the 200ok weblog

It's not every day a whole new browser comes out. It's even less common for that new browser to make lead story status in mainstream media outlets*. But today both happened as Google released their browser, Chrome.

Initial impressions are that its 'innovative features' are essentially an amalgam of other browsers; plus it uses bits of Safari, Firefox and IE (settings panel) so it's kind of Frankenstein's browser. But no matter what you think of its pedigree it does feel fast.

[*] Chrome's release was top story news at The Australian and news.com.au, for those of you playing at home. It might have been top story on other sites too, I didn't have time to look around. Standard disclaimer: I work for News Digital Media.

how fast is it?

Precisely how fast it is depends on who you ask. Naturally if you ask Google they'll tell you it's the fastest browser that has ever existed; although they tend to just talk about the Javascript engine rather than overall performance. Google's own Javascript benchmark yields the unsurprising result that Chrome is far quicker than the others.

Let's face facts, companies choose whichever benchmark makes their product look best. Other tests show different results:

• Slickspeed JS Test Results › drewrobinson.id.au. Short version: Opera and Safari win comfortably, Chrome and Firefox are runners up, IE7 loses a lot. I also get cited as an Opera fanboy (it's a long bow to draw).
• PannonRex » Shining Chrome: Browser Speed Tests. Short version: IE's really slow, Chrome narrowly beats the others.

So the only consistent result is that everything is faster than IE. I'm rather partial to Lifehacker: Speed Testing the Latest Web Browsers, where nobody won across the board :)

So, is Chrome fast? Forget the numbers, everyone says it feels fast and that's pretty much what counts at the end of the day. It's more of an emotional measurement. It's quick. Paint it red.

security and rendering flaws

Along with Webkit's benefits, Chrome also inherited its first security flaw: Serious Security Flaw in Google Chrome - ReadWriteWeb. It's not even listed as a product on Secunia yet..!

Interestingly there are also some rendering inconsistencies: Google Chrome vs Safari 3.1 on Flickr (some CSS properties not working, border-radius not anti-aliased...).

privacy controversy

It really was a big first day for Chrome, with the first privacy concerns blogged within hours: Does Google Have Rights to Everything You Send Through Chrome? - ReadWriteWeb. Matt Cutts responds that all is above board: Preventing paranoia: when does Google Chrome talk to Google.com?

Let's cut to the chase. Google can do whatever it wants with any information you enter or reveal while using their products. There is nothing to stop them. So the real question is not can they do it - yes, they can - but do you trust them not to?

Do you trust Google?

odd name

I have to say the name does seem like an odd choice to me. For anyone who didn't know, the interface elements of a browser are called the 'chrome'. So we could end up having to talk about Chrome's chrome at some point.

More to the point though, chrome is generally shiny but non-functional bling; and 'chroming' is another name for petrol or glue sniffing. Neither association seems like something you'd want with your new product. Interestingly, Wikipedia has already been updated to include a reference to 'chroming' meaning 'to browse with Google Chrome'. I didn't realise things like that became canonised in a day, but hey ;)

I guess it's not like Opera, Firefox or Mozilla are the most immediately obvious names anyway (compare that with Navigator, Explorer, Safari - all related to finding things and travelling around). So who's to judge? :)

Anyway, so far I haven't seen an explanation from Google for the name. No doubt it's out there somewhere. Maybe it was buried somewhere in that cartoon (I haven't been able to get through the whole thing, I have to admit).

a bit of fun

Google threw a lot of geeky fun into Chrome. Options are labelled with things like 'stats for nerds'; entering about:internets into the address bar reveals a fun easter egg; and some of the error messages are a bit... unconventional:

OK, so actually I could have lived without my browser saying 'Aw, snap' to me before I had my coffee ;) I do wonder if this sort of geekyness will put off mainstream users - time will tell I guess.

so why is google doing this?

There's heaps of speculation going around regarding Google's motivation for releasing a browser. After all they don't need to do it, since people are having no trouble finding Google as far as I can tell...

I think the explanation probably goes back to a message that was loud and clear at Google Developer Day (literally, they openly said this): Google wants to be synonymous with everything you do on the web.

They want all their services' names to become verbs, I guess ;) Google it. YouTube it.

