the 200ok weblog

It's not every day a whole new browser comes out. It's even less common for that new browser to make lead story status in mainstream media outlets*. But today both happened as Google released their browser, Chrome.

Initial impressions are that its 'innovative features' are essentially an amalgam of other browsers; plus it uses bits of Safari, Firefox and IE (settings panel) so it's kind of Frankenstein's browser. But no matter what you think of its pedigree it does feel fast.

[*] Chrome's release was top story news at The Australian and news.com.au, for those of you playing at home. It might have been top story on other sites too, I didn't have time to look around. Standard disclaimer: I work for News Digital Media.

how fast is it?

Precisely how fast it is depends on who you ask. Naturally if you ask Google they'll tell you it's the fastest browser that has ever existed; although they tend to just talk about the Javascript engine rather than overall performance. Google's own Javascript benchmark yields the unsurprising result that Chrome is far quicker than the others.

Let's face facts, companies choose whichever benchmark makes their product look best. Other tests show different results:

• Slickspeed JS Test Results › drewrobinson.id.au. Short version: Opera and Safari win comfortably, Chrome and Firefox are runners up, IE7 loses a lot. I also get cited as an Opera fanboy (it's a long bow to draw).
• PannonRex » Shining Chrome: Browser Speed Tests. Short version: IE's really slow, Chrome narrowly beats the others.

So the only consistent result is that everything is faster than IE. I'm rather partial to Lifehacker: Speed Testing the Latest Web Browsers, where nobody won across the board :)

So, is Chrome fast? Forget the numbers, everyone says it feels fast and that's pretty much what counts at the end of the day. It's more of an emotional measurement. It's quick. Paint it red.

security and rendering flaws

Along with Webkit's benefits, Chrome also inherited its first security flaw: Serious Security Flaw in Google Chrome - ReadWriteWeb. It's not even listed as a product on Secunia yet..!

Interestingly there are also some rendering inconsistencies: Google Chrome vs Safari 3.1 on Flickr (some CSS properties not working, border-radius not anti-aliased...).

privacy controversy

It really was a big first day for Chrome, with the first privacy concerns blogged within hours: Does Google Have Rights to Everything You Send Through Chrome? - ReadWriteWeb. Matt Cutts responds that all is above board: Preventing paranoia: when does Google Chrome talk to Google.com?

Let's cut to the chase. Google can do whatever it wants with any information you enter or reveal while using their products. There is nothing to stop them. So the real question is not can they do it - yes, they can - but do you trust them not to?

Do you trust Google?

odd name

I have to say the name does seem like an odd choice to me. For anyone who didn't know, the interface elements of a browser are called the 'chrome'. So we could end up having to talk about Chrome's chrome at some point.

More to the point though, chrome is generally shiny but non-functional bling; and 'chroming' is another name for petrol or glue sniffing. Neither association seems like something you'd want with your new product. Interestingly, Wikipedia has already been updated to include a reference to 'chroming' meaning 'to browse with Google Chrome'. I didn't realise things like that became canonised in a day, but hey ;)

I guess it's not like Opera, Firefox or Mozilla are the most immediately obvious names anyway (compare that with Navigator, Explorer, Safari - all related to finding things and travelling around). So who's to judge? :)

Anyway, so far I haven't seen an explanation from Google for the name. No doubt it's out there somewhere. Maybe it was buried somewhere in that cartoon (I haven't been able to get through the whole thing, I have to admit).

a bit of fun

Google threw a lot of geeky fun into Chrome. Options are labelled with things like 'stats for nerds'; entering about:internets into the address bar reveals a fun easter egg; and some of the error messages are a bit... unconventional:

OK, so actually I could have lived without my browser saying 'Aw, snap' to me before I had my coffee ;) I do wonder if this sort of geekyness will put off mainstream users - time will tell I guess.

so why is google doing this?

There's heaps of speculation going around regarding Google's motivation for releasing a browser. After all they don't need to do it, since people are having no trouble finding Google as far as I can tell...

I think the explanation probably goes back to a message that was loud and clear at Google Developer Day (literally, they openly said this): Google wants to be synonymous with everything you do on the web.

They want all their services' names to become verbs, I guess ;) Google it. YouTube it.

Basically Google are in a position that's probably unique: the more people use the web, the more money they make (from their ads). Literally, that's as specific as it needs to get for Google. So long as we're online, they make money. I don't think there are any other companies that can say something quite so broad and still be serious.

the google gloss

We'd had the first 'do we support Chrome?' question before we'd had lunch; and it wasn't just the tech staff that were talking about Chrome. People certainly do notice Google products.

