Cover photo
Linus Upson
Works at Google
Attended Princeton University
Lived in SF Bay Area
2,035 followers|215,749 views


Linus Upson

Shared publicly  - 
One very interesting pattern I observed in poking at this exploit pack — and 0thers recently — is the decreasing prevalence or complete absence of reported infections from Google Chrome


Chrome and Firefox both now include integrated PDF readers, and ... exploits against Adobe’s PDF reader have traditionally been a key contributor to exploit kit infection statistics.


Instead, those users are hit with a social engineering attack that tries to trick them into installing the malware by disguising it as a Chrome browser update.

#chrome   #security  
Not long ago, miscreants who wanted to buy an exploit kit — automated software that helps booby-trap hacked sites to deploy malicious code – had to be fairly well-connected, or at least have access to semi-private underground forums. These days, some exploit kit makers are brazenly advertising ...
Add a comment...

Linus Upson

Shared publicly  - 
It is a good sign when smart engineers with good taste like a new toolkit...
Right now I'm working on a dashboard for Chrome performance data. One of the fun things about this project is that all the users have Chrome, so I can use the latest and greatest web technology and not need to worry about compatibility.

Over the past few weeks I've re-implemented most of my prototype UI using Polymer. I've been doing frontend development for 8 years, and after less than a month I already see everything I start to work on in terms of how it would be broken up into custom elements, what the template looks like, etc.

I've been really impressed at the improvements the refactor made!

* ~1200 lines of JavaScript were reduced to only ~400 lines of JavaScript in custom elements. Databinding and templates removed the need for a lot of glue code.

* 4 bugs were fixed automatically as the databinding handled edge cases where my code hadn't correctly updated the UI.

* The code is much better organized now. I really like the way custom elements make it easy to break up my code the same way the visual elements on the page are.

Working with Polymer makes me so excited about the future of the web! Check it out:
Polymer is a new type of library for the web, built on top of Web Components, and designed to leverage the evolving web platform on modern browsers.
Add a comment...

Linus Upson

Shared publicly  - 
Starting Tuesday, Chromebooks will begin rolling out in six new countries: Australia, Canada, France, Germany, Ireland, and the Netherlands. In the US, Chromebooks will also be expanding to +Best Buy stores nationwide over the next couple weeks. 

Head over to the Chrome Blog to find out more about these updates: #foreveryone
For our international readers, additional details can be found for Australia, Canada, France, Germany, Ireland and the Netherlands. Over the past few months, Chromebooks have become a part of everyday...
Add a comment...

Linus Upson

Shared publicly  - 
Fortunately, most people don't need to compile code on their laptop. :) Also fortunately, we've made it easy for anyone to flip their Chromebook in to dev mode and load any software they want.
Toys, toys, toys..

Hey, I've joined all the cool kids in having one of the new Google "Pixel" laptops (aka Chromebooks).  And it is a beautiful screen, to the point where I suspect I'll make this my primary laptop. I tend to like my laptops slightly smaller, but I think I can lug around this 1.5kg monster despite feeling fairly strongly that a laptop should weigh 1kg or less.

Because the screen really is that nice.

And I really appreciate not just the pixels, but the form factor. I despise widescreen displays, but I had gotten resigned to them. Until now. 3:2, baby!

I don't understand why people complain about "black bars", when I can't see why it would be any different to have "no pixels at all", which is what the silly widescreen displays do. 

I'm still running ChromeOS on this thing, which is good enough for testing out some of my normal work habits (ie reading and writing email), but I expect to install a real distro on this soon enough. For a laptop to be useful to me, I need to not just read and write email, I need to be able to do compiles, have my own git repositories etc..

Side note: I also have the Nexus 10, which also has tons of pixels, but on that one I didn't get the feeling that I could use the pixels very well... Sure, I could run a web browser and make the text smaller, but without a keyboard I can't reasonably write anything, and without the option of installing a full Linux distro I couldn't see it replacing my laptop anyway, so getting a BT keyboard didn't seem all that relevant either. 

