Surfin’ Safari posted an interesting remark that highlights the power of suggestion.

There’s a tip floating around to speed up the Safari web browser by changing a hidden setting, “page load delay.” There are testimonials by people who are really impressed with how much faster Safari is after making this change. Only one problem: The setting doesn’t exist anymore in current versions of Safari (1.3 or later), so changing it has no effect.

The author of the shareware tool in question responded, saying that he honestly had no idea that the setting had been removed, and offering a refund to anyone who wanted their money back. And there are a couple of other optimizations it can make.

There are some things that the human mind just isn’t good at measuring objectively, and perception of time depends very much on circumstance. “Time flies when you’re having fun” and “A watched pot never boils” have been known for ages.

Here’s a surprise: web standardista extraordinaire Molly Holzschlag is now working with Microsoft to promote web standards within the organization.

Improving interoperability, especially at high-profile services like many of Microsoft’s, is critical to the future of the web. I can only hope that the emphasis on standards will feed into the design goals for Internet Explorer 8—and that IE8 will be released before Windows XP drops from mainstream to extended support in 2009.

Firefox.Opera.Opera Watch posted an interview with Firefox co-founder Blake Ross yesterday, in which he talks about Firefox, Opera, and the relationship between the two. When asked about the rivalry between fans of the browsers, he says, “I think it’s ridiculous. Millions of people out there rely on us to make the Web better, not have pissing contests.” I couldn’t agree more. In fact, I launched The Alternative Browser Alliance primarily in response to that rivalry.

I found it interesting that when asked to describe Opera in three words, Ross’ response was: “Our best ally.”

ISC is reporting a new type of vulnerability in web browsers that the discoverer has termed as “Reverse Cross-Site Request,” or RCSR.

Basically, on a site with user-generated content—like a hosted blog—it’s possible to add a form that looks like the site’s login form. If the victim has an account on the same site, and has asked their browser to save their password, it will auto-fill the form. If the attacker can somehow trick the visitor into submitting the form—say, with an invisible image submit button (ever clicked randomly? Or to get back to the page after looking at another window?)—the attacker gets the visitor’s password.

What’s new about this is that all it requires is plain HTML, not scripting, which most blog hosts and similar sites already block.

Chapin Information Services discovered the bug in Firefox 2, and reported it to Mozilla. It turns out that Internet Explorer 6 and 7 are also vulnerable, but only if it’s on the same page as the real login form. Mozilla is currently trying to determine the best way of resolving the problem without breaking all the passwords people have already saved. The ISC article links to the bug report, so you can follow the discussion. Microsoft has only said that they’re “aware of the issue.”

At the moment, I’m glad I don’t let web browsers save my passwords.

Opera BrowserIn an interview at Opera Watch last week, Opera CEO Jon von Tetzchner responded to the eternal question: with less than 1% of global marketshare, why should web developers make the effort to support Opera? His response demonstrates another perspective on the numbers:

I believe we have something like 10 – 15 million active desktop users. That is actually quite a lot of people.

If you try to think about it, the place that I’m come from is Iceland. I was born in Iceland, that’s three hundred thousand people – we have a lot more. The place I live is Norway – we have a lot more. Actually if you look at it, the US has about 300 million people that live here, 50 states, about 6 million in each state on average. So which states have people that you would like to ignore?

He goes on to add that Opera Mobile is installed on 40 million mobile phones, with an additional 7 million people actually using Opera Mini. And then there are devices like the Nintendo DS and Wii…

Going by 2005 numbers, only four states have 15 million people or more: California (36M), Texas (23M), New York (19M), and Florida (18M). So take the 10–15M desktop users, the 7M Opera Mini users, and even 10% of the 40M mobile install base, and you’re looking at 21–26 million—the equivalent of the population of Texas.

Put that way, it doesn’t seem so small.

If you’re already supporting Firefox, in most cases the changes to support Opera 9 are minimal. The recently-launched Opera Developer Community has has tools, articles, and other resources to help build cross-platform sites.

Unless, of course, you don’t mind writing off a potential audience the size of Texas.

I just read an interesting post from Microsoft’s Internet Explorer team on The IE7 User-Agent String. This statement in particular illustrates a problem not unfamiliar to Opera users:

There are a few remaining sites which fail to recognize IE7 because they are performing exact string matches to look for specific IE version strings. Those checks will need to be removed or updated to accommodate IE7.

Yes, you read that correctly: there are websites out there using bad browser sniffing code which will send the wrong code to Internet Explorer 7. In fact, they go on to say that they’ve released a tool which will let IE7 pretend to be IE6!

To enable you to workaround any remaining sites that block access to Internet Explorer 7, we developed the User Agent String Utility. The utility comes in the form of a small executable that opens an IE7 instance that sends the IE6 user agent string. It also provides a mechanism for you to report problem web sites to Microsoft so that we can follow up with the affected site owners.

I’ll admit to a certain amount of schadenfreude, but it also points up just how bad a strategy browser sniffing can be when done thoughtlessly: It effectively builds an expiration date into your website after which even the browser you designed it for will run into problems.

*This post originally appeared on Confessions of a Web Developer, my blog at the My Opera community.

Today I noticed a spike in traffic coming from a post on Spread Firefox where I had made a comment. Not a ton of traffic, just ~15 hits from the same page on the same day, but that’s unusual for traffic from SFX posts—especially old ones. I checked to see if it had climbed into the site’s list of top posts (the usual explanation), but it wasn’t there. I just couldn’t figure out what was causing the traffic.

Then I realized the author of that post had another story show up on Slashdot today. I discovered this chain of links:

  1. Slashdot: Just what has Microsoft been doing for IE 7?
  2. Idealog: Microsoft Drops The Ball on Internet Explorer 7 Standards Compliance [archive.org]
  3. SFX: Should NewsCloud.com Remain Firefox Only? [archive.org]
  4. The Alternative Browser Alliance (via signature in comment)

You can see how powerful the Slashdot effect is, if it can cause a noticeable (if minor) spike in traffic to a page 3 degrees away!

Of course, it pales next to being linked from the ISC Handler’s Diary, which seems to have pulled in 10 times as many visitors in 2 days. (Thanks!)