Personally, I don't think Chrome is about to sweep the world and take over the entire browser market (that said, anything's possible). There's a big novelty factor right now, but it's not so fundamentally different from any other browser that you simply can't live without it.

It's fast, it's multi-threaded, it has tabs. Umm, just like most other browsers. Even the Wikipedia entry for Chrome is littered with 'like Opera' and 'like Firefox' references. There's even a 'like IE8' in there.

So it's probably not going to cruel the other 'alternative' browsers from the market. I do think it's a legitimate danger to IE though. It's the only other browser from a company the average punter has actually heard of.

Think about that - a lot of alternative and open source products get smashed by FUD tactics. "They're too small", "how do you know it's made properly" and that sort of crap. But it's harder to get that sort of FUD going over a product from a company as widely recognised as Google.

last thoughts

Google might attract conspiracy theorists as fast as geeks, but nobody thinks they're a flash in the pan. People who wouldn't try an open source product like Firefox might just give Chrome a go (they probably won't even notice Chrome's open source). People who've never heard of Opera won't know where they can already get speed dial and top placement of tabs. Lots of things that geeks think about simply won't matter.

I can see a lot of people trying Chrome even though they've always used IE. Quite a few of them will probably like what they see, too. It's a pretty good browser and it'd certainly be new and shiny after years of IE. That, or people will just stick with whatever they're already using, since habits don't change easily.

One thing is for sure - it's going to be interesting to see what happens next.

...

Update 2008.09.07 - It has come to light that Chrome does not support even basic accessibility features in its first release: Google Chrome Accessibility - The Paciello Group Blog. Google has a terrible track record for accessibility, so it's discouraging to see Chrome start badly in this regard.

Obviously it remains to be seen whether accessibility features are incorporated as the browser progresses. A comment at the Paciello Group Blog post suggests that Google do plan to incorporate accessibility features, they just didn't put them into the initial release. Here's hoping that's true.

Labels: browsers, chrome, firefox, google, ie, opera, safari

Back in 2005 I compared the patch rates of IE, Firefox and Opera. In the past few days the subject of browser security has come up a few times, so I thought I'd revisit the topic to see what (if anything) has changed.

data source

I'm using Secunia advisories again, to keep the data source consistent. The product pages are:

• Internet Explorer 7, Internet Explorer 6
• Firefox 2, Firefox 1
• Opera 9, Opera 8
• Safari 2, Safari 1

Note that Secunia's data starts from February 2003, regardless of each product's release date. You can investigate Secunia's methodologies if you will; there are some quirks. However I'm not after a perfect scientific investigation, so much as a broad strokes impression.

what am i comparing here?

Since each browser has a different release date and lifespan, comparing raw numbers of problems isn't really useful. However we can compare the percentage of patches/fixes from the vendor - it's not how many security issues were identified, rather it's about how many were fixed.

I would have added in "time to patch" and "days vulnerable" and so on, but Secunia doesn't currently graph that information (as far as I know).

I thought about sorting out standardised timeframes and so on, but the bottom line here is how secure can a user's browser be today? I say "can" since we can't assume that all browsers are up to date with the latest patch (or even close), but we can at least evaluate the potential for a conscientious user to keep up. After all, we can only apply the patches that are available.

Having discussed the user acceptance issue in the previous article (to patch or not to patch?) I won't rehash it here. However I will mention that according to Secunia Opera users really need to update their browsers.

patch rates - july 2005

First, let's remind ourselves of the data from 2005:

* Firefox advisories start from August 2004.
** Opera 7 and 8 are combined to create a better comparison in terms of the number of advisories.

[Note - yes I know it didn't really make sense to combine Opera 7 and 8, but both had a 100% success rate so it didn't really change the outcome.]

patch rates - january 2007

First off, let's compare the patch rates of the same browsers (and we'll add Safari so people don't accuse me of forgetting Macs). Remember that these are all superceded versions now:

So, no change for the three browsers compared last time. Safari slots in at second, after Opera and before Firefox.

Now let's have a look at the latest versions of the four browsers:

This produces very clear results, but the low number of advisories exaggerates the margins. The previous versions all have a higher number of advisories, but actually the only change in ranking is that Safari drops from second to third. The sharp drop in patch rate between Safari 1.x and 2.x makes it hard to get any useful conclusions - has Apple really dropped the ball?

