waste days of my life finding a bug, I expect payment.

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    19. Re:Money talks. by DaVince21 · · Score: 1

      Because they didn't get the money.

      --
      I am not devoid of humor.
  2. Static analysis? by Singri · · Score: 1

    Are they using a static analysis tool to find bugs?

    1. Re:Static analysis? by Singri · · Score: 1

      By *they* I mean Google.

  3. True Geeks at Heart by UNHOLYwoo · · Score: 5, Funny

    ", which the company set at $3,133.70 last month" Great, Easter eggs beyond the code.

    1. Re:True Geeks at Heart by wen1454 · · Score: 2, Informative

      31337 = eleet. It took me like 10 minutes to figure that out. I guess that proves I am not a geek.

    2. Re:True Geeks at Heart by Suki+I · · Score: 0

      Glad you decoded it for me! We are on the same ship.

      --
      Home of The Suki Series
    3. Re:True Geeks at Heart by Abstrackt · · Score: 1

      Glad you decoded it for me! We are on the same ship.

      The best way I ever heard someone describe this idiom was that "a boat is what you get on when the ship's sinking". When you're still on the ship everything is just fine, which means the idiom simply doesn't work. When you're in the boat though, that means there's a problem. ;)

      --
      They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  4. a couple grand? by circletimessquare · · Score: 1

    you would think you could sell this information to certain other parties for a lot more than that

    and the potential for damage that can be done to the company's brand, and with all of the money the company has, you'd think they'd pay at least an order of magnitude more. and get a lot more interest in finding and reporting security flaws to boot

    they are playing pennies for gems of information

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:a couple grand? by Suki+I · · Score: 4, Informative

      you would think you could sell this information to certain other parties for a lot more than that

      and the potential for damage that can be done to the company's brand, and with all of the money the company has, you'd think they'd pay at least an order of magnitude more. and get a lot more interest in finding and reporting security flaws to boot

      they are playing pennies for gems of information

      Some of us like to play nice. Not saying I am in the category of the people who got those rewards, of course.

      --
      Home of The Suki Series
    2. Re:a couple grand? by Alphanos · · Score: 4, Insightful

      It has to be a careful balance to set bounties like this at the right amount. The information and fixes are valuable, yes. However, If they set the payout too high, it could actually encourage their employees to write buggy software in the hopes of cashing in (i.e. through a friend or family member).

      --
      Alphanos
    3. Re:a couple grand? by larry+bagina · · Score: 0

      Google doesn't play nice.

      --
      Do you even lift?

      These aren't the 'roids you're looking for.

    4. Re:a couple grand? by circletimessquare · · Score: 1

      I have no doubt you're one of the good guys. But not everyone is

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    5. Re:a couple grand? by Darkness404 · · Score: 4, Insightful

      Yeah, but Google is reputable, you -know- that their $3K is going to be genuine. Good luck suing J. Random Blackhat when the money he pays you turns out to be stolen/fraudulent or never arrives.

      --
      Taxation is legalized theft, no more, no less.
    6. Re:a couple grand? by JackCroww · · Score: 2

      But there is an additional potential payoff. If someone finds enough bugs, I'm sure there's a chance that they could be offered a job by Google, which would most likely payoff both monetarily and socially/job security more than selling the bug details to "certain other parties".

      --
      "Ayn Rand is a bloody socialist compared to me." - Robert A. Heinlein
    7. Re:a couple grand? by Suki+I · · Score: 0, Offtopic

      Love your sig ;)

      --
      Home of The Suki Series
    8. Re:a couple grand? by Darkness404 · · Score: 3, Insightful

      ...Except for the fact when Google audits the broken code and finds the person responsible for putting it in they are out a job, and my guess is, stable employment with a decent paycheck and benefits is better than a quick $3K.

      --
      Taxation is legalized theft, no more, no less.
    9. Re:a couple grand? by Suki+I · · Score: 1

      I have no doubt you're one of the good guys. But not everyone is

      Not much I can do about others doing bad things outside of my office. I have full control over what I do.

      --
      Home of The Suki Series
    10. Re:a couple grand? by hoggoth · · Score: 1

      Someone probably did and does sell this kind of information to other parties.
      They don't get an article about them though.

      These people did research they enjoy, made a little money, built their personal brands, raised their 'wuffie', helped Google, helped Chrome users, and got an article written about them.

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
    11. Re:a couple grand? by hoggoth · · Score: 0

      Sorry: 'Whuffie'.