One thing that the Chromebook Pixel really brings home is how crap normal laptops have become. Why do PC manufacturers even bother any more? No wonder the PC business isn't doing well, when they stick to just churning out more crappy stuff and think that "full HD" (aka 1080p) is somehow the epitome of greatness.
Jeff Keltner's profile photoPeter Frandsen's profile photoDanny Tuppeny's profile photo
The biggest issue with dev mode is the horrific forced splash screen. I understand the security risks if this didn't happen, but when it's my device, it's annoying! :-( 
Add a comment...

Linus Upson

Shared publicly  - 
Conclusion: "Isn’t competition great?"
Finally - FINALLY! - finished my epic look at the Chromebook Pixel, from the perspective of a dyed-in-the-wool Mac user. How does it compare to the MacBook Air and retina MacBook Pro?
A Mac user's view of the Chromebook Pixel, comparing it to the MacBook Air and MacBook Pro with Retina screen. Which one will be best for you?
Russell Webb's profile photo
Nice review. I am looking forward to trying one myself. I have four Chromebooks at home right now and they are wonderful devices, but I think he nailed it on the head that this is a challenge to web developers everywhere to step up their game. As more web apps are created with offline support and that take advantage of html5, these devices will become more and more useful. I am so thankful that I no longer need to be IT for my wife and children who use Chromebooks exclusively. Kudos to you and your team, +Linus Upson
Add a comment...

Linus Upson

Shared publicly  - 
Reading the Chromebook Pixel coverage over the past week has been fun. Nice to see people are also getting how less can be more. Much more.
Jason Stewart's profile photoPeter Kasting's profile photoJohn VanRoekel's profile photo
+Peter Kasting  I am totally fine with us disagreeing.  "Walled Garden" has been an industry term that has never had good definition.  It is open to interpretation.
My reference to "lack of honesty" can be easily explained, and the examples are freely accessable.  google has a pretty good history of breaking faith with people.
There were all those cool google-maps cars were driving around.  I do think that they were cool, and I have no problem with the pictures.  But I do have a problem with the fact that they were running packet-sniffers the entire time, recording information from people's private networks.  When caught, the biggest and most preeminent data sorting and collecting company in the world said, "We didn't mean to collect that data, we just wrote the code that collected it, and then stored it and sent it out to a bunch of contractors."
You can look at the fact that when users of the safari browser indicated that they did not want to be tracked by cookies, google used an exploit to bypass their security settings.  Yes, apple was being dicks in this, but even though their were honest options available, google chose to violate their users trust rather than just be open about the situation.  This time when caught, the biggest and most preeminent data sorting and collecting company in the world said, "We didn't mean to collect that data, we just collected it, and bypassed our user's security to allow us to."
Then, there was the buzz roll-out, where google exposed millions of people's private information without those people's knowledge or consent.  They even paid the FCC's multimillion dollar fine (because what is a few mill to google?)  but they refused to admit fault, this time saying "We didn't mean to expose that data, and we don't think anyone used it."
Those are just the big ones.  Then you can throw in the throw Motorola/Skyhook into the argument (Which may not have been an illegal situation, but was certainly an immorally anti-competitive situation) the abandonment of neutral search (The choice to give less relevant search results in order to increase market share and/or revenue) and things get worse.
Finally there is google's assertion that you have full control over your data.  Read the privacy policy (I'll throw a link at the end) this policy defines two types of data that they collect "Information you give us." and "Information we get from your use of our services." and while it is true that google gives you good control over the first category, we are not allowed to access or control the second.  So, if you use any google app on your phone, google reserves the right to download all "telephony log information like your phone number, calling-party number, forwarding numbers, time and date of calls, duration of calls, SMS routing information and types of calls."  Note, that this is not information on calls made with google voice.  You call your mom with google maps installed, and google reserves the right to download all information about that call to their servers.  There is no opt-out.  There is no way for you to review or remove that data.
They also reserve the right to download "device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). Google may associate your device identifiers or phone number with your Google Account."
In other-words, go ahead and turn cookies off.  Once they have identified you once, they can track you through your device.  You can opt-out of cookies, you cannot opt out of this.
And my personal favorite is "When you use a location-enabled Google service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers."
Every google service (last I checked) is "location-enabled" so, once again, if you use one of their services, they reserve the right to check your location by using any sensor on your phone.  Do I actually believe that they turn on your camera to check if you are in your kitchen or your bedroom?  No, probably not.  But they reserve the right to, and the fact that they reserve the right to, while telling you that your privacy is important to them bothers me.  There is no opt-out, and there is no way to review this data.
So, yeah, when people pretend that google is a paragon of not being evil, I question their definitions.

