Items tagged browsers
Filters: browsers ×
Google is not trying to break the web by pushing for more HTTPS. Neither is Mozilla and neither are any of the other orgs saying “Hey, it would be good if traffic wasn’t eavesdropped on or modified”. This is fixing a deficiency in the web as it has stood for years.
I’d say no.[... 89 words]
Velocity: Forcing Gzip Compression. Almost every browser supports gzip these days, but 15% of web requests have had their Accept-Encoding header stripped or mangled, generally due to poorly implemented proxies or anti-virus software. Steve Souders passes on a trick used by Google Search, where an iframe is used to test the browser’s gzip support and set a cookie to force gzipping of future pages. # 30th September 2010, 5:45 pm
WebKit, Mobile, and Progress. Alex Russell responds to PPK’s analysis of the many different WebKit variants in today’s mobile phones, pointing out that the replacement cycle and increasing quality of WebKit in more recent phones means the situation still looks pretty good. # 10th October 2009, 12:28 am
CSS 3: Progress! Alex Russell on the new exciting stuff going in to CSS 3 based on real-world implementations in the modern set of browsers. Of particular interest is the new Flexible Box specification, which specifies new layout primitives hbox and vbox (as seen in XUL) and is already supported by both WebKit and Gecko. # 22nd August 2009, 11:52 am
MoD sticks with insecure browser. Tom Watson MP used parliamentary written answers to find out that the majority of government departments still require their staff to use IE6, and not all of them have upgrade plans to 7 or 8. Not a single department considered an alternative browser. “Many civil servants use web browsers as a tool of their trade. They’re as important as pens and paper. So to force them to use the most decrepit browser in the world is a rare form of workplace cruelty that should be stopped.” # 24th July 2009, 10:18 am
HTML 5 Parsing. Firefox nightlies include a new parser that implements the HTML5 parsing algorithm (disabled by default), which uses C++ code automatically generated from Henri Sivonen’s Java parser first used in the HTML5 validator. # 11th July 2009, 11:36 pm
Firefox 3.5 for developers. It’s out today, and the feature list is huge. Highlights include HTML 5 drag ’n’ drop, audio and video elements, offline resources, downloadable fonts, text-shadow, CSS transforms with -moz-transform, localStorage, geolocation, web workers, trackpad swipe events, native JSON, cross-site HTTP requests, text API for canvas, defer attribute for the script element and TraceMonkey for better JS performance! # 30th June 2009, 6:08 pm
Google asked people in Times Square:“What is a browser?”. Stuff like this makes me despair for creating a secure web—what chance do people have of surfing safely if they don’t understand browsers, web sites, operating systems, DNS, URLs, SSL, certificates... # 20th June 2009, 1:25 am
Changes in Opera’s user agent string format (via) How depressing... Opera 10 will ship with 9.80 in the User-Agent string because badly written browser sniffing scripts can’t cope with double digits. # 28th May 2009, 1:16 am
Critical Mac OS X Java Vulnerabilities. There’s a five month old Java arbitrary code execution vulnerability which hasn’t yet been patched by Apple. Disable Java applets in your browser until it’s fixed, or random web pages could execute commands on your machine as your user account. # 19th May 2009, 7:07 pm
Cross Browser Base64 Encoded Images Embedded in HTML (via) Scarily clever. View the PHP source to see what’s going on—most browsers get image tags that use data URIs starting with data:image/png;base64, but IE gets served a Content-type:message/rfc822 header and a MIME formatted multipart/related document, as used by e-mail clients to embed inline image attachments. # 17th April 2009, 4:12 pm
10 Cool Things We’ll Be Able To Do Once IE6 Is Dead. Highlights include child and attribute selectors, 24bit PNGs and max-width and min-width. Simple pleasures, but I can hardly wait. # 15th April 2009, 2:17 pm
Pwn2Own trifecta: Hacker exploits IE8, Firefox, Safari. You just can’t trust browser security: Current versions of Safari, IE8 and Firefox all fell to zero-day flaws at an exploit competition. None of the vulnerabilities have been disclosed yet. # 19th March 2009, 3:30 pm
CSRF is not a security issue for the Web. A well-designed Web service should be capable of receiving requests directed by any host, by design, with appropriate authentication where needed. If browsers create a security issue because they allow scripts to automatically direct requests with stored security credentials onto third-party sites, without any user intervention/configuration, then the obvious fix is within the browser.
Getting OpenID Into the Browser. David Recordon makes the case for online identity management as a key browser feature (I like the “your browser is currently locked” concept), and argues that Gears is in a great position to deliver it. # 3rd December 2008, 10 am
The March of Access Control. The W3C Access Control specification is set to become a key technology in enabling secure cross-domain APIs within browsers, and since it addresses a legitimate security issue on the web I hope and expect it will be rolled out a lot faster than most other specs. # 19th November 2008, 8:40 am
The greatest coup Microsoft pulled with Internet Explorer was putting the word “Internet” in its name. It sits there, on the desktop of every new Windows computer, and it says “Internet”. So you click it. [...] What better way to beat a browser with the word “Internet” in its name—a browser that seemingly can’t be beat no matter how hard we try—than the Internet Company itself making a browser?
Why do browsers still not have file upload progress meters? Great question. # 26th June 2008, 8:27 am
When Bugs Collide: Fixing Text Dimming in Firefox 2. Handy tips from Drew on fixing the glitchy text rendering in Firefox 2 when you animate opacity without breaking alpha-transparent PNGs in IE6. # 19th June 2008, 6:09 pm
If we see good usage, we can work with browser vendors to automatically ship these libraries. Then, if they see the URLs that we use, they could auto load the libraries, even special JIT’d ones, from their local system. Thus, no network hit at all!
Flirting with mime types [PDF] (via) Different browsers have different rules for which content types will be treated as active content (and hence could be vectors for XSS attacks). IE uses a blacklist rather than a whitelist and hence rendered active content for 696 of the tested content types. # 14th April 2008, 8:18 am