Category: Web Browsers

Posted on
by

Last month, eWeek reported that PayPal intends to block unsafe browsersfrom accessing their site. They’ve focused on phishing detection and support for Extended Validation SSL Certificates. So what are these features, and why does PayPal think they’re critical? And just which browsers are they likely to block?

Phishing protection has an obvious appeal for a site whose accounts are one of the biggest phishing targets on the web.  Opera 9.1 and up, Firefox 2, and Internet Explorer 7 check the websites they visit against lists of known fraudulent sites. These browsers will warn the users before they accidentally type their credentials into a bogus log-in form. While this makes no difference when a user is already on PayPal’s site, it does mean the user is less likely to get his or her password stolen, and thieves are less likely to carry out fraudulent transactions with the account.

Extended Validation or EV certificates are like normal SSL certificates: they encrypt your web activity to prevent eavesdropping. What makes them different is that EV certificates require the issuer to verify the site owner more thoroughly. Browsers with EV support will display an indication that the site has been verified, usually by turning part or all of the address bar green. This is intended to give the user greater confidence that the site is legit. EV certificates are currently supported by IE7 and development versions of Opera 9.50 and Firefox 3. (You can preview a version of Opera with EV support by downloading Opera 9.50 beta 2.)

(It’s worth noting that Opera 9.50 beta 2 is stricter about verifying EV certificates, and will not show PayPal with a green bar because it loads images and scripts from another site. More recent preview releases will, like IE7 and Firefox 3, be satisfied if the main page is EV and the resources are all protected by regular SSL.)

So which browsers might get turned away at the gate?

In a follow-up story, PayPal clarified that they have absolutely no intention of blocking current versions of any browsers, and that they would only block obsolete browsers on outdated or unsupported operating systems. So an Opera 9 user on Windows XP isn’t likely to get shut out of PayPal anytime soon. But a Windows 98 user might have cause for concern.

Browser detection is extremely tricky to get right, requiring frequent adjustments. It looks like PayPal intends to take the minimalist approach: Assume most browsers are capable of handling what you send them, and only block the problematic ones.

(Originally posted at Opera Watch as a follow-up to Blocking IE6)

Posted on
by

Opera Software has just released a new beta version of the desktop web browser, Opera 9.50 beta 2. The splash page makes me think of something a bit different, though:

Opera 9.5 beta
Speed, security, and performance matter.

Now, we’ve made the fastest browser in the world even faster. Opera’s new beta is quicker to start, faster at loading Web pages and better at running your favorite Web applications.

Hmm, a red and yellow blur, zooming across the view? And an emphasis on speed? That reminds me a bit of this guy:

The Flash

Opera has long promoted itself on its speed, and it has used a super-hero theme in its advertising before. The vaguely Superman-like* “Opera Man” was used heavily in advertising Opera 8, despite being ridiculed by most of the browser’s user community.

So why not a subtle reference to the Flash?

*Blue costume + red cape. Hey, if a blue shirt and red jacket work for Clark on Smallville, you know the color scheme has become iconic.

Posted on
by

IE7On Thursday I stumbled across a campaign to Trash All IE Hacks. The idea is that people only stay on the ancient, buggy, feature-lacking, PITA web browser, Internet Explorer 6, because we web developers coddle them. We make the extra effort to work around those bugs, so they can actually use the sites without upgrading.

Well, yeah. That’s our job.

And a bunch of random websites blocking IE6 aren’t going to convince people to change. If I were to block IE6, or only allow Firefox, or only allow Opera, I’d have to have seriously compelling content to get people to switch. Mostly, people would get annoyed and move on. Who’s going to install a new browser just so they can read the history of the Flash? Or choose an ISP? Or buy a product that they can get from another site?

Slapping the User in the Face

It’s so easy for someone to walk away from your site. One of the tenets of good web design is to make the user jump through as few hoops as possible to accomplish whatever you want him/her to do. Every hoop you add is an obstacle. Too many obstacles, and they’ll just go somewhere else more convenient.

Back when I was following Spread Firefox, every once in a while someone would suggest blocking IE. Every time, people like me would shoot it down. Continue reading

Posted on
by

NetscapeFlock. When AOL first announced they were discontinuing Netscape, they recommended Firefox (a logical choice for many reasons). Since then, they’ve also started heavily promoting Flock—to the point of offering seamless upgrades from NS8 to Flock. (In theory, anyway; I fired up the copy I had for testing and couldn’t get it to do anything but update to the most recent 8.x version. Confirmed. I let it sit open in the background for a while, and it eventually popped up the offer for 1-click Flock migration.) Netscape 9 has an update notice that offers to download Flock or Firefox.

The key issue, of course, is moving as many users as possible from a discontinued browser—there’s no doubt that security holes will be found in it over time—to one that is actively maintained.

Why Flock, specifically? Well, sticking with the same toolkit and user profile makes migration easier, so that narrows the field to Firefox and Flock. (Not sure about SeaMonkey’s profile.) Since Netscape 8 and 9 were big on integrating with websites, Flock’s “social browser” seems a slightly better fit. And it turns out most of the Netscape 8 team went on to build Flock. Talk about social networking!

