Saturday, March 23, 2013

[Gd] Testing on the Toilet: Testing State vs. Testing Interactions

| More

Google Testing Blog: Testing on the Toilet: Testing State vs. Testing Interactions

By Andrew Trenk

This article was adapted from a Google Testing on the Toilet (TotT) episode. You can download a printer-friendly version of this TotT episode and post it in your office.


There are typically two ways a unit test can verify that the code under test is working properly: by testing state or by testing interactions. What’s the difference between these?

Testing state means you're verifying that the code under test returns the right results.


public void testSortNumbers() {
NumberSorter numberSorter = new NumberSorter(quicksort, bubbleSort);
// Verify that the returned list is sorted. It doesn't matter which sorting
// algorithm is used, as long as the right result is returned.

assertEquals(
new ArrayList(1, 2, 3),
numberSorter.sortNumbers(new ArrayList(3, 1, 2)));
}

Testing interactions means you're verifying that the code under test calls certain methods properly.


public void testSortNumbers_quicksortIsUsed() {
// Pass in mocks to the class and call the method under test.
NumberSorter numberSorter = new NumberSorter(mockQuicksort, mockBubbleSort);
numberSorter.sortNumbers(new ArrayList(3, 1, 2));
// Verify that numberSorter.sortNumbers() used quicksort. The test should
// fail if mockQuicksort.sort() is never called or if it's called with the
// wrong arguments (e.g. if mockBubbleSort is used to sort the numbers).

verify(mockQuicksort).sort(new ArrayList(3, 1, 2));
}

The second test may result in good code coverage, but it doesn't tell you whether sorting works properly, only that quicksort.sort() was called. Just because a test that uses interactions is passing doesn't mean the code is working properly. This is why in most cases, you want to test state, not interactions.

In general, interactions should be tested when correctness doesn't just depend on what the code's output is, but also how the output is determined. In the above example, you would only want to test interactions in addition to testing state if it's important that quicksort is used (e.g. the method would run too slowly with a different sorting algorithm), otherwise the test using interactions is unnecessary.

What are some other examples of cases where you want to test interactions?

- The code under test calls a method where differences in the number or order of calls would cause undesired behavior, such as side effects (e.g. you only want one email to be sent), latency (e.g. you only want a certain number of disk reads to occur) or multithreading issues (e.g. your code will deadlock if it calls some methods in the wrong order). Testing interactions ensures that your tests will fail if these methods aren't called properly.

- You're testing a UI where the rendering details of the UI are abstracted away from the UI logic (e.g. using MVC or MVP). In tests for your controller/presenter, you only care that a certain method of the view was called, not what was actually rendered, so you can test interactions with the view. Similarly, when testing the view, you can test interactions with the controller/presenter.

URL: http://googletesting.blogspot.com/2013/03/testing-on-toilet-testing-state-vs.html

[Gd] Nominations are now open for OpenSocial Community Board Members

| More

OpenSocial API Blog: Nominations are now open for OpenSocial Community Board Members

We are pleased to announce that the nominations for the Community Elected Board seat are now Open! The nomination period will run from March 22, 2013 through April 5, 2013. To nominate yourself for the board, simply email officers@opensocial.org with you name, company/project affiliation, and desire to be on the board.

Anyone OpenSocial member is able to serve on the board. The only requirement to nominate or hold the position is that you must be a member of the OpenSocial Foundation. There are no membership fees to join OpenSocial. All you need to do is fill out a simple on-line membership application.
URL: http://blog.opensocial.org/2013/03/nominations-are-now-open-for-opensocial.html

Friday, March 22, 2013

[Gd] Dev Channel Update for Chrome OS

| More

Chrome Releases: Dev Channel Update for Chrome OS


The Dev channel has been updated to 27.0.1446.5 (Platform version: 3881.4.0/3881.3.0 for chromebox) for all Chrome OS devices. This build contains a number of stability fixes and feature enhancements.

Release Highlights:

  • New Pepper Flash update to version 11.7.700.141
  • Improvements in file folder navigation
  • Launcher menu improvements
  • Video play improvements/fixes
  • Improved notifications
  • Fixed enable/disable flags (181331)
  • Fixed VPN connections (181655)

Known issues:
  • Switch window key (F5) not working. (174035)

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Josafat Garcia
Google Chrome

URL: http://googlechromereleases.blogspot.com/2013/03/dev-channel-update-for-chrome-os_21.html

[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update


The Dev channel has been updated to 27.0.1448.0 for Mac, Windows, Linux, and Chrome Frame

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how.

