Google will now pay bigger rewards for discovering Chrome security bugs

Bug hunting can be a lucrative gig. Depending on the company, a serious bug reported through the proper channels can earn whoever found it first tens of thousands of dollars.

Google launched a bug bounty program for Chrome in 2010. Today they’re increasing the maximum rewards for that program by 2-3x.

Rewards in Chrome’s bug bounty program vary considerably based on how severe a bug is and how detailed your report is — a “baseline” report with fewer details will generally earn less than a “high-quality” report that does things like explain how a bug might be exploited, why it’s happening, and how it might be fixed. You can read about how Google rates reports right here.

But in both cases, the potential reward size is being increased. The maximum payout for a baseline report is increasing from $5,000 to $15,000, while the maximum payout for a high quality report is being bumped from $15,000 to $30,000.

There’s one type of exploit that Google is particularly interested in: those that compromise a Chromebook or Chromebox device running in guest mode, and that aren’t fixed with a quick reboot. Google first offered a $50,000 reward for this type of bug, increasing it to $100,000 in 2016 after no one had managed to claim it. Today they’re bumping it to $150,000.

They’ve also introduced a new exploit category for Chrome OS rewards: lockscreen bypasses. If you can get around the lockscreen (by pulling information out of a locked user session, for example,) Google will pay out up to $15,000.

Google pays additional rewards for any bugs found using its “Chrome Fuzzer Program” —a program that lets researchers write automated tests and run them on lots and lots of machines in the hopes of finding a bug that only shows up at much larger scales. The bonus for bugs found through the Fuzzer program will be increased from $500 to $1000 (on top of whatever reward you’d normally get for a bug in that category.)

Google says that it’s paid out over $5M in bug bounties through its Chrome Vulnerability Rewards Program since it was introduced in 2010. As of February of this year, the company had paid out over $15M across all of their bug bounty programs.

Instagram will now hide likes in 6 more countries

Would the Internet be a better place if we all paid a little less attention to fake Internet points? Instagram is still trying to figure it out.

Just a few months back, Instagram started testing a design tweak that would no longer show the total number of “likes” other user’s posts had received. You could still see everyone that liked your photos and videos – but anyone else’s stuff? Don’t worry about it.

While the company hasn’t said much about how the tests are going so far, it seems they’re going well enough to expand them. Initially rolled out in just Canada, it’ll roll out to users in six more countries starting today:

  • Ireland
  • Italy
  • Japan
  • Brazil
  • Australia
  • New Zealand

Curiously, some users in Canada (the first country where hidden likes were tested) reported yesterday that likes had returned to their feed. Instagram confirmed to us that the testing in Canada is still ongoing. Meanwhile, likes seem to be gone again in Canada as of this afternoon.

We wrote about Instagram’s like-hiding experiments a few weeks prior to the public tests, after the pending rollout was discovered by reverse engineering extraordinaire Jane Manchun Wong.

So why hide likes? Instagram says it’s “because [they] want your followers to focus on the photos and videos you share, not how many likes they get.”

In other words: when likes are public, people care too much about them. People view it as a metric of success – teasing those who get too few, or buying likes to try to gain admiration. If a post doesn’t get enough likes, people delete them to make it seem like all of their photos are hits. In theory, hiding likes from the feed but making them visible to the creator lets people get some sense of whats working, without having to worry so much about whatever anyone else is taking away from the like count on any given photo.

Here’s what Instagram looks like with the design tweak. Note the banner up top giving the user a heads up of the change, and that the like bar just says “Liked by username and others” instead of any specific number of users:

 

 

iOS and Android are about to get a bunch of new emoji

Tomorrow is World Emoji Day. Why is there a World Emoji Day? No idea! But it’s tomorrow!

To recognize the day, Apple and Google have both shed some light on their plans regarding new emoji coming to their operating systems in the coming months. Both companies are adding around 60 new emoji in all, from cutesie stuff like sloths and otters to important icons of representation.

