Google Chrome Developers On Browser Security 61
CowboyRobot writes "Developers of Google's Chrome browser have spoken up in an article describing their approach to keeping the browser secure, focusing on minimizing the frequency, duration, and severity of exposure. One tool Chrome uses is a recently open-sourced update distribution application called 'Omaha.' 'Omaha automatically checks for software updates every five hours. When a new update is available, a fraction of clients are told about it, based on a probability set by the team. This probability lets the team verify the quality of the release before informing all clients.'"
Beta testers (Score:4, Insightful)
So basically, they're getting a random sample of their user base to beta test updates in the wild for them. I hope there's some kind of warning about this while using it.
Re:Beta testers (Score:2, Insightful)
I wish more companies would do this with patches. Historically, some non-trivial percentage of all patches (to some OS or software) also caused a new bug under some small percentage (like 10%) of the possible software configurations out there. It's better to patch, cause issues, and roll back on a few thousand users than a few hundred thousand. A week later, the quality for all users is the same.
Glass ($halfEmpty != $halfFull) (Score:4, Insightful)
Any time you release a new version of software, there's an increased likelihood that there will be unforeseen bugs not specifically tested for. You can test tell you're blue in the face, but no matter how you look at it, real-life is the real test.
And it's not just bugs. Even when things are working exactly to plan, you don't necessarily want to roll it out everywhere all at once.A good example is our password-change policy - we now require periodic changes in passwords. When we did this, requiring everybody to change their password, we did it "gracefully" over a month's time so that the help desk wouldn't be overwhelmed by idiots who don't understand the idea of changing their password.
It's pretty sad that something so simple would cause people to freak out, but it does, and that's just humanity. Get over it, already. People are people, and it's easier to spread the work out over a period of time rather than just beat yourself up all at once.
Gradual roll-out is a *good thing* unless it's a terrible security issue that must be addressed immediately.
Re:Russian Roulette Anyone? (Score:3, Insightful)
Google - nicer than most of those other bastards.