If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/03/dev-channel-update_21.html

[Gd] Chrome Beta for Android

| More

Chrome Releases: Chrome Beta for Android

Chrome Beta for Android has been updated to 26.0.1410.40. This release contains a few new fixes including:
  • 181706 - Autofill and Password are enabled by default on upgrading to M26 when user has 'Sync everything' unchecked on M25
  • Crash fixes
Key known issues:
  • 189938 - 'BEST OF YOUTUBE' videos text for all categories chopped off
  • 189165 - Inline styling within a contenteditable element triggers disambiguation popup
  • Occasional crashes and ANRs
A partial list of changes in this build is available in the SVN revision log. If you find a new issue, please let us know by filing a bug. More information about Chrome for Android is available on the Chrome site.

Jason Kersey
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/03/chrome-beta-for-android.html

[Gd] Beta Channel Update for Chrome OS

| More

Chrome Releases: Beta Channel Update for Chrome OS

The Beta channel has been updated to 26.0.1410.40 (Platform version: 3701.62.0) for all Chromebooks. This build contains a number of stability, performance and security improvements and bug fixes.

If you find new issues, please let us know by visiting our help site or filing a bug. Interested in switching channels? Find out how. You can submit feedback using ‘Report an issue...’ in the Chrome menu (3 horizontal bars in the upper right corner of the browser).

Ben Henry
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/03/beta-channel-update-for-chrome-os_20.html

[Gd] Beta Channel Update

| More

Chrome Releases: Beta Channel Update

The Beta channel has been updated to 26.0.1410.40 for Windows, Mac, Linux, and Chrome Frame. This build contains the following:
  • Fixed stability crashes. [Issues: 166397, 172319, 189889, 180445]
  • Fixed sign-in issue in Incognito session. [Issue: 180183]
  • Fixed shortcut issue in enterprise. [Issue: 174465]
  • Fixed floppy drive issue. [Issue: 173953]
  • Fixed bug where extension popups would not properly receive input focus when first shown. [Issue: 122352]
  • Fixed views omnibox unfocused double-click behavior. [Issue: 165873]
  • Show strings in content settings bubble when access to cookies is allowed. [Issue: 181172]
  • Fixed recently closed multiple tabs regression. [Issue: 179697]
Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug.

Dharani Govindan
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/03/beta-channel-update_20.html

[Gd] Fridaygram: art project expands, tweeting in tongues, speaking to movies

| More

Google Developers Blog: Fridaygram: art project expands, tweeting in tongues, speaking to movies

Author PhotoBy Scott Knaster, Google Developers Blog Editor

We posted once before about the Google Art Project, a very cool endeavor to make museum art available online to people around the world. We’re writing about it again today because the project has just expanded to include a bunch of great new stuff, including ancient works, contemporary art, and even urban art.



Highlights of the newly added works include hundreds of photos from highly regarded photographers, centuries-old maps, and historical documents. You can spend hours exploring museums from more than 40 countries while you sit in the park with your laptop.

Speaking of traveling without actually moving, a researcher has used public Twitter data to study the use of human languages in various places around the world. Researcher Delia Mocanu and her team studied languages from tweets sent in New York City and used the data to map neighborhoods by language use. In some cases, the secondary language used in a neighborhood matched the language spoken by original residents decades or even hundreds of years earlier. That’s even before Twitter existed.

Finally, when you’re done looking at art and learning about world language use, you can spend some time this weekend with Chrome’s new Peanut Gallery. This project uses Chrome’s voice recognition technology to let you add title cards to old silent films. It’s completely for fun – enjoy!


Get your API info and meaty technical details earlier in the week, because on Friday it’s all for fun: science, the humanities, and just general nerdiness.
URL: http://googledevelopers.blogspot.com/2013/03/fridaygram-art-project-expands-tweeting.html

[Gd] SiteGround, IISpeed and Google Chrome make the web faster with PageSpeed

| More

Google Developers Blog: SiteGround, IISpeed and Google Chrome make the web faster with PageSpeed

Author PhotoBy Ilya Grigorik, Developer Advocate and Web Performance Engineer

At Google we want the whole web to be faster, and there is no better way to achieve this goal than through helping our partners, both commercial and open-source, to deliver web optimization products to their users and clients. The PageSpeed Optimization Libraries, which are developed as part of our Make the Web Faster initiative, are a cornerstone of this strategy, enabling a growing list of products and integrations, developed both inside and outside Google.

