The Browser Report

David Recordon writes on the O’Reilly Radar blog that after the address bar and search box (navigation), identity is the most important other thing for a browser to know. Except he said it better:

Google Chrome did a smart thing: Less. They unified the search box and address bar, since that’s what people do anyway. That gives us back precious pixels for the only thing that’s as important to an average web user as where they’re going: Who they are. Identity belongs in the browser.

Read the rest of this entry »

Robert Hansen writes on the Internet Security blog an interesting piece about Browser Power Consumption.

While this exercise was not a real scientific study, it provided enough evidence to point to clear areas of power consumption in every day web applications.

He tests IE 7.0 and Firefox 3.0.4 on a Dell laptop.

The Results

Read the rest of this entry »

Dion Almaer’s delicious links included this news of the PhoneGap project. While not exclusively about browsers, our readers will likely be interested in the PhoneGap project which aims to “bridge the gap between the web and Mobile Devices.”

Read the rest of this entry »

Bernard Lunn on the ReadWriteWeb blog published an article today called Why is Google Not Deploying Gears Aggressively?. In it he pulls from interviews with Dave Girouard, President of Google Enterprise and Vic Gundotra, VP of Engineering.

To prove their slow adoption of Gears he points out that Zoho (the cloud-based Office suite that competes with Google Docs, etc) has been using it for nearly 18 months.

Further:

So, the big question is, “When will Gmail enable offline use via Gears?” I posed this question to Dave Grirouard, President of Google Enterprise. The response was along the lines of, making it work on the scale of Gmail is not a trivial engineering challenge. That sort of made sense. But Gears has been out for a long time; it is a critical feature, and Google has the best software engineering talent on the planet.

The next point muses on Chrome, Google’s browser

Is Google holding up Gears until Chrome can support Gears? We hope not. That seems contrary to its philosophy to date, which has been to couple them very loosely. So that is probably just coincidence.

(The comments point out that Chrome bundles Gears already, so perhaps that line of thinking is moot.)

In terms of Mobile, the author “was told that Gears in a mobile browser was, of course, the “holy grail.”"

WebSiteOptimization.com reports: Average Web Page Size Triples Since 2003

Within the last five years, the size of the average web page has more than tripled, and the number of external objects has nearly doubled. While broadband users have experienced somewhat faster response times, dial-up users have been left behind.

Opera 9.5b2

Now, we’ve made the fastest browser in the world even faster. Opera’s new beta is quicker to start, faster at loading Web pages and better at running your favorite Web applications.

PC World - SDK Showdown: Apple IPhone vs. Google Android

Jason Cline, a senior software engineer at Web application developer Sitepen, says that the broad differences between the iPhone and Android SDKs are related to trade-offs between greater freedom and greater accessibility.

For this blog’s audience, the key difference may be that you’re guaranteed a level playing field when you develop for iPhone, but Android will run on disparate platforms resulting in heterogenous device capabilities and quirks.

About the security content of Safari 3.1.1

Safari 3.1.1

* Safari, CVE-ID: CVE-2007-2398 Available for: Windows XP or Vista Impact: A maliciously crafted website may control the contents of the address bar Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.

* Safari, CVE-ID: CVE-2008-1024 Available for: Windows XP or Vista Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.

* WebKit, CVE-ID: CVE-2008-1025 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista Impact: Visiting a malicious website may result in cross-site scripting Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.

* WebKit, CVE-ID: CVE-2008-1026 Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller, Jake Honoroff, and Mark Daniel working with TippingPoint’s Zero Day Initiative for reporting this issue.”

(Via .)

The IEBlog has a new post on HTML and DOM Standards Compliance in IE8 Beta 1. It’s a pretty in-depth article with lots of juicy details, and is well worth a read. Lots of what they cover — that you should still read in the blog post — are covered additionally in these two whitepapers:

DOM Core Improvements

During Internet Explorer 6’s long tenure as the leading market-share holder, Web developers revealed many bugs and inconsistencies in Internet Explorer’s DOM. Today, with the Internet Explorer 8 versioning plan, these bugs and inconsistencies are corrected by default, and those customers who choose to opt out of this behavior may enable IE7 compatibility mode.

Read about and download the DOM Improvements whitepaper.

HTML Improvements and ACID2

HTML uses elements to represent both structure and meaning in a document. To help developers take full advantage of the elements that HTML 4 offers, and to better provide the semantic meaning intended by Web author, Internet Explorer 8 Beta 1 for Developers has upgraded support of the P and OBJECT presentational elements. Through improved support of these HTML elements, Web developers may build more expressive and accessible HTML markup.

Read about and download the HTML Improvements and ACID2 whitepaper.

IE8 Beta 1 For Developers Now Available in Chinese (Simplified) and German

“The IE team is pleased to announce the availability of Chinese (Simplified) and German versions of Windows Internet Explorer Beta 1 for Developers. The two languages released today are fully localized versions of the IE8 English Beta 1, released March 5, 2008. They carry with them the same improved CSS 2.1 support, better scripting performance, and other features and improvements that the English beta 1 developer release contains.”

(Via IEBlog.)