Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Pushes New Chrome Release, Pays $14k Bounty

Posted by timothy on from the return-on-investment dept.

Trailrunner7 writes "Google has released version 8.0.552.237 of its Chrome browser, which includes fixes for 16 security vulnerabilities. The company also paid out more than $14,000 in bug bounties for the flaws fixed in this release, including the first maximum reward of $3133.7. The new version of Google Chrome has fixes for 13 high-priority bugs, but the most serious vulnerability the company repaired in the browser is a critical flaw resulting from a stale pointer in the speech handling component of Chrome. That flaw, along with four others, was discovered by researcher Sergey Glazunov, who earned a total of more than $7,000 in rewards for the bugs he reported to Google."

144 of 182 comments (clear)

  1. New business model: by Fluffeh · · Score: 5, Insightful

    1) Convince Microsoft to adopt similar bug strategy.
    2) Start using software as it was designed to be used...
    3) PROFIT!!

    Yes, that's right. No step 4.

    *sips coffee*

    --
    Moved to http://soylentnews.org/. You are invited to join us too!
    1. Re:New business model: by froggymana · · Score: 1

      I thought thats what Linux was for? Except that companies like Redhat get work done for free by part of the community.

      --
      "To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
    2. Re:New business model: by mysidia · · Score: 1

      1) Convince Microsoft to adopt similar bug strategy.

      If Microsoft adopted a similar strategy... I could make a slight change of profession and retire in a few months, a billionaire, at least on paper (M$ lawyers would probably have a 100 page document ripe with escape hatches to ensure M$ never had to pay a single bounty)....

      Would have to do it quickly though, before Microsoft management realized what a mistake it is to have a security bug bounty on such a piece of software

    3. Re:New business model: by Anonymous Coward · · Score: 1

      4) Sip coffee

      You thought we wouldn't catch that?

    4. Re:New business model: by tokul · · Score: 1

      Yes, that's right. No step 4.

      You still have to convince manufacturer that your reported bug is a bug and not a feature.

    5. Re:New business model: by aliquis · · Score: 1

      Exactly, because a competing business model goes like:

      1) Convince the users missing features (games, flash, ..*) isn't really an issue because if you want to stay true to the brand you should realize you don't really need them.
      2) Heck, life is even better without them. Because like, now you know you're superior, because you don't have all that crap you previously thought you wanted!
      3) PROFIT!!

      Yes, that's right. No step 4.

      *sips tea*

      (* High end GPUs, more diversity in configurations, upgradeability, user-replacable battery, standardisation, video calls, webm (?! Makes it on-topic?), ..)

    6. Re:New business model: by Anonymous Coward · · Score: 1

      Microsoft is the number 1 software company in the world, imagine they start saying theyll pay people to do their job, thats a disgrace to their name and to their company mission. Theyve already won the world over in software I dont think they need to bribe people into using their components.

      How do you think they won the world over in software in the first place?

    7. Re:New business model: by uglyduckling · · Score: 1

      You don't HAVE to buy from Dell, you know.

    8. Re:New business model: by c0lo · · Score: 1

      1) Convince Microsoft to adopt similar bug strategy.
      2) Start using software as it was designed to be used...
      3) PROFIT!!
      Yes, that's right. No step 4.

      Step 2 is somehow flawed. Google paid the bounty for the security bugs and for Chrome only.

      MS:
      1. has a bigger "impact cross-section" thus won;t afford to pay too much for a bug leading to a 0-day exploit;
      2. there is a stiff competition in the matter of monetary rewards for finding 0-days exploits (hint: some entities in a country used to be known as Soviet...). If somebody jumps into the game as a beginner and stay in the game long enough to be proficient in finding bugs, my bet... because of point 1 above, it won't take long to present her/his CV to the competition

      --
      Questions raise, answers kill. Raise questions to stay alive.
    9. Re:New business model: by pinkushun · · Score: 1

      side note - Originally there is no no need for phase 4

      *sips espresso*

    10. Re:New business model: by elh_inny · · Score: 1

      If they can pay this much for reporting bugs, why can't they pay $8k or so for h264 codec licensing???
      This was a lame move on their side...

    11. Re:New business model: by Ginger+Unicorn · · Score: 1

      You're conjuring up images of the boss guy in Office Space shagging the protagonist's girlfriend whilst sipping his coffee.

      --
      (1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
    12. Re:New business model: by Yvanhoe · · Score: 2

      Yes. Lame economical move. Wonderful ideological one. Google is not banking on money but on reputation. They believe that the protocols used on internet should be opened and not patent-encumbered. They think that this is a danger that would cost them more than $8,000. They see further than most. Kudos to them.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
    13. Re:New business model: by LingNoi · · Score: 1

      As has been said many times in the other article. Firefox and Opera don't support H.264 now, so chrome not supporting it is just coming in line with the other browsers. You should be complaining that Microsoft refuses to put in WebM support rather then Chrome doing what everyone else is doing. Yeah, it sucks if you're used to h.264 encoding but technology moves forward and by popularity vote the industry is moving to WebM for the video tag in HTML 5.

    14. Re:New business model: by LingNoi · · Score: 1

      1. You can define the terms for payment and they have more money then google to blow.
      2. The competition fixes windows bugs? eh... Also, someone does work for you for money, gets better at their skill and may move jobs?! We can't let this happen! They must remain Microsoft's worker slaves forever!

    15. Re:New business model: by MichaelJ · · Score: 1

      Popularity vote of what? I see h.264 implemented in software and even hardware all over the place, ranging from my TiVo to even my point-and-shoot camera. I'm fairly certain I've never even heard of WebM before today.

      --

      Michael J.
      Root, God, what is difference?
    16. Re:New business model: by tuppe666 · · Score: 1
      New codecs happen all the time. If your current hardware cannot support it perhaps you bought the wrong hardware.

      Its a shame that point-and-shoot camera's have had to adopt H.264 as the costs of using it for small commercial projects simply a restriction. Thank goodness their is a real alternative for the little guy.

    17. Re:New business model: by LingNoi · · Score: 1

      Your Tivo and Camera don't support the html 5 video tag.

    18. Re:New business model: by bennomatic · · Score: 1

      How come my version of Chrome is 9.0.597.47? Am I in the future, or did this article sit in the stack for several weeks?

      --
      The CB App. What's your 20?
    19. Re:New business model: by dave420 · · Score: 1

      What the fuck are you smoking? New codecs do come along all the time, but industry standard ones do not. H.264 has been years in the making. It is used end-to-end in most TV broadcasts, across the internet, on phones, and pretty much anything that has digital video uses h.264, and does it in hardware. Small commercial projects serving video to under 100,000 subscribers don't have to pay a penny. I take it you have no fucking idea about the licensing costs of h.264. It's dirt cheap. The little guy doesn't have to pay royalties for h.264.

