Exclusive Interview: Google Chrome's Chromium Core Explored

Features
By Alan Dang
published

Where Do We Go From Here?

Alan: Google made Chromium open-source in the hopes that other companies would adopt the security model. While collaboration helps concentrate resources, it also limits diversity of ideas. What are other security models besides sandboxing that have been considered?

Collin: Another approach to mitigating vulnerabilities is to write more of the browser in managed code. Rendering engines are fantastically complicated and need to be fast, which makes them a good candidate for running as unmanaged code in a sandbox. However, the privileged "kernel" of browsers can be made fairly simple, so if you put it in type-safe environment like Java or .NET, you can get protection both inside and outside the sandbox. There's a Microsoft Research project called Gazelle that is trying this approach.

Alan: While the focus of our interview has been on Chromium so far, I’m sure your time at Stanford has involved looking at other platforms. I’m sure that Chrome is your recommended browser for Windows Vista users, but what browser should we be using on Mac and Linux?

Adam: I recommend against using IE 6 with Wine. Browsers have come a long way in the past 8 years. If you're still using IE 6, you might consider upgrading. :)

Alan: So what browser is running on your Mac Mini (Adam) and your laptop (Collin)?

Adam: On my Mac Mini, I usually use Firefox because I often have Safari running with a development build of WebKit in the debugger, which can be confusing if I'm also using it for Gmail. When it's time for me to debug Firefox, I usually switch to Safari or Opera.

Collin: Yes, this is a common pattern. I'll use any browser except the one I'm debugging, because I hate restarting my browser.

Alan: Final question: having gone through it, what advice would you give to a kid interested in pursuing a career in computer science?

Collin: A great way to get exposure to real-world software development and meet other developers with similar interests is to contribute to an open source project. You can even get paid to do this through Google: Summer of Code--check out http://code.google.com/soc/. Unfortunately, the application deadline for Summer 2009 was April 3. But there's always next time.

Alan Dang
26 Comments Comment from the forums
  • duckmanx88
    security features? im using chrome right now. love it. but this thing is far from secure. it shows you all your saved passwords with no protection. and i'd like to open my tabs on a page i select and not my most viewed sites for everyone to see.
    Reply
  • thee_prisoner
    +1 Duckman, I also do not like to have my passwords saved. It is convenient to have your most viewed websites posted, but it can lead to issues with work. Even though I use this function, it might get messy in an environment where you have competitive co-workers to easily see what you are working on.

    What I would like to see, make it so that people have a way to access these features quickly, but still maintain some security.

    Really though in all browsers people can just look at your history of your websites that you visited, unless of course you delete your history all the time.

    Chrome is great. It is fast and easy to use.

    BTW, at least Berkeley and other state schools generally give you better well rounded education. I find accumulation of knowledge helps in all fields, we do not to become a world of engineers.

    Be seeing you...
    Reply
  • interesting.. even if i dont know anything about coding....
    i love opera btw....!
    Reply
  • csuftech
    @duckmanx88, given that it was the only browser that was not compromised at this years Pwn2Own contest, I would say it's pretty secure. Also, if you don't want the most visited sites page, go to Wrench > Options > Basics and then just click on "Open this page".
    Reply
  • UC Berkeley is a second-rate school? Ha!
    Reply
  • deltatux
    Been using Google Chrome since its release and it's fantastic, I love the security built into the browser and I love the multiprocess approach, makes a lot of sense.
    Reply
  • sunraycer
    @csuftech: That's for the homepage right? I think he's talking about opening a TAB with the +. I'd also like to open to a page and not my most used page list. Nice as an option, but not as a forced function. I'd hope this would change when they have new versions. The settings are fairly sparse in Chrome in general. Hopefully they'll incorporate more. I've been using Chrome since I read the last article in this series and I'm starting to like it already. Might start trying to use the beta to see what's on the way...
    Reply
  • Capability-based security is a nice topic, since it fits very well with general Internet infrastructure. I.e. there's no global system of roles, users and ACLs, but even now it's possible to build capability-based systems using browser cookies.

    Are there any developments in this area?
    Reply
  • ossie
    "Macs definitely seem to be a favorite among security researchers."
    "In order to take advantage of the most security features, users need to be running NTFS and Windows Vista."
    "While Mac OS X Leopard offers less security features than Windows Vista or Windows 7, it offers better safety because there are fewer threats."

    Very funny mr. Dang. Your pathetic attempts to push m$ corporate spin failed miserably...
    No serious professional would use m$ crap for it's important work. OS X (BSD Unix) is still more secure than windblow$ even if you try hard to suggest otherwise.
    Reply
  • dvader
    @ossie: you are pretty clueless, sir. Read the Charlie Miller interview.
    Reply