For the other three browsers, the rankings remain:

1. Opera (100% patched, no change)
2. Firefox (50% patched, down from 87%)
3. IE (25% patched, down from 67%)

It's worth noting that the patch rate for both Firefox 1.x and IE 6.x improved between 2005 and 2007. However both dropped noticeably between their previous and current versions (same as Safari). The proportion is exaggerated by the low number of advisories for the newest products.

conclusions?

Well, one clear thing is that Opera is the only vendor with a 100% patch record according to Secunia. Opera is also the only vendor that maintained its patch rate between versions - in fact you have to go back to Opera 6 to find an unpatched advisory (and there's only one).

It's also clear that IE has the worst patch rate of all the browsers compared. You could say that's a result of having a much bigger user base and a correspondingly higher incident rate. But then Microsoft has more resources than the other three vendors combined so it's a pretty weak excuse for leaving security issues unpatched.

Meanwhile Firefox does pretty well for an open-source product, consistently beating IE - even if not by much. Apple meanwhile needs to get Safari 2 sorted out; but we'll see what happens as more data becomes available (for all four browsers).

So at this time Opera wins the patch stakes. The argument can be made that Opera attracts fewer attacks due to small marketshare. That could be true - there's no way to truly know, since malicious hackers aren't polled - but when I'm doing my banking I don't care if it's true. I just care that my browser is secure; and Opera currently has the best record for fixing security issues.

Labels: browsers, comparison, firefox, ie, opera, safari, secunia, security

Q: When is a simple question not a simple question? A: When you need to get the answer out of Apple's website.

My simple question was this: what is the latest version of Safari? It sounds like a stupid question really, but bear with me here (and keep in mind I didn't happen to have a Mac handy).

My starting point: Friends who use Macs inform me that there are different versions according to which dot-point version of OSX a person is using. I know it's at least up to 1.2; and I've seen people talking about "Safari 2.0" so I'm pretty sure that exists.

So, needing an official source for the definite answer, I hit the Apple site. Being a geek, I make an educated guess at a URL.

http://www.apple.com/safari/ redirects to http://www.apple.com/macosx/features/safari/, which is all marketing fluff with one mention of 1.2 which I'm then told is out of date.

Having dealt with Apple Australia before, I try http://www.apple.com/au/safari/. I discover this loads with broken images and doesn't appear to have version advice anyway.

Somewhere along the line I try http://www.apple.com/safari/download/ ...well, at least I can confirm v1.2. But, like I said, our resident Machead has already assured me 1.2 is not the current version. Confusion reigns. Perhaps the only way to get the latest version is to install 1.2 and patch/update/whatever it's called on OSX. I still don't have the info I need, so onwards...

http://www.apple.com/support/safari/ lists versions of OSX but does not specify which version of Safari they contain. Even the update pages themselves are vague - eg. http://www.apple.com/support/downloads/macosxupdate1045.html just says it includes fixes ... [for] Safari rendering of web pages. The detailed information page (http://docs.info.apple.com/article.html?artnum=303179) still doesn't mention versions.

At this point I give up on Apple and try a straight up Google search for "safari versions". The first two results we've already seen; the fourth is a beautiful moment in nomenclature: Safari Experts: About Web Browsers (yes, a company that does Safaris has a page about browsers).

I try the third result, 'Safari Developer FAQ' (developer.apple.com/internet/safari/faq.html). It appears to be far too detailed, but out of idle curiosity I happen to click on a question about Safari user-agent strings. Then I notice this: As the list of historical build version information for Safari and WebKit indicates, both version numbers may contain a minor version and possibly a sub-version number as well.

Could it be? I click historical build version information and discover a page with the title "Historical User Agent strings"; and the heading "Safari and WebKit Version Information". I hardly dare hope, yet here is detailed information on versions. For the record: the latest version(s) are 1.3.2 on OS 10.3.9 and 2.0.3 on OS 10.4.5.

That wasn't hard at all! :-]

So what's the moral to the story? Well, first off, dealing with Apple's website gives me a headache - not to mention you shouldn't bother with the website, just go straight to Google. Second, websites need to state information which may seem horribly obvious to the author; because that information may not be obvious or available to the user.

If Safari is managed via OS patches, that's fine - but Apple needs to put that information on the Safari product and download pages. It doesn't have to be front and centre, it just has to be mentioned somewhere; after all I did find the (inaccurate) 1.2 version info way down the bottom of the product page.

Apple is a repeat offender on this one. They seem to assume at all times that you already have detailed knowledge about the product they're talking about (and, in the case of hardware, that you already own at least one). They assume you know their exact terminology for things; for example you don't "update the name attribute" or "change the volume label" on an ipod, in fact you're looking for the article "naming your ipod". As if it's a kitten.