Basically Google are in a position that's probably unique: the more people use the web, the more money they make (from their ads). Literally, that's as specific as it needs to get for Google. So long as we're online, they make money. I don't think there are any other companies that can say something quite so broad and still be serious.

the google gloss

We'd had the first 'do we support Chrome?' question before we'd had lunch; and it wasn't just the tech staff that were talking about Chrome. People certainly do notice Google products.

Personally, I don't think Chrome is about to sweep the world and take over the entire browser market (that said, anything's possible). There's a big novelty factor right now, but it's not so fundamentally different from any other browser that you simply can't live without it.

It's fast, it's multi-threaded, it has tabs. Umm, just like most other browsers. Even the Wikipedia entry for Chrome is littered with 'like Opera' and 'like Firefox' references. There's even a 'like IE8' in there.

So it's probably not going to cruel the other 'alternative' browsers from the market. I do think it's a legitimate danger to IE though. It's the only other browser from a company the average punter has actually heard of.

Think about that - a lot of alternative and open source products get smashed by FUD tactics. "They're too small", "how do you know it's made properly" and that sort of crap. But it's harder to get that sort of FUD going over a product from a company as widely recognised as Google.

last thoughts

Google might attract conspiracy theorists as fast as geeks, but nobody thinks they're a flash in the pan. People who wouldn't try an open source product like Firefox might just give Chrome a go (they probably won't even notice Chrome's open source). People who've never heard of Opera won't know where they can already get speed dial and top placement of tabs. Lots of things that geeks think about simply won't matter.

I can see a lot of people trying Chrome even though they've always used IE. Quite a few of them will probably like what they see, too. It's a pretty good browser and it'd certainly be new and shiny after years of IE. That, or people will just stick with whatever they're already using, since habits don't change easily.

One thing is for sure - it's going to be interesting to see what happens next.

...

Update 2008.09.07 - It has come to light that Chrome does not support even basic accessibility features in its first release: Google Chrome Accessibility - The Paciello Group Blog. Google has a terrible track record for accessibility, so it's discouraging to see Chrome start badly in this regard.

Obviously it remains to be seen whether accessibility features are incorporated as the browser progresses. A comment at the Paciello Group Blog post suggests that Google do plan to incorporate accessibility features, they just didn't put them into the initial release. Here's hoping that's true.

Labels: browsers, chrome, firefox, google, ie, opera, safari

It seems that Firefox 3 will include an option to treat meta refreshes much the same way as popups - blocking them and alerting the user what the page wants to do. It's another step forwards in letting the user take control.

Of course, Opera users already have this option; using opera:config#UserPrefs|ClientRefresh. Neat, although an alert would be good; as would site-specific settings. Hopefully the feature will be refined in future versions.

Really though, either way is good as it gives the user a little more control over their browser. Automatic refreshes and redirects break accessibility recommendations. They're one of those things which gets written up as "until browsers provide a way to control...".

As these features become more widespread, the importance of fallback options will become even more critical. Just like scripts need a <noscript>, meta refreshes need a link in the document. Many pages don't have them, though; so no accessibility or SEO juice for them!

It serves as a good reminder that we should provide alternatives any time we modify the behaviour of a page. I have had people say in the past that meta refresh was so simple nothing could go wrong. Well, that assumption will bite them on the arse...! :)

We should always assume that somehow, somewhere such features will be disabled. It's not hard to provide an alternative, so it should remain our habit to do so.

how to disable meta-refresh

• In Opera 9 (Win/Mac): browse to opera:config#UserPrefs|ClientRefresh, then deselect the option and restart Opera.
• Firefox 2 (Win/Mac): install the Web Developer's Toolbar and click Disable → Disable Meta Redirects.
• In Internet Explorer 6 and 7: go to Tools → Internet options → Security tab → Custom Level button → Miscellaneous category → set "Allow META REFRESH" to Disable.
• Safari 2: currently I don't know of a way to disable it in Safari.

Labels: accessibility, browsers, disable, firefox, ie, meta refresh, opera

Back in 2005 I compared the patch rates of IE, Firefox and Opera. In the past few days the subject of browser security has come up a few times, so I thought I'd revisit the topic to see what (if anything) has changed.

data source

I'm using Secunia advisories again, to keep the data source consistent. The product pages are:

• Internet Explorer 7, Internet Explorer 6
• Firefox 2, Firefox 1
• Opera 9, Opera 8
• Safari 2, Safari 1

Note that Secunia's data starts from February 2003, regardless of each product's release date. You can investigate Secunia's methodologies if you will; there are some quirks. However I'm not after a perfect scientific investigation, so much as a broad strokes impression.

what am i comparing here?