SiteGround, a popular web hosting provider, announced mod_pagespeed support to their customers: "SuperCacher plugin is the first and only plugin that fully integrates Google’s mod_pagespeed with cPanel. Simply put, mod_pagespeed speeds up your site and reduces page load time automatically, with no additional knowledge required on the users’ side. It also optimizes your website for mobile view and for better browser rendering."

SiteGround PageSpeed control panel

With SiteGround, you can enable PageSpeed optimizations on your site with one click. Then, you can hand-tune and configure your site to match your specific needs through advanced customizations provided by mod_pagespeed.

However, that’s not all. The portfolio of PageSpeed integrations continues to expand:
  • The We-AMP team has announced a beta release of IISpeed, which enables PageSpeed web content optimization within the Microsoft IIS web server. "IIS and ASP.NET are very popular technologies on the web, powering millions of websites, and we are excited to bring the full power of PageSpeed optimization to the Windows platform," said Otto van der Schaaf and Kees Spoelstra.
  • Thanks to open-source contributions, mod_pagespeed is now integrated with CPanel and WHM, an easy-to-use server control and management panel for web hosts and website owners.
  • Google Chrome has adapted PageSpeed to power the recently announced Chrome data compression proxy, which significantly reduces data usage and speeds up page load times on cellular networks.
To find out how to leverage PageSpeed on your site or service, or how to integrate the open source PageSpeed Optimization Libraries into your own product, visit the PageSpeed site.


Ilya Grigorik is a Developer Advocate and Web Performance Engineer at Make the Web Faster.

Posted by Scott Knaster, Editor
URL: http://googledevelopers.blogspot.com/2013/03/siteground-iispeed-and-google-chrome.html

Thursday, March 21, 2013

[Gd] Discover Chrome DevTools - Our new interactive course

| More

Chromium Blog: Discover Chrome DevTools - Our new interactive course

Today, we are launching Discover DevTools, an interactive Code School training course that will teach you how to take advantage of Chrome DevTool's powerful suite of resources and speed up the development and debugging of your web apps.
   
In each of the seven chapters of this interactive course, you can watch an overview video teaching you the latest techniques, and follow a series of challenges where your knowledge will be put to the test. We've integrated the Chrome DevTools themselves into the course, so as you explore the functionality within them, you'll get immediate feedback and earn points and badges.

Even regular users of the Chrome DevTools may be surprised to find some lesser-known features from this course that can really boost productivity. You'll learn a debugging workflow to go from an uncaught exception to a live fix without ever refreshing your app. In addition, the course will share time-saving tricks to improve your efficiency while debugging CSS, improving reflow issues, and interpreting your network and JavaScript bottlenecks. You'll also uncover the DOM bottlenecks that are blocking you from delivering a slick 60 FPS experience.

We hope you’ll try out the Discover DevTools course and see how Chrome DevTools can make you a more productive developer.

Posted by Paul Irish, Senior Developer Advocate (completed the course in 14:52) and Peter Lubbers, Program Manager (best time: 15:05)
URL: http://blog.chromium.org/2013/03/discover-chrome-devtools-our-new.html

Wednesday, March 20, 2013

[Gd] Build collaborative apps with Google Drive Realtime API

| More

Google Developers Blog: Build collaborative apps with Google Drive Realtime API

Author PhotoBy Brian Cairns, Software Engineer

Google Drive lets users create Docs, Sheets, and Slides, collaborate on them in real time, and have their changes saved automatically. With the new Google Drive Realtime API, you can now easily add some of the same real-time collaboration that powers Google Drive to your own apps. This new API handles network communication, storage, presence, conflict resolution, and other collaborative details so you can focus on building great apps.

Developing for the Drive Realtime API is almost as simple as working with local objects. The API provides collaborative versions of familiar data objects such as maps, lists, strings, and JSON values and automatically synchronizes and stores modifications to these objects. Your application reads from and writes to these objects like any other local object. Change event handlers can be added to collaborative objects so that your app can react to changes from other collaborators.

Because the Drive Realtime API is based on operational transformation (OT), local changes are reflected instantly, even on high-latency networks. The Drive Realtime API automatically transforms changes to the data model so that every collaborator stays in sync.