      --
      - For the complete works of Shakespeare: cat /dev/random (may take some time)
    12. Re:a couple grand? by stms · · Score: 1

      I don't think that would be to much of a problem at Google. I mean I doubt many Google employees (certainly not coders) make less than 6 figures and probably with an amazing retirement plan as well. I wouldn't risk a job at Google for anything less than 7 figures.

    13. Re:a couple grand? by WillDraven · · Score: 2, Insightful

      I think that's exactly the GP's point. $3k isn't worth risking your job over. $30k or $300k might be.

      --
      This is my sig. There are many like it but this one is mine.
    14. Re:a couple grand? by Achromatic1978 · · Score: 2, Insightful

      Actually, you would be wrong... Google actually pays a fair bit less than many other tech companies, thinking that their 'rep' is some salary too. They used to rely on benefits, too - the cafeterias, etc... but have been cutting back drastically on those.

    15. Re:a couple grand? by stms · · Score: 1

      Yes but I would still hold my point that Google has a lot of leeway when it comes to raising the bounty before that becomes an issue.

    16. Re:a couple grand? by ProfessionalCookie · · Score: 1

      I'm sure it reduces the criminal payout to know that the rest of the world is competing to find and fix the same bug. IE on the other hand...

    17. Re:a couple grand? by bm_luethke · · Score: 1

      Certainly, without there being some that play nice there wouldn't be the terms "white hat" and "black hat" hackers - they would all be black hat.

      It is kinda a Prisoners Dilemma - while yes you *could* get more if you you found the right buyer you have to *find* that buyer before the bug is found and patched. It isn't a remotely legal trade in most places so its not like they are going to advertise and chances are the people who would find this type of bug aren't in the day to day business of this type to know who would either. Really, how many of the security violations have been used for *monetarily* advantageous usages? Annoying exploits for sure, but something worth thousands of dollars to take advantage of? I suppose one could truthfully say the really good ones you do not hear about (and I'll buy that - the truly good black-hat hackers you do not hear about either), but I can't imagine any hack worth many thousands to *purchase* (with all the risks involved of law enforcement with Honey Pots) not being known to so few that a website with hundreds of thousands of posters doesn't get *one* post with it.

      So you could spend months trying to find that big payout only to get arrested or you could get thousands for going through legitimate channels. Further if you found it chances are someone else will/can too and will report it for the thousands of dollars. Hmm, it's kinda like saying if you rat your partner out they get the death penalty and you get nothing, however if you both say nothing you both get the death penalty unless you can get your jury to all be ex cons - hard choice there isn't it? (yea a really simple "prisoner's dilemma" as it isn't really a dilemma what to take - both remaining silent doesn't get you anything).

      As long as the money payed out for bugs is comparative low it is a brilliant business move, not much to loose and a great deal to gain. I bet on a per-bug metric they are MUCH cheaper to do this than pay a full QA team to test *and* more effective. Lots of unpaid testers out there. Now if they are riddled with simple to catch bugs not so much, but once they are in a hard to find mode for bugs - quite cheap and effective.

      --
      ------- Sorry about the spelling, I suffer from two problems. Dyslexia makes it difficult to spell well, lazy makes it
    18. Re:a couple grand? by Anonymous Coward · · Score: 0

      The payment for a single bugbounty cannot be very high. It must somehow be related to the salaries of their employees, to keep it fair.

    19. Re:a couple grand? by Jurily · · Score: 2, Insightful

      I have full control over what I do.

      And I'm Santa Claus.

    20. Re:a couple grand? by Psychotria · · Score: 2, Insightful

      ...Except for the fact when Google audits the broken code and finds the person responsible for putting it in they are out a job, and my guess is, stable employment with a decent paycheck and benefits is better than a quick $3K.

      Citation please. I find it hard to believe that a Google employee (or an employee of any company) would find themselves out of a job because of broken code.

    21. Re:a couple grand? by interkin3tic · · Score: 2, Funny

      Santa, I'd like some self control this year for christmas.

    22. Re:a couple grand? by Anonymous Coward · · Score: 0

      They might do it if they can prove it was intentional. But how can they prove this beyond any doubt ?

    23. Re:a couple grand? by Anonymous Coward · · Score: 1, Informative

      Do you work there?

      My offer from Google was within 5k of the offers from Microsoft, Amazon and Apple. Consulting companies like Booz Allen were quite a bit lower with worse benefits packages. The big financials were even worse, often 20k below in salary compared to the big companies I listed.