First up, both companies are overhauling their handholding couple emojis so that your emoji people can hold hands with whomever you please, regardless of gender or skin tone.

handhold

Google also notes that, as of Android Q, any Emoji that doesn’t have a gender specified in its Unicode documentation — emoji like ‘police officer’ or ‘person getting haircut’ and 51 others — will now default to a “gender ambiguous design”. You’ll be able to press-and-hold an emoji to select a “male” or “female” presentation, if you’d prefer.

Both platforms will also be getting a ton of new accessibility-focused emoji. Apple proposed these early last year, with the Unicode Consortium (the group that determines the official emoji set) giving its stamp of approval in February of this year.

There’s a service dog:

dog

People using two different kinds of wheelchairs:

wheelchair

A prosthetic arm and prosthetic leg:

prosthetic

Ear with hearing aid, and the ASL sign for ‘deaf’:

hearing aid

And a person with a white cane:

white cane

There’s also a ton of other new stuff being added in, from animals to axes. There’s sloths:

sloth

And flamingos:

flamingo

And orangutans, otters, and skunks:

otter skunk

There’s a bunch of new clothing, including saris, swim shorts, and safety vests.

clothing

And, finally, an emoji that I am honestly kinda shocked wasn’t already in there: the yawning smiley.

yawn

I fully expect to see that last one used sarcastically across Slack and Twitter at least 43x a day.

Apple says the new emoji will hit iOS “this fall”, while Google says they’ll arrive with the release of Android Q later this year. If you want to see the full list of things coming in 2019, you can find it over on Emojipedia.

 

Minecraft Earth starts rolling out in beta in Seattle and London

If you’ve been waiting to check out Minecraft Earth (Mojang’s Pokemon GO-style augmented reality reimagining of its hugely popular game Minecraft) good news: it’s starting to roll out to some people now.

The catch? It’s only available to a slice-of-a-slice of the world, at first.

After opening up a registration system for its closed beta just a few days ago, the company says that it sent out the first batch of beta invites this afternoon.

crafty

The beta is being rolled out on a region-by-region basis, with randomly picked players in Seattle and London getting access at first. Mojang says more cities should go live in “the next few days,” but doesn’t get any more specific than that.

It’s also worth noting that the beta is iOS only for now; Android support is on the way, but it won’t land until later this summer.

Our own Devin Coldewey went hands on with an early build of Minecraft Earth a few months ago – check out his first impressions here.

Pokémon GO battles will soon be less tappy, more Fruit Ninja-y

At the end of last year, Pokémon GO finally got a player-versus-player battling system. While it was a very much welcomed addition, it has always seemed a bit… monotonous. It just requires so… much… tapping.

You repeatedly tap the screen to make your Pokémon attack, simultaneously building up its “Charge” move with each tap. Once it’s time to unleash the charge, you tap a button on screen to fire off the move, then tap as fast as you can to make that move more powerful. Tap! Tap! Tap! Taptaptaptaptaptap. Repeat until the battle is over. It’s a great thumb workout, but it arguably wasn’t very much fun.

In a tweet this afternoon, Niantic announced that they’re changing things up. The core mechanics of the battle system will remain the same, but charge attacks will now be less about tapping quickly, and more about accurate swiping. Once you’ve fired off your charge move, you’ll swipe your finger across a trail of icons falling across your screen. The more you collect before time runs out, the more powerful your attack will be.

go battle small

You can see a quick demo of the new charge system in the video below beginning around 13 seconds in. (The first 13 seconds, meanwhile, demonstrate an overhauled appraisal system for helping you figure out your particular Pokémon’s unique stats):

These changes to battle mechanics are bound to be at least a little divisive because… well, they’re changes. Some people will love’m, some people will always prefer the old tap-tap-tap charge mechanics, and others will keep yelling that the game should just use the same turn-by-turn battle system found in the main Pokémon series.