Documentation of any of the above points can be easily found with a quick search.

Have a great day : )
Add a comment...

Linus Upson

Shared publicly  - 
Interested in seeing what bad guys do when they exploit a bug in your browser?
Scott Montague's profile photo
Speaking of insects and bugs... accept my invitation on linked in.
Add a comment...

Linus Upson

Shared publicly  - 
Everyone I've met who has written real code in Dart has come away impressed.
What is your favorite Dart language feature?

It's great to see so many people actively discussing Dart these days! Seth's article on is a great starting point for such discussions because it highlights some of the language features that make Dart what it is.

Further discussions:

Add a comment...

Linus Upson

Shared publicly  - 
Whew! Chrome OS survived Pwnium with only a few flesh wounds. :) Many thanks to all the security researchers who participated and helped make computers safer for everyone.
Pwnium 3 is now kicking off at CanSecWest in Vancouver, Canada, and will run until 2pm PST today. We’re excited to hear from the security community, and see what bugs they've discovered and attacks they've cooked up for Chrome OS. Pwnium competitions continue to inspire us as some of the brightest minds in security show off their creativity & engineering skills. We can't wait to see who will take home a piece of the $3.14 million "pi", and help us enhance security for Chrome and the Internet overall. 

Stay tuned - confirmations will be announced in the next few days once we have validated any entries. More details about Pwnium 3 and the prize levels are detailed on the Chromium blog:

Update: deadline extended to 5pm due to researchers' request.

Update: We just closed out the competition. We did not receive any winning entries but we are evaluating some work that may qualify as partial exploits. Thanks to those who attempted, see you next time!
Add a comment...

Linus Upson

Shared publicly  - 
Many thanks to the team that made this happen. Everyone benefits when innovation in video codecs can happen at web speed!
Google Inc. and MPEG LA, LLC announced today that they have entered into agreements granting Google a license to techniques that may be essential to V
Add a comment...

Linus Upson

Shared publicly  - 
Ron Mecredy's profile photoLouis Gray's profile photoNicholas Rumas's profile photoJavier Bastardo's profile photo
Awesome, someone had to say it, and it could be hardly better than this!
Add a comment...

Linus Upson

Shared publicly  - 
Chromebook Pixel + 500px App = Wow!
Chromebook Pixel by Google is here! 500px for Chrome is available now:
Nicholas Rumas's profile photo
Like peanut butter and chocolate. Nice.
Add a comment...
Computers are mostly annoying. Need to fix that.
  • Princeton University
    Mathematics, 1989 - 1992
  • Thomas Jefferson High School for Science and Technology
    1985 - 1989
Basic Information
  • Google
    Vice President, Chrome, 2005 - present
  • Qurb
    Engineer, Co-Founder, 2002 - 2005
  • AvantGo
    CTO, Co-Founder, 1997 - 2002
  • Netscape
    Engineer, 1996 - 1997
  • Netcode
    Engineer, 1996 - 1996
  • NeXT
    Engineer, 1993 - 1995
  • The Geometry Center
    Research Assistant, 1992 - 1993
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
SF Bay Area
Other profiles
Contributor to