    20. Re:New business model: by tuppe666 · · Score: 1

      What the fuck are you smoking? New codecs do come along all the time, but industry standard ones do not. H.264 has been years in the making. It is used end-to-end in most TV broadcasts, across the internet, on phones, and pretty much anything that has digital video uses h.264, and does it in hardware. Small commercial projects serving video to under 100,000 subscribers don't have to pay a penny. I take it you have no fucking idea about the licensing costs of h.264. It's dirt cheap. The little guy doesn't have to pay royalties for h.264.

      WebM comes with the backing of some awful big players on the Internet(Firefox/Opera...Google). From Next Month we are looking at 50% of browser support. Why can't TV broadcasts/phones not support WebM in hardware? They can and they are already releasing some. Most hardware supports upgrades unless they for business reasons choose not to. A small commercial project of several million is trivial to achieve on the internet. Its the internet...and its not just the internet it includes a whole host of small applications including proprietary ones that cannot use this. I know a little of the spiralling costs and know that half of all used internet browsers think it is too much, but your right about me not knowing the costs they get to change how much they charge again in 2015. :) Its disgusting.

    21. Re:New business model: by DaVince21 · · Score: 1

      Said Linux software tends to be not of 1.0 quality - ie. not completely ready and expected to have bugs. You'd expect MS's final products to work, though.

      OP should be rated funny rather than Insightful anyway, but yeah... This is Slashdot.

      --
      I am not devoid of humor.
  2. Chrome #1 by TafBang · · Score: 1

    It's just too sexy

    1. Re:Chrome #1 by Seumas · · Score: 1

      For a product claiming to be "8.x", it sure could use a lot of refinement. They haven't accomplished anything special with the tab interface (the biggest reason I can't adopt it for primary use -- I need Panorama and if not that, at least vertical nested tree tabs). There is a lot to be desired for extension selection and quality. And the thing I probably find most annoying, there doesn't seem to be a way to really organize the icon/button on the main bar that just about every extension installs. Causes what is otherwise normally a slick looking and clean interface into a cluttered piece of crap.

      However, for *actually* only being about 2.0, it's doing pretty great and it's nice to have a viable third candidate in the mix to drive the others to improve (or a fourth, if you're one of those Opera crazies!).

    2. Re:Chrome #1 by TafBang · · Score: 1

      I have about almost 50 tabs all on the bookmark toolbar. Of course they aren't titles and I just memorize the symbols used. But aside from all that. It's the fastest internet browser (that I'm aware of as of 2010 studies) and the extensions are great. Youtube AutoReplay, Divx streaming and Adblock. There are also extensions that an old colleague of mine uses to re-design the layouts of the web pages he visits to his liking. With Chrome being superbly user friendly and simple and being the fastest and the most sleek looking with great designs if you're an appearance type of person... it's listed as #1 in my book.

    3. Re:Chrome #1 by c0lo · · Score: 1

      Should I add the annoying behavior of not being able, most of the time, to copy/paste when posting in /. using Chrome?
      ( granted, maybe it's /.'s fault, but is so much easier to shoot at a bigger target. Besides, is not polite to blame the host, is it? ;) )

      --
      Questions raise, answers kill. Raise questions to stay alive.
    4. Re:Chrome #1 by YoungHack · · Score: 1

      I've noticed the copy/paste problem with Chrome as well. Generally speaking I can't copy from gvim and paste in Chrome.

      Strangely, I can copy in gvim, paste in a terminal, then copy from the terminal and paste in Chrome. I have no idea why it takes that indirect process.

    5. Re:Chrome #1 by LingNoi · · Score: 1

      It's because slashdot broke it but they refuse to fix it. Maybe they hate chrome or something...

    6. Re:Chrome #1 by DragonWriter · · Score: 1

      For a product claiming to be "8.x", it sure could use a lot of refinement. [...]

      However, for *actually* only being about 2.0 [...]

      I don't think you understand what version numbers mean.

  3. I just want Google on my check by Deathnerd · · Score: 2

    I don't care how much it's for, because if I ever get a check from Google, it's getting framed. Just sayin.

    1. Re:I just want Google on my check by TafBang · · Score: 2

      I like your style. Perhaps as a Facebook display picture in hopes of getting some "likes" from potential femina mates

    2. Re:I just want Google on my check by martin-boundary · · Score: 1

      *Sigh*, some people would rather have a check from Don Knuth...

    3. Re:I just want Google on my check by mysidia · · Score: 2

      I like your style. Perhaps as a Facebook display picture in hopes of getting some "likes" from potential femina mates

      I am afraid Google would run into the same problems Knuth and others did. When people post images of checks online, various scammers, the scum of the internet, find images of the checks online, make fake checks, or initiate fraudulent ACH transactions.... result: the account has to be closed.

      Remember folks... checks are legal instruments and contain confidential bank account numbers printed on them, which (due to our insecure banking system) can easily be abused by scammers to steal lots of money. Never post an image for public consumption of a check someone else wrote to you.

    4. Re:I just want Google on my check by h4rr4r · · Score: 1

      or just redact the numbers from the image.

    5. Re:I just want Google on my check by mysidia · · Score: 1

      or just redact the numbers from the image.

      Only Slashdot readers can be trusted to redact numbers from images.

      Other people (esp. if they are government employees) will manage to screw up the redaction in some manner that makes the information recoverable

    6. Re:I just want Google on my check by TafBang · · Score: 1

      yeah, I figured the people on here would have enough sense to do that.

    7. Re:I just want Google on my check by Joe+Tie. · · Score: 1

      I used to get android sales pretty consistently, and that was one of the best parts. There's just something kind of cool in checking your balance and seeing daily deposits from google.

      --
      Everything will be taken away from you.
    8. Re:I just want Google on my check by c0lo · · Score: 1

      Remember folks... checks are legal instruments and contain confidential bank account numbers printed on them, which (due to our insecure banking system) can easily be abused by scammers to steal lots of money. Never post an image for public consumption of a check someone else wrote to you.

      Or, at least, not if you care maintaining a good relation with that someone.
      I know, I know, not very moral of me.

      --
      Questions raise, answers kill. Raise questions to stay alive.
    9. Re:I just want Google on my check by c0lo · · Score: 1

      Other people (esp. if they are government employees) will manage to screw up the redaction in some manner that makes the information recoverable

      Not a monopoly of the govt bureacrats, though, even if I admit they excel at it
      Recent history show similar cases with non-govt entities... stop here, I won't name them, don't want flames.