(via Flock: The Netscape Spirit Lives On)

Posted on
by

Lisa the Barbarian: A woman poses with a viking helmet and a sword…and an Opera Browser T-shirt. (via Espenao’s Opera the Barbarian)

CNET UK presents The 30 dumbest videogame titles ever, including “Spanky’s Quest,” “Ninjabread Man,” “How to Be a Complete Bastard,” “Touch Dic” and “Attack of the Mutant Camels.” (via Slashdot).

Cowboy Bebop at His Computer — examples of media articles (especially about pop culture) in which the reporters (and editors) clearly didn’t do their research. The title comes from a caption on a still from Cowboy Bebop. That’s not the character’s name, and the character in question is female. It probably is her computer, though.

Archeophone Records: Actionable Offenses: Indecent Phonograph Recordings from the 1890s. Comedians telling bawdy stories, recorded on wax cylinders. The write-up is PG, though the track list looks to be at least PG-13. Looked up after reading NY Times’ article on voice recordings from 1860 (recorded with ink on paper), which is also worth a read. (via Slashdot)

Edit: Forgot to list the (temporary?) resurrection of 1994-era home.mcom.com, the website of what was then Mosaic Communications Corporation and would soon be renamed Netscape. Subsequently picked up by Boing Boing and Slashdot. For more old web browsers, check out the Browser Archive at evolt.org. (via Justin Mason)

Posted on
by

Safari LogoGrabbed the new Safari 3.1 this morning, both at work (WinXP) and on the laptop at home (Leopard). Noticed that the website no longer says “Beta” for the Windows version.

Oddly enough, there doesn’t seem to be much chatter from the browser community about it, at least not on sites I follow from work. There may be 25 posts on my RSS reader at home, for all I know.

I wish Apple would make the release notes easier to find. I clicked on the “more info” link in Software Update at home, but didn’t have time to really read it. I wanted to check the list at work, but there’s no menu item, it’s not visible on Apple’s website, and their search engine hasn’t indexed it yet. I had to search Google, and found it from some random person’s Twitter post. (Oh, and Apple? As long as I’m giving you advice, you’re running your site on Apache. Apache has a feature called mod_speling [sic] that will automatically correct a single-error typo when someone hits your site. I highly recommend that you look into it instead of handing out a 404 error whenever someone’s finger slips.)

User interface seems mostly the same as 3.0.

Not sure if it’s new or I just never noticed it, but the history menu has an option to reopen all windows from the previous session. It isn’t the automatic recovery offered by Firefox or Opera, but it’s the next best thing—and quite handy for cases when, for instance, Norton Antivirus has just updated itself and popped up a “will reboot in X seconds” warning, which you didn’t see because you had too many windows open. *ahem*

I believe this is the first browser released that supports embedding TrueType fonts. (IE has been able to embed fonts for years, but you had to convert them first, which may be why you don’t see too many these days.) When WebKit first added the feature last fall, I tested it out on my Les Mis page.

I really like the new developer tools (Prefs→Advanced→Show Develop menu), especially the network timeline. This, combined with YSlow on Firefox (itself an extension to Firebug), will be extremely useful for optimizing site performance.

It gets 77/100 on the Acid3 test, much better than Safari 3.0, which only scored 39/100. WebKit looks like it’s on track to be the first engine to pass again, having hit 93/100 yesterday. Oddly enough, the Acid2 regression is still present on XP (need to compare to the Mac version it displays correctly on the Mac), with an orange band covering the eyes and the border to the right of that band red instead of black.

Another odd thing: when it’s really busy, it seems to revert to a standard window frame instead of its own skin.

Who wants to bet that .Mac will be one of the first webapps to really make use of offline storage?

Posted on
by

FirefoxOne of the biggest complaints about Firefox since 1.5 was released has been its high memory usage. Go to a forum anywhere and you’ll get people griping about “have they fixed the leak yet?”

It is, of course, much more complicated than that. There are caches, fragmentation, places where memory is used inefficiently, bunches of small leaks, leaks that only happen under specific circumstances, leaks in extensions, leaks triggered by combination of extensions, etc.—not one single leak that can be fixed. And then there was the unfortunate post in which one Mozilla developer (I’m too lazy to look up who) pointed out that 1.5 stored more information in memory, and that probably had a bigger impact on total memory size than actual leaks, which many people on the Internet jumped on as “It’s not a bug, it’s a feature.” (Why should they bother to read what was actually stated, when they can just read a misleading but sensational summary?)

A lot of the small leaks were patched in bugfix releases for 1.5 and 2.0, but really big changes are coming in Firefox 3. Mozilla’s Pavlov has written a detailed post on Firefox 3 Memory Usage, describing the different categories of memory improvements that have been made in the Firefox 3 development cycle.

I wouldn’t be surprised to find that this is one of the big reasons Firefox 3 has taken so much longer than previous releases. I suspect it’s time well spent, though, and users will be happier with a later, lighter Firefox than with one that shipped earlier, but used just as much memory.