If basic collections aren't enough for your application, the Drive Realtime API supports custom objects and references, including trees and arbitrary graph structures. As with other collaborative objects, the Drive Realtime API automatically synchronizes these objects with other collaborators and stores them in Drive.

Because presence is important in collaborative applications, the Drive Realtime API also keeps track of who is connected to your application and provides your app with events for when collaborators join, leave, or make changes.

UI showing 3 collaborators
Widget using the Drive Realtime API and showing the collaborators on a document

Neutron Drive, Gantter and draw.io have enabled realtime collaboration in their apps using the Google Drive Realtime API. Check out these apps to see the Drive Realtime API in action.


Collaborative code editing with Neutron Drive

Neutron Drive is an online editor for text and source code files stored in Google Drive. You can now collaboratively edit any text or source code files stored in Drive and get a realtime collaboration experience—shared typing, a view of active collaborators, cursor positioning, and selected text. This all comes in addition to the syntax highlighting and other advanced features offered by Neutron Drive. To learn more, watch the video:




Collaborative project scheduling with Gantter

Gantter is a free online project scheduling tool and Gantt diagram editor. It now allows you to collaboratively—and in real time— work on your project schedules. It even features an embedded chat powered by the Drive Realtime API. Watch the video below to see Gantter’s new realtime collaboration features in action.




Collaborative diagraming with draw.io

draw.io is a diagraming application that enables you to draw a wide variety of diagrams such as flowcharts, UML diagrams and even electronic circuits. You can now see updates from other collaborators instantaneously, with colored visual cues indicating who has changed the diagram and where that change occurred. Try the new draw.io collaborative beta at rt.draw.io and watch the video below.




Learn more about the Drive Realtime API

We built a collaborative colored cube puzzle so you can have some fun while trying out the Drive Realtime API and a Drive Realtime API Playground to take you through the API step-by-step. Both apps are open source so check out our Github repos.

Have a look at the Google Drive Realtime API technical documentation and start making your app realtime-enabled!


Brian Cairns joined the Google Drive team in 2011 and lives in Boulder, Colorado. He is the lead software engineer for the Drive Realtime API.

Posted by Scott Knaster, Editor
URL: http://googledevelopers.blogspot.com/2013/03/build-collaborative-apps-with-google.html

Tuesday, March 19, 2013

[Gd] App Engine 1.7.6 Released

| More

Google App Engine Blog: App Engine 1.7.6 Released




The App Engine team is continuing to make monthly improvements to our platform.  We have a number of new features and fixes for this month’s release.  



New App Engine billing system for paid applications





We’re making it easier to pay for App Engine each billing cycle by transitioning to a new billing system.  This change will happen automatically for billing-enabled applications, with no action required on your part.  With the new system you can now:



  • take advantage of monthly billing cycles



  • make a payment at any time during the month



  • specify direct debit as a form of payment



  • assign a primary and backup credit card







We’ll start moving applications to this new billing system over the next few weeks.  You don’t need to make any changes and the migration itself will be transparent.



Other notable features






  • Full Text Search API stats are now available in the admin console.  You can start viewing these stats in advance of being able to pay for additional search resources in an upcoming release.



  • We’ve added asynchronous methods, which is now in Preview, to the Task Queue API.  This feature improves utilization by allowing your app to add, lease and delete multiple tasks in parallel.



  • A major overhaul to the Python dev_appserver, the software used to simulate App Engine while in development. The new dev_appserver is multi-threaded, meaning development is faster, and provides a more accurate simulation of the production environment.



  • Admin console dashboard charts and current load/errors reports are moving to a new, more reliable backend over the next few weeks.



  • Improved support for Python libraries, with Django 1.4.2 and webob 1.2.3 now Generally Available.





The complete list of features and bug fixes for 1.7.6 can be found in our release notes. For App Engine coding questions and answers check us out on Stack Overflow, and for general discussion and feedback, find us on our Google Group.


-Posted by Chris Ramsdale, Product Manager
URL: http://googleappengine.blogspot.com/2013/03/app-engine-176-released.html

[Gd] Build collaborative apps with Google Drive Realtime API

| More

Google Apps Developer Blog: Build collaborative apps with Google Drive Realtime API

Google Drive lets users create Docs, Sheets, and Slides, collaborate on them in real time, and have their changes saved instantly and automatically. With the new Google Drive Realtime API, you can now easily add the same real-time collaboration that powers Google Drive to your own apps. This new API handles network communication, storage, presence, conflict resolution, and other collaborative details so you can focus on building great apps.