      --
      Questions raise, answers kill. Raise questions to stay alive.
    10. Re:I just want Google on my check by c0lo · · Score: 1

      At this point, I'm pretty happy to have seen a Knuth check in reality. Owning one is a long term career goal.

      While a noble goal, you do remember that ... human are mortals, Knuth is still human... you know how it goes, don't you? Hurry up man, you don't have that much time.

      --
      Questions raise, answers kill. Raise questions to stay alive.
    11. Re:I just want Google on my check by phantomfive · · Score: 1

      Uh.....if you want it that bad, you can just get a job there, you know? I hear they even hire janitors.

      --
      "First they came for the slanderers and i said nothing."
    12. Re:I just want Google on my check by thopkins · · Score: 1

      Their janitors are probably hired indirectly through a contract cleaning company.

    13. Re:I just want Google on my check by DaVince21 · · Score: 1

      You should put it in a chrome frame.

      --
      I am not devoid of humor.
  4. Google won this round... by NFN_NLN · · Score: 4, Insightful

    14K sounds like a pretty good deal for Google. That's less than 2 months of salary for even an intermediate tester.

    1. Re:Google won this round... by Your.Master · · Score: 1

      Less than 2 months intermediate? I'd be surprised if beginning testers cost Google less than $84k/year when you include bonus, stock, benefits, office space, etc..

      Then again, I'd also expect an intermediate tester to get more done than just 13 random bugs being found (1 every 3 work days). But maybe the quality of these 13 bugs is higher than you'd expect out of two months with a tester.

      Then again...again, I expect even without a bounty some of these bugs would have been reported. I wonder to what extent people's behaviour is actually changed by this.

    2. Re:Google won this round... by tyrione · · Score: 1

      Less than 2 months intermediate? I'd be surprised if beginning testers cost Google less than $84k/year when you include bonus, stock, benefits, office space, etc..

      Then again, I'd also expect an intermediate tester to get more done than just 13 random bugs being found (1 every 3 work days). But maybe the quality of these 13 bugs is higher than you'd expect out of two months with a tester.

      Then again...again, I expect even without a bounty some of these bugs would have been reported. I wonder to what extent people's behaviour is actually changed by this.

      If you think an entry tester is getting stock options, at their price, you're nuts. They also aren't getting $84k.

    3. Re:Google won this round... by omglolbah · · Score: 2

      He didnt say they did, he said it could cost -google- that much.

      Office space, benefits and the likes cost quite a lot. Salary is not the only thing an employee costs ;)

    4. Re:Google won this round... by TaoPhoenix · · Score: 1

      He said office space. That includes the portion of the mortgage of that cube. At California rates, that adds up quick. Plus their welcome package includes a Google edition of the dvd for Office Space signed by Ron Livingston.

      --
      My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
  5. I found a bug by Octopuscabbage · · Score: 2

    "Hello google, i found a bug." "Did you fix it?" "Yeah here is 100 man hours of work and 1,000 lines of code" "k, cool, heres $10"

    1. Re:I found a bug by TafBang · · Score: 2

      Sergey is Taking our Jobs

    2. Re:I found a bug by c0lo · · Score: 1

      ;) He can't help: the Russian Mafia has a price on his head, he can no longer sell to them, he needs something to live on ;)

      --
      Questions raise, answers kill. Raise questions to stay alive.
  6. Re:interesting by Tubal-Cain · · Score: 1

    You're on a beta. Mine says 10.0.639.0.

  7. I'll be filing a bug report soon by 93+Escort+Wagon · · Score: 5, Funny

    I've heard that h.264 support is broken in an upcoming release.

    --
    #DeleteChrome
    1. Re:I'll be filing a bug report soon by mysidia · · Score: 1

      I've heard that h.264 support is broken in an upcoming release.

      And what makes this bug security related? :)

    2. Re:I'll be filing a bug report soon by gQuigs · · Score: 1

      Since they haven't removed it yet... it's the worse kind of security risk.. Involving lawyers and patent laws.

    3. Re:I'll be filing a bug report soon by _Sprocket_ · · Score: 2, Insightful

      I've heard that h.264 support is broken in an upcoming release.

      That's a feature.

    4. Re:I'll be filing a bug report soon by jisatsusha · · Score: 1

      It affects the security of MPEG-LA's patent licensing income, obviously.

    5. Re:I'll be filing a bug report soon by tyrione · · Score: 2

      Woosh!

    6. Re:I'll be filing a bug report soon by c0lo · · Score: 1

      I've heard that h.264 support is broken in an upcoming release.

      My bet on Google's answer: "that's not a bug, that's a feature". Would you believe it?

      --
      Questions raise, answers kill. Raise questions to stay alive.
    7. Re:I'll be filing a bug report soon by c0lo · · Score: 1

      No, not broken. Removed. And Microsoft is pissed about it!

      Huh! They should save their mouth-foam for the time YouTube clips will only be available in WebM encoding!

      --
      Questions raise, answers kill. Raise questions to stay alive.
    8. Re:I'll be filing a bug report soon by Peter+Bortas · · Score: 1

      They would be correct, so I'd believe it.

    9. Re:I'll be filing a bug report soon by c0lo · · Score: 1

      They would be correct, so I'd believe it.

      Maybe others would be willing to, but I simply can't argue for the contrary.

      --
      Questions raise, answers kill. Raise questions to stay alive.
    10. Re:I'll be filing a bug report soon by pinkushun · · Score: 1

      If you log a regression bug I will verify it!

    11. Re:I'll be filing a bug report soon by martas · · Score: 2

      That's a whoosh.

      --
      weinersmith
    12. Re:I'll be filing a bug report soon by nawcom · · Score: 1

      You're whooshing a whoosh, yah douche.

    13. Re:I'll be filing a bug report soon by martas · · Score: 1

      Aaah, ok, I get it now. Sorry.

      --
      weinersmith
    14. Re:I'll be filing a bug report soon by tuppe666 · · Score: 1

      I've heard that h.264 support is broken in an upcoming release.

      buy they have improved support for WebM :)

    15. Re:I'll be filing a bug report soon by tuppe666 · · Score: 1

      If you log a regression bug I will verify it!

      I think they will do a quick check to see if Videos still work on youtube and mark it WONTFIX legacy formats not supported.