At first glance, though, I like this new concept. It reminds me a bit of glyph hacking in Niantic’s first game, Ingress, or the spell casting mechanics in its most recent title, Harry Potter: Wizards Unite. Swiping up icons seems just a pinch more entertaining than furiously bashing at the screen, without really messing with the underlying battle mechanics. At the very least, my thumb appreciates the change.

Steam Labs lets you peek into Valve’s experimental projects

Like most companies, much of what Valve (the company behind the hugely popular Steam game store) tinkers with behind the scenes never sees the light of day. Concepts are born, torn apart and rebuilt, and sometimes tossed away without anyone outside the company ever seeing a hint of it.

Seems Valve is trying to change that, giving users an opportunity to provide feedback on potential new features before they’re fully baked. The company has just debuted a new project it calls “Steam Labs”, which will give super-early adopters an early peek at concepts that may or may not eventually make it into Valve’s Steam game store.

You can find the new Labs page right here.

The first three “experiments” are all focused around helping users find new games:

  1. Micro Trailers: Six second looping video trailers that start playing when you hover over a game’s in-store graphic
  2. Interactive Recommender: Since the Steam client is used to launch most games you purchase through the Steam store, Valve has a good idea of what you’re playing, and for how long. This experiment takes that data and uses it to find other games you might like based on which ones you’ve played the most. Want something no ones ever heard of? You can filter out the popular stuff, limiting results to just the lesser knowns.
  3. Automatic Show: An automatically generated “shopping channel”-style show of sorts, highlighting footage of the latest releases. In time, they hope to have auto-generated narration that tells you a bit about what you’re seeing; for now, though, it’s mostly just game footage over music.

Valve is quick to point out that all of these experiments are just that — there’s no promising that any of the stuff that hits the Labs will make it all the way to the official client. They also say that even “Steam Labs is itself an experiment”, which will probably change and evolve a bunch over time. If you particularly like/dislike a feature, Valve’s also put up a forum for user comments and suggestions.

Now if someone at Valve could go ahead and classify Half Life 3 as a Steam experiment and give us a look into what the hell is going on there, that’d be great.

You can now register for the Minecraft Earth closed beta

Take the real-world exploration of Pokémon GO and mash it up with the building elements of Minecraft, and you get Minecraft Earth.

While there’s no launch date for the game, Mojang has been saying for a while now that a closed Beta would go live sometime “this summer”. If you’re looking to get in there early, good news: they just opened up registration.

You can find the Beta registration page here.

Alas, since it’s a closed Beta, registering doesn’t guarantee you access — but in its FAQ about the Beta, the team notes that they’re planning to open it up to “hundreds of thousands of players” eventually, so your odds of getting in probably aren’t too bad. You’ll need to be over the age of 18, have a device running iOS 10/Android 7 or newer, and a Microsoft or Xbox Live account to get registered.

TechCrunch’s Devin Coldewey got a super early look at the game back in May — you can find his thoughts on it right over here.

Mojang also released a video teaser this afternoon, wrapping up much of what the game will offer in just under 3 minutes:

There’s a tennis game hidden in Google right now. Here’s how to find it

Google loves a good Easter egg. From cutesie Douglas Adams references to the search results for “askew” being just a liiiiittle bit crooked, there’s all sorts of stuff hiding in the search engine if you know the right thing to type or the right buttons to push.

The latest addition is in honor of the Wimbledon tennis tournament, which wraps up this weekend. If you know where to look, Google has hidden a fun little pong-style tennis game within its results page.

It’s not too hard to find, but it’s just tucked away enough that most people probably won’t stumble upon it accidentally.

Here’s how to find it:

  1. Do a Google search for “wimbledon scores“.
  2. tennis 1

  3. See that purple box that pops up? See the nav bar that says “Men’s Singles”, “Women’s Singles”, etc? Grab that, and drag it all the way to the left to scroll to the end.
  4. tennis 2

  5. At the very end is a little tennis ball icon. Tap that, and the game should fire right up.

tennis 3b

Once you’ve got it up, it’s pretty much Pong minus the paddles. Move to serve, then try to get your player in front of the ball to rally it back and forth. I’m not sure if it’s possible to actually get the ball past the computer player — I haven’t seen it happen. But just successfully returning the ball will get you a point. Once you miss a return, it’s game over.