The main Safari product page does not actually state the latest version number, despite talking about Tiger. Nor does it mention the fact that it's an entire version ahead on OS 10.4 compared with OS 10.3. If you don't happen to know your Tigers from your Panthers, there's no reason you'd suspect that people with OS 10.3 can't just upgrade to the latest Safari - but that's the deal, apparently.

So next time you're writing some documentation, remember to state the obvious. You might keep someone from needing a couple of paracetamol and a lie down.

Labels: apple, safari, version numbers

This feeling has been brewing for a while: Firefox is turning into Internet Explorer. The attitudes surrounding Firefox draw ever closer to those attitudes it was supposed to destroy. Things people hate about IE and Microsoft are appearing in Firefox and the Mozilla Project.

What am I talking about? It mostly boils down to these points:

• Using one browser's popularity to justify not supporting other browsers
• Treating users of other browsers as inferior - "just use the popular one"
• Making up proprietary code which is only supported in one browser

People weren't happy to let IE get away with that crap, so why are they taking it from Firefox?

popularity contest - what is this, high school?

I thought we were supposed to be getting away from the days where users with a small marketshare were told "too bad". Sadly an increasing number of sites are appearing which work in IE and Firefox, but not Opera or Safari. Users of these browsers can rant and rave but they are inreasingly being met with blank stares - why won't you just use Firefox and shut up?

Major players lament having to support "niche browsers" and even people who should know better are starting to go live with sites that only work in IE and Firefox:

• Flickr's "notes" feature only works in Firefox, despite being one of the key features they promote.
• Blogger actively pushes users into using Firefox since their interface sucks in anything other than IE and Firefox: AOL users, as well as those unaccounted for here (Netscape, Opera, etc.), would be wise to use Mozilla Firefox in order to have the best possible experience using Blogger.
• Technorati's method of increasing the size of popular tags only works in IE and Firefox (maybe Safari, but I don't have a Mac handy).
• 37 Signals may be the darlings of the life hacking fraternity, but their products generally don't work in Opera so guess what? I don't use them.

What makes it even more interesting is the way many applications add support for other browsers later on. This indicates that it was entirely possible to support all browsers at go-live, but instead they ran early without bothering to finalise the product. Who cares about a few idiots who don't use IE or Firefox?

Most of this is based on the flawed assumption that browser stats are gospel. For all anybody really knows, Firefox's real marketshare could be a third of that reported in most log files (what with all the pre-fetching).

"quit complaining and just use Firefox"

People ranted at length about being told to "go use IE", yet don't seem to blink when directed to Firefox. Just because Firefox has some open source cool points doesn't mean people should be forced to use it.

What happened to letting the user choose? Did we decide that Microsoft was right after all - everyone should use the exact same software?

Worse still, many people seem to think Firefox is the only alternative browser. Firefox has been pushed so hard, people are treating it like "the other browser" instead of "another browser". Gratingly, articles are appearing with titles like Why You Should Consider Budgeting a Site Redesign for Firefox 1.5 Now (Yes Firefox). Argh! No! Redesign with standards, not "for Firefox"!

proprietary code

There's been quite a bit of noise surrounding the <a ping> feature being proposed for Firefox. Actually, it's not a feature for Firefox so much as a bit of proprietary code for developers to add to their pages. Wow, there's a thought - let's code our pages for just one browser. Let's stick "Best viewed in Firefox!" buttons on our sites and get in the popcorn to watch Browser Wars 2.0 unfold.

Does one feature really mark an entire project? Not really, but have you ever had the feeling you've just seen the thin end of the wedge? The ping attribute isn't even being proposed for a good reason - the justification is that some sites do stupid redirection monkey business in order to track hits. Why a browser maker should get involved is beyond me. Let those sites break if their redirections fail, for all I care. Don't make up new code!

firefox is not perfect

No matter what people say, Firefox is not perfect. It has bugs (table padding problems, anyone?), it has security flaws, it has a memory problem. It may have a larger marketshare than a few other browsers, but it's still a minnow compared with IE.

People should stop acting like it's perfect. Firefox is just another choice. Its marketshare could slip tomorrow - IE7 could take back everything Firefox gained; taking the "it's popular" argument back off Firefox. I'm sure Firefox users would still like to be supported even if that happened.

Unless we want to replace IE with Firefox, the industry needs to remember the original point of web standards: support standards, not browsers. Build once, publish anywhere, let the users choose the UA that's right for them.

Labels: browsers, firefox, ie, opera, safari, web standards