    16. Re:I'll be filing a bug report soon by _Sprocket_ · · Score: 1

      Humor is a subjective thing. And that was a definite attempt at humor. I like to think that it was a multi-leveled yet minimalistic example of humor. Which is a tricky thing to pull off as those sorts of things can catch people the wrong way. But I thought it was funny. Granted, I'm not an impartial judge.

  8. It's a ploy! by NotQuiteReal · · Score: 1

    To find out who is capable of finding the obvious ploys...

    --
    This issue is a bit more complicated than you think.
  9. One of the best things about Chrome ... by Wrath0fb0b · · Score: 4, Interesting

    Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%). Why can't other applications just keep themselves up to date automatically in that way? It's obviously not technologically impossible, we've seen it happen. Even Windows Update is vaguely alright in this respect once you disable the restart-nagging. Debian systems do fine after a simple 'apt-get update && apt-get upgrade -y' in the root crontab although the GUI will occasionally pester you.

    Firefox has to be the worst offender in this respect, both in terms of actual software upgrades that block the UI and then add-ons that also block the main UI and then spawn a silly splash to inform you of the amazing upgrade rfom 2.1.6 to 2.1.6(b). Unless it requires a change in the terms of the license or more permissions (Android does this nicely), I don't care and I definitely don't need to be interrupted to see it.

    Another free tip for the Mozilla team -- when I open an application is not the time to install any updates. In fact, that is the only time you can be nearly guaranteed that I want to use the application right this second. Schedule updates for when I close the app because it's pretty damn likely I don't need to use it for a few minutes.

    Apple could learn the same thing about their infernal updates too, plus an extra special place in hell for pimping their other software at the same time. I still get calls from my parents "Do I need Safari?", hmm, no just upgrade iTunes when it asks you to. "What about quicktime?". Gah.

     

    1. Re:One of the best things about Chrome ... by BZ · · Score: 4, Informative

      > Schedule updates for when I close the app because it's pretty damn likely I don't need to
      > use it for a few minutes.

      It's not that simple. When you close the app in the case of a web browser, you're most likely shutting your machine down; you don't want to do the update then.

      The only sane way to do it is what Google does: actually replace the binaries in-place as the program runs... We're working on getting there. :)

    2. Re:One of the best things about Chrome ... by dakameleon · · Score: 1

      Some might consider that silent automatic update an issue, especially if the silently updated new version breaks somehow. Corporate IT departments particularly are none too keen on things that go about updating themselves.

      As for your Firefox issue, go to Tools > Options > Advanced > Update and untick automatically update for Add-ons (and probably search engines). There, job done. Yes it isn't the best user interaction decision to update at startup and block the main UI from loading, but it doesn't mean you have to live with it when it clearly ticks you off so much.

      --
      Man who leaps off cliff jumps to conclusion.
    3. Re:One of the best things about Chrome ... by mysidia · · Score: 5, Informative

      Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%).

      Hm.. that idea wouldn't work on any systems I setup.

      Software restriction policy all systems, Policy default: deny.

      Programs can be executed from the default allowed directories. %programfiles% , %systemroot%\system32, etc, and some designated paths for placing executables in manually, in order to install them.

      User profile directories including appdata are specifically excluded, because this is best common practice. Programs/executables don't belong in any user's profile or appdata folder (Especially not in any folder used as a default download directory for saving files or temporary directory used by a mail application for opening attachments in a viewer). Contents of appdata is a data folder, and all of a user's profile are data folders, not program folders.

    4. Re:One of the best things about Chrome ... by Wrath0fb0b · · Score: 2

      As for your Firefox issue, go to Tools > Options > Advanced > Update and untick automatically update for Add-ons (and probably search engines). There, job done. Yes it isn't the best user interaction decision to update at startup and block the main UI from loading, but it doesn't mean you have to live with it when it clearly ticks you off so much.

      So now I have to manually check for updates? And this is your idea of fixing things?

    5. Re:One of the best things about Chrome ... by morgan_greywolf · · Score: 2

      Is that updates take place silently and promptly without any user intervention even on systems with UAC activated (a copy is installed to %appdata%).

      No wonder corporate shops don't allow Chrome.

      --
      My blog
    6. Re:One of the best things about Chrome ... by h4rr4r · · Score: 1

      Replacing files in place is easy, if you use a sane OS.

    7. Re:One of the best things about Chrome ... by icebraining · · Score: 1

      Can you do that on Windows?

      --
      Dilbert RSS feed
    8. Re:One of the best things about Chrome ... by Wrath0fb0b · · Score: 2

      Programs can be executed from the default allowed directories. %programfiles% , %systemroot%\system32, etc, and some designated paths for placing executables in manually, in order to install them.

      When Chrome closes it copies over the %ProgramFiles% version if the user have sufficient privileges to do so. That's the best place for it, but given that NTFS does not allow unlinking an exectuable when it is running, having it in %AppData% for the time being is the next best option.

      User profile directories including appdata are specifically excluded, because this is best common practice. Programs/executables don't belong in any user's profile or appdata folder (Especially not in any folder used as a default download directory for saving files or temporary directory used by a mail application for opening attachments in a viewer). Contents of appdata is a data folder, and all of a user's profile are data folders, not program folders.

      Wait, so if I instruct chrome to download an application, it shouldn't go in $USER/Downloads because executables aren't suppose to be in data folders? To where should setup.exe be downloaded then? In fact, how the heck is any updater supposed to work in this case? Even Firefox downloads an executable to %appdata%\Temp\ and then launches the process.

      What you've described isn't best common practice, it's slavish attention to distinctions that are made for the sake of convenience -- allowing the a particular form to entirely straightjacket the function of software that keeps itself updated.

      What's more, given that placing roadblocks to updating causes a huge decrease in user compliance, it's not even clear that such draconian measures even improve security. Having those 16 browser vulnerabilities patched as promptly as possible is far more important than adhering to whatever practices seem best in the abstract.

      TL;DR: I'm very happy that Google does not adhere to 'best practices' that would result in more people using software with known vulnerabilities for longer.

    9. Re:One of the best things about Chrome ... by Mana+Mana · · Score: 1

      : : it doesn't mean you have to live with it when it clearly ticks you off so much.

      : So now I have to manually check for updates? And this is your idea of fixing things?

      I am the anti-Wrath0fb0b. First thing years ago, I disabled "download & update automatically." I want to know when updates occur; plugins go kaput and such---bad. But that's just me. I have to thank you, I kinda noticed that Chrome updated itself and I didn't know when or if it just my imaginings. Now I know. I would have bought a clue but I can't find more than one useful toggle in the wrench toolbox. And I am a guy that likes Ikebana, wtf. I must need more engine time.

