undefined | Better HN

0 pointszobzu14y ago0 comments

The post is great in itself (clear and easy) but the constant marketing speech about how great Chrome is regardless of the bugs gets on my nerves to be honest. Yes Chrome is a very good browser, but I don't have to read that every paragraph in various forms... specially for tech articles.

It also looks like to me that devs commit code in a more lazy way since Chrome has a strong sandbox model for various components. But as a result, it seems easier to find many bugs that, when combined, bypass the sandbox, as show.

Just my 2cts ;-)

0 comments

5 comments · 1 top-level

tptacek14y ago· 4 in thread

There is no way to explain how awesome Pinkie Pie's exploit is without simultaneously explaining how intricate Chrome's security model is.

A great way to market a browser is to have a security model so interesting/effective/intricate that any description of a working exploit will also serve as marketing.

zobzuOP14y ago

I disagree. Marketing does not have to be in every damn blogpost.

It's just annoying ;-)

While they attempt (and apparently succeed) to make you believe that exploiting Chrome is exceptional and it's such a super high security program:

The bottom line is, 2 guys showed up with a complete remote exploit of Chrome. And there are more exploits that are obviously unreleased, and some that will get released each year.

That is the true bottom line.

So again, while the article is nice and clear, the exploit is a good pony job as well - the marketing behind it makes the read annoying. It's a trend and it's not just Google. You even justify is as if marketing was a required thing to have and if you don't try to do it, you're just missing out. Well, I digress.

obtu14y ago

The only place I see some rhetoric is the second sentence of the first paragraph, the second paragraph, and the first sentence of the second to last. It's tame: it emphasises the exploit being very involved, which is well supported by the rest of the report. Everything else is necessary detail that describes the progression of the exploit from Pinkie Pie's point of view.

Your contributions, on the other hand, are much more content-free, being mostly value judgements against Chrome's PR or the supposed overconfidence of their programmers. And while you do brush on more technical matters, you do so by name-dropping products rather than being informative and describing the relevant security property.

moldbug14y ago

Pinkie Pie is a frickin' genius.

But I'm curious about this equation, interesting == effective == intricate. Intricate == complex, right? So, the exploit certainly reveals that Chrome's security model is complex. And this is supposed to be a good thing? Seems like a good thing, if you're Pinkie Pie...

tptacek14y ago

That's not an equation.

I don't know the right word to use for Chrome's model yet, but unlike some people, I am very bullish on sandboxing.

1 more reply

j / k navigate · click thread line to collapse