Developing for the Drive Realtime API is almost as simple as working with local objects. The API provides collaborative versions of familiar data objects such as maps, lists, strings, and JSON values and automatically synchronizes and stores modifications to these objects. Your application reads from and writes to these objects like any other local object. Change event handlers can be added to collaborative objects so that your app can react to changes from other collaborators.

Because the Drive Realtime API is based on operational transformation (OT), local changes are reflected instantly, even on high-latency networks. The Drive Realtime API automatically transforms changes to the data model so that every collaborator stays in sync.

If basic collections aren't enough for your application, the Drive Realtime API supports custom objects and references, including trees and arbitrary graph structures. As with other collaborative objects, the Drive Realtime API automatically synchronizes these objects with other collaborators and stores them in Drive.

Because presence is important in collaborative applications, the Drive Realtime API also keeps track of who is connected to your application and provides your app with events for when collaborators join, leave, or make changes.

Widget using the Drive Realtime API and showing the collaborators on a document

Neutron Drive, Gantter and draw.io have enabled realtime collaboration in their apps using the Google Drive Realtime API. Check out these apps to see the Drive Realtime API in action.

Collaborative code editing with Neutron Drive

Neutron Drive is an online editor for text and source code files stored in Google Drive. You can now collaboratively edit any text or source code files stored in Drive and get a collaboration experience similar to Google Docs — shared typing, a view of active collaborators, cursor positioning, and selected text. This all comes in addition to the syntax highlighting and other advanced features offered by Neutron Drive. To learn more, watch the video below:


Collaborative project scheduling with Gantter

Gantter is a free online project scheduling tool and Gantt diagram editor. It now allows you to collaboratively — and in real time — work on your project schedules. It even features an embedded chat powered by the Drive Realtime API. Watch the video below to see Gantter’s new realtime collaboration features in action.


Collaborative diagraming with draw.io

draw.io is a diagraming application that enables you to draw a wide variety of diagrams such as flowcharts, UML diagrams and even electronic circuits. You can now see updates from other collaborators instantaneously, with colored visual cues indicating who has changed the diagram and where that change occurred. Try the new draw.io collaborative beta at rt.draw.io and watch the video below.

Learn more about the Drive Realtime API

We also built a collaborative colored cube puzzle so you can have some fun while trying out the Drive Realtime API and a Drive Realtime API Playground to take you through the API step-by-step. Both apps are open source so check out our Github repos.

Have a look at the Google Drive Realtime API technical documentation and start making your app realtime-enabled!

Brian Cairns   profile

Brian joined the Google Drive team in 2011 and lives in Boulder, Colorado. He is currently the lead software engineer for the Drive Realtime API.





URL: http://googleappsdeveloper.blogspot.com/2013/03/build-collaborative-apps-with-google.html

[Gd] Using Tailbone to talk to App Engine with JavaScript

| More

Google Developers Blog: Using Tailbone to talk to App Engine with JavaScript

Author Photo
By Doug Fritz, Creative Lab

Today we’re sharing a small open source project called Tailbone that lets developers read and write to the Google App Engine Datastore using JavaScript. We’re hoping that it makes App Engine a bit more accessible to developers who aren’t familiar with Python, Java or Go, or prefer not to use them.

I share an office with three creative programmers who work almost entirely in HTML5 and JavaScript. An important part of our work is writing server-side code for new projects that read or write data to to the App Engine Datastore or use Google accounts to store authenticated user-specific information. To make that process easier for my JavaScript-fluent colleagues, I created Tailbone to act as a RESTful API for an app’s Datastore.

tailbone tutorial screenshot

To get started, you still have to install App Engine’s SDK and Python, but after that you’re all set. We’ve written a detailed tutorial that guides you through the installation and an example app for creating an authenticated profile page with an editable name and photo.

It’s my hope that Tailbone makes App Engine a little bit less intimidating for people who don’t have much experience with server-side coding. I know there are a few in my office. If there are any others out there, this is for you.


Doug Fritz is a programmer with the Creative Lab’s Data Arts Team. He thinks large amounts of data taste slightly purple and strongly wishes the government used bugzilla.