    10. Re:One of the best things about Chrome ... by slimjim8094 · · Score: 1

      User profile directories including appdata are specifically excluded, because this is best common practice. Programs/executables don't belong in any user's profile or appdata folder

      I disagree, though not for Windows. On Linux, it's pretty common practice to install software locally to a user. For example I have a newer version of Python installed on my webserver than the stock, and it's just in my home directory.

      Though I understand that your needs are likely different, I'm just pointing it out.

      --
      I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
    11. Re:One of the best things about Chrome ... by frdmfghtr · · Score: 1

      I was thinking the same thing for my home machine. I consider silent background updates "bad." Only one person should be authorizing software updates--me, and I want to know about it beforehand.

      --
      Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
    12. Re:One of the best things about Chrome ... by uglyduckling · · Score: 1

      Yup, although Chrome seems particularly adept at getting round any corporate restrictions. At the [government institution] where I work, Chrome seems to be on about half the machines, usually installed by users. I'm always grateful to see it as lots of machines seems to still have IE 6 which is getting close to unusable on many web pages.

    13. Re:One of the best things about Chrome ... by willie150 · · Score: 2

      Google released Chrome for Business in the last few months, add that to the policy settings and you're pretty set.

      --
      Better to stay silent, and let people think you're an idiot than to open your mouth and remove all doubt
    14. Re:One of the best things about Chrome ... by master811 · · Score: 1

      No the the installation of Chrome in the %user% folder is an an absolute pain. I'm sure the only reason google did this is to make it easy to install, but that doesn't make it the best place. Programs go in program files/system directories, NOT in userdata. I also hate the fact it doesn't just "update", it creates an entirely new directory everytime for that particular version, so you end up with loads of redundant folders.
       
      No other major app does this, why can google get away with it?

    15. Re:One of the best things about Chrome ... by wumpus188 · · Score: 1

      Sorry, but this is just a lame excuse. OSX allows app to listen for shutdown notifications - just don't do an update if your app is terminating because of system shutdown. I'm sure Windows and KDE/Gnome have similar mechanisms.

    16. Re:One of the best things about Chrome ... by moonbender · · Score: 1

      Sure, but if you take more than a couple of seconds, Windows will assume the program isn't cooperating and offer to kill it. Which could be nasty when it happens during an update.

      --
      Switch back to Slashdot's D1 system.
    17. Re:One of the best things about Chrome ... by BZ · · Score: 1

      Right, but then you'll never update for many users (who _only_ shut down their browser when shutting down the OS), which negates the whole point.

    18. Re:One of the best things about Chrome ... by BZ · · Score: 1

      Well, the hard part is to make sure things keep working after you did the replace. In particular, the ideal is that if an update comes out the browser updates itself and the next tab you open gets the updated renderer process (while the existing tabs still have the old renderer process). If you have to update the UI process, then you obviously have to do something slightly different.

    19. Re:One of the best things about Chrome ... by BZ · · Score: 1

      Yes, if you're careful enough. You can't write over the existing file, but you can create a new file, start using it, then make a copy once the old file is unused.

    20. Re:One of the best things about Chrome ... by Alrescha · · Score: 1

      "One of the best things about Chrome is that updates take place silently and promptly without any user intervention"

      You like having a rogue process running as root on your machine? I consider it the worst thing about Chrome. The first thing I dig out and kill after I install Chrome is Google Software Update.

      http://www.wired.com/epicenter/2009/02/why-googles-sof/

      A.

      --
      ...bringing you cynical quips since 1998
    21. Re:One of the best things about Chrome ... by RebelWebmaster · · Score: 1

      In Firefox 4, add-on updates now install silently instead of prompting on startup.

    22. Re:One of the best things about Chrome ... by zaphirplane · · Score: 1

      what I know about win32 api, can fit on a post-it-note with space for a doodle, but I read somewhere that an app can veto a system shutdown, I would assume someone doing an update on app shutdown, would veto the system shutdown.

    23. Re:One of the best things about Chrome ... by n0-0p · · Score: 2

      If you don't like the single user version then install the system-wide version from the google pack. And it doesn't leave past versions around; it leaves exactly one previous version when it's updating because it uses differential compression against the old version and falls back to the previous version if the update failed.

    24. Re:One of the best things about Chrome ... by tepples · · Score: 1

      I read somewhere that an app can veto a system shutdown

      An application can veto an interactive system shutdown, but apps don't seem to be able to veto the automatic restart after a Patch Tuesday update.

    25. Re:One of the best things about Chrome ... by tepples · · Score: 1

      In fact, how the heck is any updater supposed to work in this case?

      By being run as administrator.

    26. Re:One of the best things about Chrome ... by tepples · · Score: 2

      Programs can be executed from the default allowed directories. %programfiles% , %systemroot%\system32, etc, and some designated paths for placing executables in manually

      Then what is the procedure for a user to request that a program's installer be placed into one of these "designated paths for placing executables in manually"?

    27. Re:One of the best things about Chrome ... by pete_norm · · Score: 1

      That's what portable apps are for. No installation rights, no problems!

    28. Re:One of the best things about Chrome ... by mysidia · · Score: 1

      Then what is the procedure for a user to request that a program's installer be placed into one of these "designated paths for placing executables in manually"?

      Assuming the user is authorized to install software, they open explorer, navigate to the file they downloaded (or their USB drive/external media), CUT/COPY the File, navigate to the installation files directory, and PASTE the file, then run the file.

    29. Re:One of the best things about Chrome ... by tepples · · Score: 1

      Assuming the user is authorized to install software

      Then I guess I should have phrased the question as follows: What is the procedure for a user to request authorization to install a given piece of software? Can a single procedure scale to homes, small businesses, and large businesses? How does the procedure change for people who create software?

    30. Re:One of the best things about Chrome ... by mysidia · · Score: 1

      Then I guess I should have phrased the question as follows: What is the procedure for a user to request authorization to install a given piece of software?

      Well, that will depend on who owns the system and who they want installing things on their computer.

      For enterprises, that will generally include the system administrators, and people who have been trained and shown competence/understanding in the company's security policies and any special compliance requirements to make a decision to accept a user's request to install something, and in some cases, that might require business management involvement. The procedure will probably depend on whether the software came from, and if the company purchased it, or if this is some freebie download of limited value as far as the company is concerned.

      For homes, someone or some people will make decisions about what software to be installed; when those who own the machine agree, or agree on the requirements/criteria prior to running a program, and those requirements are followed, then install gets authorized.