It’ll work on both mobile or desktop, but I’ve found it’s a helluva lot easier to play on the latter.

Cloosiv gives local coffee shops a mobile ordering experience on par with the mega chains

Starbucks’ mobile ordering app has proven wildly popular for the company, with reports indicating that it had more users than the likes of Apple Pay or Google Pay last year. The convenience is just too alluring. When you’re late for work and forgot to eat, being able to order up a drink and a sandwich with a tap or two and have it ready for pick up by the time you pass the store seems sort of like magic.

But how can smaller coffee shops compete? Building and maintaining an app of your own is a massive endeavor — and that’s before you start trying to convince customers to install yet another app.

Cloosiv is aiming to take that simplified, tap-of-a-button mobile ordering approach and make it work for local coffee shops by bringing them all to one place. It highlights the nearby coffee shops that are part of the service, presents their menus and lets you tweak your drink to your liking before sending your order on its way. Tipping is handled through the app, and there’s a built-in rewards system to encourage people to keep coming back.

Cloosiv’s network of coffee shops isn’t huge yet; it’s up and running at just a couple of locations in San Francisco right now, and a quick glance at the in-app location map pins the nationwide total at a little shy of 200. The more that number grows, though, the more the concept makes sense. It becomes an everyone-versus-the-giant sort of thing.

cloosiv ordering

As with Starbucks’ mobile ordering app, Cloosiv encourages users to pre-load money into a built-in wallet — the idea being that pre-loading means fewer credit card charges, which cuts back on processing fees for everyone. Unlike the big competition, however, users can make a one-off purchase without pre-loading the funds. There’s a 40 cent fee tacked onto those charges to cover processing, but the option is there.

I gave the app a spin in San Francisco last week, and it worked exactly as promised. I found a coffee shop (Coffee Mission) near BART, punched in my order as the train approached, and my drink was waiting for me by the time I made it out of the station.

cloosiv merchant

Cloosiv’s Merchant app

As many (most?) coffee shops already have a tablet on the counter acting as the point of sales terminal, Cloosiv is focusing on integrating into what’s already in place. When an order comes in today, a sound plays as a notification banner drops down from the top of the screen; when an employee taps the banner, they’re bumped over to Cloosiv’s Merchant app where they can acknowledge orders or mark them as complete.

The next step for the company is tying all of this directly into the merchant apps that coffee shops are already using — they’re focusing on Square first, with plans to tie into things like Clover and Micros.

Cloosiv charges vendors a percentage of each sale, with that percentage going down as the number of orders goes up. The first 50 orders each month, for example, are charged a 12% fee; after 150 orders, that fee drops to 8%.

Cloosiv founder Tim Griffin tells me they’ve processed more than 35,000 orders so far, making up over $250,000 in revenue for the coffee shops they work with. He estimates that orders and gross volume are both growing by about 40% monthly. The company recently closed a small round with investors, including Lachy Groom (previously head of Issuing at Stripe) and Laura Behrens Wu (CEO of Shippo), and is part of Y Combinator’s Summer 2019 class.

IBM closes Red Hat acquisition for $34 billion

We’ve known it was coming since late last year, but now it’s final: IBM has wrapped up its $34 billion acquisition of Red Hat, completing what is one of the largest tech acquisitions of all time.

IBM originally announced its intent to acquire the Linux developer in October of last year. The U.S. Department of Justice gave its stamp of approval in May, and the last big potential roadblock was removed when the EU gave its unconditional approval at the end of June.

IBM says that Red Hat will stay under the watch of CEO Jim Whitehurst, with Whitehurst joining IBM’s senior management and reporting directly to IBM CEO Ginni Rometty.