Posted by Scott Knaster, Editor
URL: http://googledevelopers.blogspot.com/2013/03/using-tailbone-to-talk-to-app-engine.html

Monday, March 18, 2013

[Gd] Dev Channel Update

| More

Chrome Releases: Dev Channel Update


The Dev channel has been updated to 27.0.1444.3 for Mac, Windows, Linux, and Chrome Frame

Full details about what changes are in this build are available in the SVN revision log. Interested in switching release channels? Find out how.

Known issues:

  • Chrome crashes when playing bejeweled game (Issue: 194749)
  • Black menu doesn't appear on google.com (Issue: 200602)

If you find a new issue, please let us know by filing a bug.

Karen Grunberg
Google Chrome
URL: http://googlechromereleases.blogspot.com/2013/03/dev-channel-update_18.html

[Gd] Using Tailbone to talk to App Engine with JavaScript

| More

Google App Engine Blog: Using Tailbone to talk to App Engine with JavaScript




Today’s post comes from Doug Fritz from the Data Arts Team of the Google Creative Lab.  In this post, Doug shares a small open source project for reading and writing to the Google App Engine Datastore with JavaScript.





Today, the Google Creative Lab is sharing a small open source project called Tailbone that lets developers read and write to the Google App Engine Datastore using JavaScript. We’re hoping that it makes App Engine a bit more accessible to developers who aren’t familiar with Python, Java or Go, or prefer not to use them.



I share an office with three creative programmers who work almost entirely in HTML5 and JavaScript. An important part of our work is writing server-side code for new projects that read or write data to to the App Engine Datastore or use Google accounts to store authenticated user-specific information. To make that process easier for my JavaScript-fluent colleagues, I created Tailbone to act as a RESTful API for an app’s Datastore.











To get started, you still have to install App Engine’s SDK and Python, but after that you’re all set. We’ve written a detailed tutorial that guides you through the installation and an example app for creating an authenticated profile page with an editable name and photo.



It’s my hope that Tailbone makes App Engine a little bit less intimidating for people who don’t have much experience with server-side coding. I know there are a few in my office. If there are any others out there, this is for you.





-Posted by Doug Fritz, Creative Lab, Data Arts Team


URL: http://googleappengine.blogspot.com/2013/03/using-tailbone-to-talk-to-app-engine.html

[Gd] Pwnium 3 and Pwn2Own Results

| More

Chromium Blog: Pwnium 3 and Pwn2Own Results

Earlier this month at the CanSecWest security conference, the Chrome team took part in another Pwn2Own and hosted our third-edition Pwnium competition. This year’s participants once again impressed us with their talent and security prowess. We’re excited about what lessons we can learn from their work to make Chrome and Chrome OS even more secure.

At Pwnium, we didn’t receive any winning entries, but did reserve the right to issue “partial” rewards. We’re pleased to reward $40,000 to Pinkie Pie, who submitted a plausible bug chain involving video parsing, a Linux kernel bug and a config file error. The submission included an unreliable exploit demonstrating one of the bugs. We’ve fixed most of these bugs already.

In particular, we’d like to thank Pinkie Pie for honoring the spirit of the competition by disclosing a partial exploit at the deadline, rather than holding on to bugs in lieu of an end-to-end exploit. This means that we can find fixes sooner, target new hardening measures and keep users safe.

In the parallel Pwn2Own contest, participants attacked many different browsers and plug-ins. There was a top prize on the line for Chrome, which was claimed by Nils and Jon of MWR Labs. Of the two bugs used, one bug was in Chrome code, which we fixed in 24 hours. Thankfully, recently deployed hardening measures protected Chrome OS users. The second bug was in the Windows kernel. The new Pwn2Own rules required the researcher to hand the bug and exploit over to Microsoft, so we’re delighted that the Chrome entry will make other products safer, beyond just Chrome.

While these security gatherings and live competitions are fun, we also want to highlight the ongoing Chromium Vulnerability Reward Program, which covers not only the Chrome desktop browser, but also all Chrome OS components and Chrome on mobile devices. We’ve given away more than $900,000 in rewards over the years and we’re itching to give more, as engaging the security community is one of the best ways to keep all Internet users safe.

Posted by Chris Evans, Chief Reward Officer
URL: http://blog.chromium.org/2013/03/pwnium-3-and-pwn2own-results.html