      That's a question of not only security, but also consumption of shared resources (especially for resident background applications/system tray apps that all users will have to put up with); then there are network resources, which apps such as BitTorrent can chew up.

      For third parties using a machine someone else owns, it's up to the owner to specify the conditions, and whether/not they will authorize introducing or updating software; to make a rational decision they have to be informed of any negative side effects to them -- benefits to other people are most likely secondary.

      In home environments at least, the 'install directory' may be just open to all users. This still provides a security benefit, and is what I would normally do, however, in that you can be sure explicit action will be required to run an installer program.

      In an enterprise environment, the 'install directory' might be read-only to all users except admins and power users who have adequate training and familiarity with the security policies.

      It's soft security, because anyone who knows what subdirectory to put the the file under can still run programs. But all software restriction policies based on this method are soft security; someone with physical access can use a boot CD and run any program they want (even against policy).

      So software restriction is just a second line of defense (after user avoidance of downloading harmful software), really.

      Many malware programs are introduced through accidental downloads or accidental program execution, when the user did not even intend to install anything. So when specific deliberate action is required, mistakes are less likely. Safety nets are useful.

      No e-mailed virus is going to tell you "OK, right click the attachment; click save" Now open explorer, copy that file C:\FAMILYNAMEHERE\CustomPrograms\InstallerFiles

      Press F2, rename x.zip to x.exe, now double click, and you will see the instructions to receive your million $$.

      Realistically, the only way software restriction will be defeated on a workstation is (1) intentional actor with legitimate login access or (2) vulnerability in e-mail or browser allowing exploit code to run malicious payload inside the application software; however, developing a malicious payload able to defeat policy and deploy software once the browser has been closed [across user sessions] could be quite a challenge.

      Software restrict is a non-default config, so most malware (targetting naive users in unmanaged environmens) will not be taylored for that.

      Also, the vast majority of malware relies on user error (which setting defaults do not mitigate), or exploits that simply will not work if programs in the browser/Adobe downloads/cache file directories cannot be executed.

    31. Re:One of the best things about Chrome ... by mysidia · · Score: 1

      given that NTFS does not allow unlinking an exectuable when it is running, having it in %AppData% for the time being is the next best option.

      No.. a next best option is versioning the program executable. Possibly launching the current version (real executable) from a "stub"/launcher executable that rarely/never changes.

      Wait, so if I instruct chrome to download an application, it shouldn't go in $USER/Downloads because executables aren't suppose to be in data folders?

      It is expected to be saved in Downloads like other downloads, but not to be executable from a data directory.

      In fact, how the heck is any updater supposed to work in this case?

      By downloading the file and telling the user they need to run it.

      Or by allowing the user to specify a working directory that should be used for deploying the updates, rather than just assuming that their roaming profile directory is an OKAY place to stash program files.

      Even Firefox downloads an executable to %appdata%\Temp\ and then launches the process.

      Then Firefox's updater is broken, if it did not prompt the user to choose this path as working directory for update deployment.

      What you've described isn't best common practice, it's slavish attention to distinctions that are made for the sake of convenience

      Actually, it is enforcement of distinctions, that when not made create an unnecessary risk.

      What's more, given that placing roadblocks to updating causes a huge decrease in user compliance, it's not even clear that such draconian measures even improve security. Having those 16 browser vulnerabilities patched as promptly as possible is far more important than adhering to whatever practices seem best in the abstract.

      Actually: it is not clear that it is better to have those 16 security patches, than it is to have a strategy to mitigate the risk at a lower level.

      It just takes ONE security vulnerability to result in compromise; nobody can really ever update fast enough to never be vulnerable. Some of the most widely exploited vulnerabilities were 0day and widely exploited before a patch was available.

      Sufficiently thorough mitigation methods can mean that instead of being exploited by the 1 security vulnerability that you haven't patched yet, the vulnerability IS exploited, but the isolation / code execution prevention technique reduces the damage and compromise done by the exploit to (essentially) zero.

    32. Re:One of the best things about Chrome ... by mysidia · · Score: 1

      I disagree, though not for Windows. On Linux, it's pretty common practice to install software locally to a user. For example I have a newer version of Python installed on my webserver than the stock, and it's just in my home directory.

      You might not favor the practice for your own reasons, you may even have extenuating circumstances that indicate the practice should not be undertaken.

      It is best common practice to have separate filesystems for various labels, and among them /home, /var, and /tmp.

      It is best common practice for /home /var /tmp and similar filesystems to be mounted noexec and nosuid.

      If users are to be authorized to install software, that might be a justifiable reason to provide them access to a filesystem that's not noexec.

      However, on other large unix systems where users are only expected to run software installed by a sysadmin (small allowance of disk space, etc), the ability to execute programs presents huge unnecessary risks.

    33. Re:One of the best things about Chrome ... by Wrath0fb0b · · Score: 1

      Your proposals are all technologically sound but, with all due respect, socially retarded. This is what I tried (and failed, apparently) to emphasize in my original reply: security protocols must respect the limits of user compliance and attempt to balance technological requirement with user tolerance for extra procedures. You appear to be evaluating 'best practices' from the point of view of assured user compliance instead of trying to find the set of practices that will actually result in the greatest security given the probable behavior of users when confronted with such a system.

      Certainly requiring users to input a folder for what is essentially a disposable updater executable, then manually hunt that executable down, then run it with the appropriate privileges is going to reduce user compliance by a huge factor. Requiring users to copy newly downloaded applications from $USER/downloads to some other arbitrary directory before executing them is far more likely to yield Google searches on how to disable this draconian restriction than to enhance security in any meaningful way (for animated bunny screensaver, copy this to $USER/safe and double click!).

  10. Re:interesting by biryokumaru · · Score: 4, Funny

    My Chrome goes to 11.

    --
    When you're afraid to download music illegally in your own home, then the terrorists have won!
  11. Re:Wait a minute... by biryokumaru · · Score: 1

    Um, did you read the summary? They paid that Sergey guy OVER 9000!!1

    --
    When you're afraid to download music illegally in your own home, then the terrorists have won!
  12. Re:Wait a minute... by russotto · · Score: 4, Funny

    3,133.7?

    Looks suspiciously like 'leet to me.

    Way to spot 'em, Captain Obvious.

  13. Re:Have they fixed h.264? by mswhippingboy · · Score: 2

    Yea, they fixed it alright. They got rid of it.

    http://www.pcmag.com/article2/0,2817,2375719,00.asp

    --
    Sometimes the light at the end of the tunnel is the headlight of an oncoming train.
  14. Security relation direct by SuperKendall · · Score: 1

    And what makes this bug security related? :)

    Because the reality is that with h.264 support out, rather than double up all encoding efforts for WebM sites will simply make Chrome use Flash players with h.264 videos.