      Google pays engineers quite well. From what I hear, non-engineers are not as lucky.

    24. Re:a couple grand? by Anonymous Coward · · Score: 0

      He's saying if they're caught doing it to cash in on the reward for fixing it. Do you really find that so hard to believe that someone would be fired for damaging the company's product to defraud them?

    25. Re:a couple grand? by Anonymous Coward · · Score: 0

      It's not the broken code that will get them kicked out of the job, it would be the dishonesty of ripping the company off. Most (read ALL) do not like or tolerate dishonest employees.

  5. Re:learn your colloquialism by Anonymous Coward · · Score: 1, Interesting

    Why is it some people are so resolute in their ignorance, they get indignant? At least in the USA stupidity is considered simply a freedom, not a right.

  6. Re:learn your colloquialism by Suki+I · · Score: 1, Interesting

    Some of us enjoy a little extra flavour in our language than others.

    --
    Home of The Suki Series
  7. Re:learn your colloquialism by jamesh · · Score: 1, Funny

    how about you make like a tree and get the hell out of here.

  8. :a couple grand? by Anonymous Coward · · Score: 0

    I am one of the bad guys :)

    I assure you the bugs are worth more. The problem with those who get caught is they are lazy. You have to make personal security priority #1. Most of those in the business don't spend the time and effort to protect themselves from the inevitable risk they are taking. If they keep it up long enough those risks catch up to them. People are stupid. You can't take millions upon millions of dollars without taking some precautions. Hiding doesn't work. You have to stop any one particular thing they might investigate before you get caught to reduce risk and even then make it impossible to discover the problem you created so they can't start to investigate before you have the money in hand. This way they can't track the money back to you. There are ways to make money untraceable. If you don't keep up one activity long enough they won't catch up with you. Deviation is key. The more time they have to learn about how you work they can learn about you the more likely they will catch you. If you deviate frequently they won't be able to connect the dots to catch you. Deviate and they loose your trail. If they don't catch up you still have a problem because the government will be suspicious of anybody with money and no reported source of income. You got to create fake entities to sell something intangible to generate profit and give the appearance of a legitimate business of which you can report to the IRS that'll explain the income you've generated.

  9. 6month disclosure by munky99999 · · Score: 1

    There's a 6 month disclosure timing. They likely reported and got paid months ago for these.

  10. "ELEETO"? by Bitmanhome · · Score: 2, Funny

    WTF does that mean?

    --
    Not that this wasn't entirely predictable.
    1. Re:"ELEETO"? by inflamed · · Score: 1

      It's probably an incremental title - the first (most) elite is elite 0, the penultimate h4x0r is elite 1, and so on... It's a privilege to be the best - a single digit is easier to type than a half dozen are, and 0 falls on the underused right-hand side of the qwertyboard.

    2. Re:"ELEETO"? by Anonymous Coward · · Score: 0

      It's in spanish

    3. Re:"ELEETO"? by Anonymous Coward · · Score: 0

      I've used l33t0 before and know what that means, but what is this "ELEETO" you speak of, something for EMACS, perhaps?

    4. Re:"ELEETO"? by ryzvonusef · · Score: 1

      Don't be daft, it's obviously Japanese, can't you spot the syllabaries? :D
      http://ja.wikipedia.org/wiki/%E3%82%A8%E3%83%AA%E3%83%BC%E3%83%88

      --
      I am an ACCA student. Got a query on Accountancy/Finance? Maybe I can help!
    5. Re:"ELEETO"? by Anonymous Coward · · Score: 1, Funny

      You're clearly not eleeto enough to know.

      Think of it this way: those who eleeto cannot explain, those who don't cannot understand.

  11. $13.37 by antdude · · Score: 0

    Yesterday, my employer's stock was at $13.37 and I laughed. No one else got the joke. :(

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
    1. Re:$13.37 by Anonymous Coward · · Score: 0

      That's because they bought at $313.37

    2. Re:$13.37 by Zarf · · Score: 1

      They should sell before it hits $4.20

      --
      [signature]
    3. Re:$13.37 by antdude · · Score: 1

      That would be nice, but leet is cool too.

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  12. Blocking users from its bug database by klui · · Score: 1

    Why would Google do that if its updates occur frequently due to they being deltas and of smaller sizes? Would it not make any difference since users are most likely patched up already? I can understand for users who are using the portable versions--like me--unless there are more portable users than there are who install the regular app.