Since each browser has a different release date and lifespan, comparing raw numbers of problems isn't really useful. However we can compare the percentage of patches/fixes from the vendor - it's not how many security issues were identified, rather it's about how many were fixed.

I would have added in "time to patch" and "days vulnerable" and so on, but Secunia doesn't currently graph that information (as far as I know).

I thought about sorting out standardised timeframes and so on, but the bottom line here is how secure can a user's browser be today? I say "can" since we can't assume that all browsers are up to date with the latest patch (or even close), but we can at least evaluate the potential for a conscientious user to keep up. After all, we can only apply the patches that are available.

Having discussed the user acceptance issue in the previous article (to patch or not to patch?) I won't rehash it here. However I will mention that according to Secunia Opera users really need to update their browsers.

patch rates - july 2005

First, let's remind ourselves of the data from 2005:

* Firefox advisories start from August 2004.
** Opera 7 and 8 are combined to create a better comparison in terms of the number of advisories.

[Note - yes I know it didn't really make sense to combine Opera 7 and 8, but both had a 100% success rate so it didn't really change the outcome.]

patch rates - january 2007

First off, let's compare the patch rates of the same browsers (and we'll add Safari so people don't accuse me of forgetting Macs). Remember that these are all superceded versions now:

So, no change for the three browsers compared last time. Safari slots in at second, after Opera and before Firefox.

Now let's have a look at the latest versions of the four browsers:

This produces very clear results, but the low number of advisories exaggerates the margins. The previous versions all have a higher number of advisories, but actually the only change in ranking is that Safari drops from second to third. The sharp drop in patch rate between Safari 1.x and 2.x makes it hard to get any useful conclusions - has Apple really dropped the ball?

For the other three browsers, the rankings remain:

1. Opera (100% patched, no change)
2. Firefox (50% patched, down from 87%)
3. IE (25% patched, down from 67%)

It's worth noting that the patch rate for both Firefox 1.x and IE 6.x improved between 2005 and 2007. However both dropped noticeably between their previous and current versions (same as Safari). The proportion is exaggerated by the low number of advisories for the newest products.

conclusions?

Well, one clear thing is that Opera is the only vendor with a 100% patch record according to Secunia. Opera is also the only vendor that maintained its patch rate between versions - in fact you have to go back to Opera 6 to find an unpatched advisory (and there's only one).

It's also clear that IE has the worst patch rate of all the browsers compared. You could say that's a result of having a much bigger user base and a correspondingly higher incident rate. But then Microsoft has more resources than the other three vendors combined so it's a pretty weak excuse for leaving security issues unpatched.

Meanwhile Firefox does pretty well for an open-source product, consistently beating IE - even if not by much. Apple meanwhile needs to get Safari 2 sorted out; but we'll see what happens as more data becomes available (for all four browsers).

So at this time Opera wins the patch stakes. The argument can be made that Opera attracts fewer attacks due to small marketshare. That could be true - there's no way to truly know, since malicious hackers aren't polled - but when I'm doing my banking I don't care if it's true. I just care that my browser is secure; and Opera currently has the best record for fixing security issues.

Labels: browsers, comparison, firefox, ie, opera, safari, secunia, security

This feeling has been brewing for a while: Firefox is turning into Internet Explorer. The attitudes surrounding Firefox draw ever closer to those attitudes it was supposed to destroy. Things people hate about IE and Microsoft are appearing in Firefox and the Mozilla Project.

What am I talking about? It mostly boils down to these points:

• Using one browser's popularity to justify not supporting other browsers
• Treating users of other browsers as inferior - "just use the popular one"
• Making up proprietary code which is only supported in one browser

People weren't happy to let IE get away with that crap, so why are they taking it from Firefox?

popularity contest - what is this, high school?

I thought we were supposed to be getting away from the days where users with a small marketshare were told "too bad". Sadly an increasing number of sites are appearing which work in IE and Firefox, but not Opera or Safari. Users of these browsers can rant and rave but they are inreasingly being met with blank stares - why won't you just use Firefox and shut up?