    Have you SEEN the security advisories around Flash?

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  15. You gotta be kidding me. by Brannon · · Score: 2

    It's just a company, dude.

  16. Why the meager sum? by iamacat · · Score: 1

    Certainly having a trouble free product is worth more than 10% of developer salary to google?

  17. Re:interesting by Seumas · · Score: 1

    Well, considering Chrome 1.0 was just released two years ago, we'll be on Chrome 12x by the end of the year.

  18. A much better idea by Troll-Under-D'Bridge · · Score: 1

    Why not just scan it? Then you can frame the print out (hell, you can even print 10x larger), and mail the check to me. That way we both win. Google on your wall. Money in my pocket.

  19. At close is worse by r00t · · Score: 1

    If I'm closing the browser, that probably means my battery is dying. My UPS is doing the extra-fast beeping that happens right before it cuts out.

    That would be the absolute worst time to update. The power will cut out right in the middle of the update. Few software projects can reliably avoid self-corruption when that happens.

  20. Still no bookmark separators by satan666 · · Score: 1

    Firefox has very nice bookmark separators which can keep groups of bookmarks nicely together.

    However, Google has been stubborn as hell over this. They will not create bookmark separators.

    I bet all techies and hardcore web users will not switch to Chrome over this. People on the web are
    saying as much.

    It is amazing that they are so adamant over this one feature. You know, I don't like that attitude.

    Later Chrome...

  21. Re:Supporting Chrome is moving back standards by dalmor · · Score: 2

    I posted this URL in another thread, but it is a great view of the whole video format "war" going on.

    Even with chrome supporting h.264, in order to get maximum compatibility for video playback across all browsers(let's not leave out Android and Iphone), you still need to have the video in all 3 formats(below is copy/pasted from the site). Chrome isn't going "backwards" compared to where it stands now, unless you prefer having site visitors standardize on a set of browsers, in which case I can't argue with that:

          For maximum compatibility, here’s what your video workflow will look like:
                1. Make one version that uses WebM (VP8 + Vorbis).
                2. Make another version that uses H.264 baseline video and AAC “low complexity” audio in an MP4 container.
                3. Make another version that uses Theora video and Vorbis audio in an Ogg container.
                4. Link to all three video files from a single element, and fall back to a Flash-based video player.

    http://www.diveintohtml5.org/video.html

  22. Re:Wait a minute... by pinkushun · · Score: 1

    It's even color-coded on the Chrome release blog.

  23. Talk about cheap labor... by Kenwoodism · · Score: 1

    You know, for a company with a total equity of US $36.004 billion (2009) the sum of $14,000 being spent to improve their product doesn't seem that good of a deal for the people doing the work...

    1. Re:Talk about cheap labor... by LingNoi · · Score: 1

      It's not meant to be a salary, it's a reward. Some researchers don't even take the money.

      Why not rip on Microsoft for not even offering a bounty rather then look a gift horse in the mouth?

    2. Re:Talk about cheap labor... by DragonWriter · · Score: 1

      You know, for a company with a total equity of US $36.004 billion (2009) the sum of $14,000 being spent to improve their product doesn't seem that good of a deal for the people doing the work...

      They are spending a lot more than that to improve their product -- they do have paid development staff. These are "thank yous" in cash form awarded after the fact to people who have, on their own, reported problems.

      Many companies don't reward people for reporting problems with their product at all.

  24. Re:Fifteen enormous black gay cocks reaming timoth by ciderbrew · · Score: 1

    Depends, Canine Age 3 = Human Age 28 Years. You didn't state species :)

  25. Nested tree tabs? by js_sebastian · · Score: 1

    For a product claiming to be "8.x", it sure could use a lot of refinement. They haven't accomplished anything special with the tab interface (the biggest reason I can't adopt it for primary use -- I need Panorama and if not that, at least vertical nested tree tabs).

    ..ouch, my mind hurts!

  26. Re:Have they fixed h.264? by LingNoi · · Score: 1

    Firefox and Opera don't support h264 either, why hate just on Google? and if you really cared about choice you'd be ranting on Microsoft for not supporting WebM in IE9. Yay more IE hacks! Guess you're not a web developer..

  27. Re:Supporting Chrome is moving back standards by LingNoi · · Score: 1

    At least h.264 has a much wider range of companies backing and directing it.

    Like who? Apple and Microsoft?

    What about Firefox and Opera. That's three against two right there that are backing it.

  28. Maximum Reward by Illicon · · Score: 1

    They should have made the maximum reward $1337.

  29. Re:Supporting Chrome is moving back standards by tuppe666 · · Score: 1

    You have locked your self into the Apple walled garden didn't you. Personally next month I will be watching WebM videos on youtube through firefox :).

  30. Re:interesting by natehoy · · Score: 1

    For an extra $5,000 I'll give you one that goes to 12.

    --
    "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  31. Re:Supporting Chrome is moving back standards by tuppe666 · · Score: 1
    You are implying that evolution should stop. If this generation of codecs is superseded...and these are already appearing. Your implying those shouldn't be used.

    Your implying that Apple and Microsoft wouldn't simply support WebM. Where are the announcement "More the Merrier". Its not like there is not more than one language in the world ;). They don't and we both know why and the reasons stink!

    I'll use flash for my HTML4 needs and look forward to WebM for my HTML5 and web developers who don't support this will not be getting my page views. I also look forward to better...and hopefully truly open video codecs in the future.

  32. Re:Supporting Chrome is moving back standards by tuppe666 · · Score: 1

    Firefox and Opera not only are supporting it. Opera is the one who originally suggested the tag, and simply cannot afford the implementation that Apple, Microsoft are forcing on the world. Thank goodness there is a real alternative.

  33. Re:Supporting Chrome is moving back standards by LingNoi · · Score: 1

    Firefox and Opera are NOT supporting h264 in the video tag.

    Mozilla’s Robert O’Callahan wrote a big “Thanks Google!” on his blog and said that he is “surprised” and “delighted” that Google has made that decisions. “Incidentally, it’s also a good day for us at Mozilla: the pressure that was building on us to support H.264 should ease off considerably,” he wrote

    http://www.conceivablytech.com/5155/business/mozilla-celebrates-google-webm-delays-firefox-4-beta-9/

    Also Opera's support for h264 has nothing to do with money.