  13. Re:learn your colloquialism by twidarkling · · Score: 3, Interesting

    Bollocksing up a common phrase by randomly switching in words is not "flavouring the language." It's "clouding the issue." Use the right phrase, with the right words, or don't use the phrase. You're not avant garde, you're not clever. You're uneducated. If you're ESL, that's one thing, but then you don't claim you're enjoying flavour in your language. Pretty sure you're just a tool.

    --
    Canada: The US's more awesome sibling.
  14. 1337 by Diantre · · Score: 0

    The maximum amount paid for a bug is 1,377$ ? I guess someone at google played too much CS.

  15. Cheap ass bastards by tsotha · · Score: 1

    Ten grand? Is that a typo?

    If I find an exploit I'm gonna sell it to the Russian mob. And not for no ten grand.

    1. Re:Cheap ass bastards by tsj5j · · Score: 1

      Good to see we're moving towards an amoral society where money speaks all. Go capitalism!

    2. Re:Cheap ass bastards by tsotha · · Score: 1

      No, if it was capitalism Google would pay something reasonable. This is some kind of commie corporatism.

  16. Chrome versioning madness by Anonymous Coward · · Score: 0

    Why is Chrome version 6 already in beta. Yes, it's fast, but other than that? Meh. Any other company would call it version 1.0.

    Google is playing catchup with version numbers.

  17. Imagine how much their work would have been worth by hyades1 · · Score: 1

    ...if your basic EULA didn't make most average users believe they had no right to sue somebody who yanked your pants down and offered their ass for sale to the highest bidder.

    --
    I've calculated my velocity with such exquisite precision that I have no idea where I am.
  18. Re:learn your colloquialism by shish · · Score: 1

    how about you make like a tree and get the hell out of here.

    Speaking of geek phrases -- "Make like freenode and split"

    --
    I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
  19. Re:learn your colloquialism by Anonymous Coward · · Score: 0

    ...nor a crime. Yet.

    What about it, lawmakers?

  20. I guess none of them were 1337 enough. by Arancaytar · · Score: 1

    ...

  21. Re:learn your colloquialism by AikonMGB · · Score: 1

    I agree, maybe they should make like a tree and get the fcuk out of here ;)

    Aikon-

  22. Re:learn your colloquialism by Anonymous Coward · · Score: 0

    If she is made out of wood we can build a bridge out of her.

  23. Re:learn your colloquialism by commodore64_love · · Score: 1

    I'm sorry.

    I didn't mean to step on your lawn nazi. He's a cute little lawn ornament.

    31373 is my favorite Commodore=64 game. I love blowing things up in my first-person spaceship, and fighting Thargoids.

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
  24. Re:learn your colloquialism by Anonymous Coward · · Score: 0

    Tell that to Larry David or Billy Shakespeare.

  25. Bugs for cash by cjjjer · · Score: 1

    The reason that Google and alike are offering "bounties" on bugs is that the people behind malware do the same thing. They offer cash for exploits, not hard to find them either, just use a different search engine other than Google.

  26. Re:learn your colloquialism by Abstrackt · · Score: 1

    A little hot under the colander eh?

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  27. Re:learn your colloquialism by Anonymous Coward · · Score: 0

    Seeing if he floats should put that fire out.

  28. This is a very good and smart policy. by BlueCoder · · Score: 1

    Of course it can't compete with the black market though but it's a good first step.

  29. Though it broke SSL somehow by chriskessel · · Score: 1

    And ever since the pushed out fixes, I can't connect to a bunch of SSL sites (such as mail.google.com). Apparently the fixes broke the ability to access SSL sites from behind a corporate firewall in some cases. The fixes made Chrome nearly useless to me :(.

  30. Re:So what? by Lord+Kano · · Score: 1

    I have plenty of karma. Chrome is a horrible application.

    LK

    --
    "Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
  31. Re:learn your colloquialism by Anonymous Coward · · Score: 0

    That's not what either of the did.

    Shakespeare in particular made up new phrases and new words. He actually was flavouring the language. What he didn't do is take a commonly used phrase, and then replace two words with near-synonyms in a way that makes the phrase harder to recognize and understand while adding no value.

  32. I'll Pay $3,133.71... by tingentleman · · Score: 1

    ...to anyone who can identify an exploit that let's me introduce another 5 exploits