Major players lament having to support "niche browsers" and even people who should know better are starting to go live with sites that only work in IE and Firefox:

• Flickr's "notes" feature only works in Firefox, despite being one of the key features they promote.
• Blogger actively pushes users into using Firefox since their interface sucks in anything other than IE and Firefox: AOL users, as well as those unaccounted for here (Netscape, Opera, etc.), would be wise to use Mozilla Firefox in order to have the best possible experience using Blogger.
• Technorati's method of increasing the size of popular tags only works in IE and Firefox (maybe Safari, but I don't have a Mac handy).
• 37 Signals may be the darlings of the life hacking fraternity, but their products generally don't work in Opera so guess what? I don't use them.

What makes it even more interesting is the way many applications add support for other browsers later on. This indicates that it was entirely possible to support all browsers at go-live, but instead they ran early without bothering to finalise the product. Who cares about a few idiots who don't use IE or Firefox?

Most of this is based on the flawed assumption that browser stats are gospel. For all anybody really knows, Firefox's real marketshare could be a third of that reported in most log files (what with all the pre-fetching).

"quit complaining and just use Firefox"

People ranted at length about being told to "go use IE", yet don't seem to blink when directed to Firefox. Just because Firefox has some open source cool points doesn't mean people should be forced to use it.

What happened to letting the user choose? Did we decide that Microsoft was right after all - everyone should use the exact same software?

Worse still, many people seem to think Firefox is the only alternative browser. Firefox has been pushed so hard, people are treating it like "the other browser" instead of "another browser". Gratingly, articles are appearing with titles like Why You Should Consider Budgeting a Site Redesign for Firefox 1.5 Now (Yes Firefox). Argh! No! Redesign with standards, not "for Firefox"!

proprietary code

There's been quite a bit of noise surrounding the <a ping> feature being proposed for Firefox. Actually, it's not a feature for Firefox so much as a bit of proprietary code for developers to add to their pages. Wow, there's a thought - let's code our pages for just one browser. Let's stick "Best viewed in Firefox!" buttons on our sites and get in the popcorn to watch Browser Wars 2.0 unfold.

Does one feature really mark an entire project? Not really, but have you ever had the feeling you've just seen the thin end of the wedge? The ping attribute isn't even being proposed for a good reason - the justification is that some sites do stupid redirection monkey business in order to track hits. Why a browser maker should get involved is beyond me. Let those sites break if their redirections fail, for all I care. Don't make up new code!

firefox is not perfect

No matter what people say, Firefox is not perfect. It has bugs (table padding problems, anyone?), it has security flaws, it has a memory problem. It may have a larger marketshare than a few other browsers, but it's still a minnow compared with IE.

People should stop acting like it's perfect. Firefox is just another choice. Its marketshare could slip tomorrow - IE7 could take back everything Firefox gained; taking the "it's popular" argument back off Firefox. I'm sure Firefox users would still like to be supported even if that happened.

Unless we want to replace IE with Firefox, the industry needs to remember the original point of web standards: support standards, not browsers. Build once, publish anywhere, let the users choose the UA that's right for them.

Labels: browsers, firefox, ie, opera, safari, web standards

A timely interview with the Opera CEO can at least stop a few rumours: Slashdot | Opera CEO Jon von Tetzchner Answers Your Questions. Although the questions could have been chosen a little more carefully, it's still an interesting read.

Meanwhile Opera Watch had some fun thinking up the next companies which might buy Opera; and the names they'd have for the browser. Opera Watch: Next company to acquire Opera? | Opera Browser Blog. Yahoopera? Appera? Actually I think Apple would call it iPera.

Labels: google, ie, opera

We knew it was coming, now the time has officially arrived. IE5 for the Mac is no more. Internet Explorer 5 for Mac: Microsoft will end support for Internet Explorer for Mac on December 31st, 2005, and will provide no further security or performance updates. ... It is recommended that Macintosh users migrate to more recent web browsing technologies such as Apple's Safari.

Please listen, IE/Mac users: even Microsoft is recommending Safari. Please, stop using IE. It may have been a leader once, but those days are long gone. It's old and very, very busted. Let it rest now. OK?

Labels: browsers, ie, old browsers