    Thomas Ford, Senior Communications Manager, Opera, told Muktware, "Actually, Opera has never supported H.264. We have always chosen to support open formats like Ogg Theora and WebM.

    http://www.muktware.com/n/12/2011/661

  34. Re:Have they fixed h.264? by tuppe666 · · Score: 1

    I prefer that as my video playback of choice. I don't want want the sub par solution.

    And Google have chosen their video playback of choice, and said why. Personally I'm looking forward to all those small commercial Videos we can see on the net now they have a real choice. I'm looking forward to all the tools that are already appearing that are able to support WebM simply because the cost(nothing in every way) from Major browsers to small hardware & software companies. Thank goodness they are offered a real choice

    I look forward to the improved WebM2.0 and WebM3.0 as work is undoubtedly containing in and outside goodle on this current gen codec we have already seen innovation in it being used for still images. I look forward to it being used in video chat/Game recording.

    I look forward to new patent unencumbered Video and Audio Codecs appearing on the landscape and those being used as well.

  35. Wrong, here is workflow that will be used. by SuperKendall · · Score: 1

    For maximum compatibility, here’s what your video workflow will look like:

    Companies are not going to go for maximum compatibility that costs too much. They are going to go for the maximum compatibility at minimum cost. So let's revise your workflow to predict what will really happen:

                            1. Make a version that uses H.264 baseline video and AAC “low complexity” audio in an MP4 container.
                            2. Link to all three video files from a single element, and fall back to a Flash-based video player.

    This workflow supports as many systems and browsers as yours does, at half the storage space and half the encoding time.

    Convince me. Why would anyone convert to WebM when they can just play h.264 in a flash player on Chrome or any other browser that doesn't support h.264 directly?

    Remember that Google controls Flash, because the whole chain of events pushes more use of flash players they have zero incentive to remove h.264 support from Flash.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
    1. Re:Wrong, here is workflow that will be used. by dalmor · · Score: 1

      Heh, your a shoot the messenger kind of guy(i.e. a lot of "you" and "your"). As I mentioned to begin with, I was just copying from another page I didn't write. Relax, this IS the internet afterall...but on to my real response.

      I guess the iPhone is the deciding factor to use H.264, since Android can use flash. So while my "math" may have been wrong, it still reaches the same conclusion: Chrome switching is not a game changer.

    2. Re:Wrong, here is workflow that will be used. by SuperKendall · · Score: 1

      It is a game changer for the video tag (not for h.264). The video tag was gaining traction, but that will go away now... I personally don't care what codec gains prominence, I'm just annoyed that we are devolving back into a world where all desktop video comes through a Flash player.

      --
      "There is more worth loving than we have strength to love." - Brian Jay Stanley
  36. Right, and that means flash players everywhere by SuperKendall · · Score: 1

    H264 may have much wider backing in some fields but that's just not visible in the browser usage share: After Googles decision I guess around 1% of the browsing happens on a browser capable of HTML5 + H.264.

    The direct result of that is zero adoption of the HTML5 video tag. There is no game afoot; the game is over, Google took the ball home.

    When you can just wrap h.264 video in a Flash player for computers and thus support iOS devices and all browsers with one file, why would you do ANYTHING else?

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  37. Re:Supporting Chrome is moving back standards by SuperKendall · · Score: 1

    Nope, you'll be using a Flash player just like everyone else.

    There is no "walled garden" on the desktop, just a browser intelligent enough to support a full complement of standards (I can play WebM through Quicktime with a plugin).

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  38. Chrome release schedule by DragonWriter · · Score: 1

    They're doing two releases a quarter

    I'm pretty sure the announced release schedule is one release every six weeks (which is 2 in 12 weeks), which is a little faster than 2/quarter (which is 2 in 13 weeks.)

  39. King Koopa by tepples · · Score: 1

    to be honest it can wait till i feel like my computer can be on while the bowser is closed; as rare as that be
    i dont see a problem as long as its not months behind

    Bowser? Then maybe Chrome can update itself while you play Wii.

  40. Re:Supporting Chrome is moving back standards by dalmor · · Score: 1

    Your implication of my "implying" is wrong :)

    I am SAYING as it currently stands(not the direction it is going), there is a lot of diversity in what it supported. As it stands, Google is not changing the landscape just because they are a big name,Firefox and Opera currently do not and will not support it which a LOT of people use.

  41. Workaround: Open comment in a new tab by tepples · · Score: 1

    Pasting into a textarea on a "/comments.pl" page works more often than pasting into a textarea on a "/story/" page. Try opening the comment to which you want to reply (e.g. #34876160) in a new tab and clicking "Reply to This" there.

    Pasting into an empty textarea is also more reliable. If you can't use the first workaround because you're trying to add a top-level comment, it might even work to paste from gvim, gedit, etc. if the textarea is empty.

  42. Re:Supporting Chrome is moving back standards by tepples · · Score: 1

    Step 2 of your proposed workflow requires affording the H.264 encoder and streaming licenses.* How should a typical ad-supported web site afford these?

    * Or mass emigration.

  43. Re:Supporting Chrome is moving back standards by dalmor · · Score: 1

    Wrong.

    First, for streaming. It was extended to 2015 for free streaming if the site was offering free videos to the end user. That has even more recently been extended indefinitely: http://www.appleinsider.com/articles/10/08/26/apple_supported_h_264_standard_gains_free_license_for_internet_video_use.html

    Second, sites doesn't pay for H.264 licenses to encode. They would have to pay IF they are building their own encoders. Sites would normally have to pay for the encoder themselves, like any other regular commercial software. The software encoders are the one who has to pay the fee. If you still want to go on about sites paying...you can probably find "free" software to get past paying and truely solve your price problem :)

  44. Re:Supporting Chrome is moving back standards by tepples · · Score: 1

    It was extended to 2015 for free streaming if the site was offering free videos to the end user.

    Is it still considered "free" if it's ad-supported? Or in the case of a low-volume local business selling local-interest videos to local customers, is there a prohibitive minimum annual royalty per firm?

    Sites would normally have to pay for the encoder themselves, like any other regular commercial software.

    And how much does a good one of these cost?

  45. Re:Supporting Chrome is moving back standards by dalmor · · Score: 1

    Is it still considered "free" if it's ad-supported?

    Yes.

    Or in the case of a low-volume local business selling local-interest videos to local customers, is there a prohibitive minimum annual royalty per firm?

    And how much does a good one of these cost?

    Dude, using questions to bring in doubt and uncertainty is no way to debate. Questions should only be used if your trying to gauge someone else's POV(or you are trying to win over an audience, in which case kudos).

    Regardless, I will leave this questions up to you to discover.