Browser-based attacks up

An interesting article, that shows why using a better browser is an important way to keep your computer secure. Perhaps we need to tell these people to stop using IE and start using Firefox. Nudge, nudge, [elbow in the ribs].

First downloads were the big risk. Then email became the big target. Now it’s the browser. What next?


IE 7 coming soon

Thanks to Asa for the heads up.

Apparantly IE 7 is in the works, with beta’s due this summer.

Should be interesting.

In other news, Firefox 1.1 due early summer. Browser Wars 2.0 round 2!


Don’t make browsers, make extensions

There’s been a ton of speculation regarding “gbrowser”, google’s alleged browser, Netscape’s Firefox based browser, now even thoughts Yahoo might be interested. Though I wonder if that really is beneficial to anyone involved?

I’m going to make the bold statement that custom browsers are bad, making extensions are good.

There are several reasons why custom browsers are bad:

  • Casual web surfers don’t always realize “Browser X, and Browser Y are custom versions of Browser A”. They see them all as different products. It’s confusing, especially when websites block them because of their UserAgent. “I’m not using ‘Netscape’, I use ‘Mozilla'”.
  • Anyone who distributes a browser is obligated to maintenance, statistically the vast majority in a project life cycle. Especially in regard to security updates. Get them out quick. It can sometimes involve some extra work, and has minimal benefit for the distributor.
  • Self-competition becomes a factor. One thing that confuses many people about switching to linux is the simple question of “what distro?” This question, and the inability to quickly make a decision turns many people away. Windows and Mac OS have the advantage of making it very easy.
  • Over branding. Yes there is such a thing. You put a brand in someone’s face for too long, and it loses it’s significance and impact. They overlook it. How many people actually notice a McDonalds when driving around? Most don’t even see them, simply because they are more common than traffic lights. Now how many notice less popular dining establishments? Quite a few.
  • Ineffective marketing. When you share 90%+ of the code, you share features with tons of others and really have very little to market. What you do have to advertise, is somewhat insignificant. Why download a new browser for a logo? Is that even a feature? Why can’t I just bookmark your page if I like it?

The Correct Approach
I personally believe the correct approach in this arena is extensions. A great example is the brand new Yahoo Toolbar, or SpeakEasy. Why are these the right way?

  • Both leave security to the Mozilla Foundation, users can get updates as soon as they are released, they don’t have to wait for the distro’s cobranded builds to become available.
  • Users get new features as the product is updated. Don’t need to wait for the distro to update the cobranded builds.
  • Users choose branding, can uninstall it if they wish.
  • Less downloading. I change from speakeasy to yahoo, I don’t need to download a new browser, just install the extension.
  • Cross platform. It’s much less work to support Mac and Linux users when you provide an extension rather than a custom build. Get the whole audience.
  • Lower cost. It’s much less development to release an extension rather than a browser.

What do they lose?
Really nothing. You can do pretty much everything via extensions. You can create a skin, add features, overlay menus, add toolbars etc. etc. There’s quite a few possibilities.

Releasing your own browser, unless you really make radical changes (Camino, Galeon, K-Melon) is somewhat of an ineffective use of resources. You can accomplish the same thing, while providing better service to customers by trying to use an extension framework. Extensions by nature have less development requirements, easier to update, allow the user to have the latest browser, and give the user choice.

I personally think Yahoo and Speakeasy have done an excellent job. They accomplished their goal and really addressed the point I’m trying to make in this post. I just hope some other companies will seriously consider what they are doing, before they try and get their users to install hacked up copies of Firefox.

Extensions and Themes are the best way to customize a browser. If at all possible, try to keep within those frameworks. You’ll thank yourself later when you realize that you need little/no changes to work perfectly with Firefox 1.5 or later.


After Asa and djst started I couldn’t resist

After Asa, and djst started redesigning the toolbar, it got me thinking. What would be the best config for the general user? So I got playing, and here’s what I came up with:

Option 1

Toolbar 1

This is more compact, and better (IMHO) for larger displays at higher resolutions. There icons are selected and positioned based partially on IE parity, as well as a few are placed to introduce Firefox Advantages (new tab). Secondly they are spaced and catagorized appropriately (core navigation features, url bar, quick search, browser accessory features).

Option 2

Toolbar 2

This is even more of a feature parity, and keeps the same concept. The big ‘advantage’ here is that the URL is more visible on smaller displays. Not sure if that long is needed. Most end users will only enter domains, not long url’s, so having that much space is mostly irrelevant.

The one button that would be cool to have with either is a second bookmark button to add the current page as a bookmark. That way even such a feature as bookmarking is visually represented easily in the interface.

Ideally I see three goals:

  • Parity, reduce the learning curve for potential new users.
  • Optimize screen real-estate. As much page space as possible. Minimize clutter.
  • Make common features, and our ‘best parts’ visible. Such as the go button, quick search, as well as tabs (it’s a big feature).

End users aren’t learning key commands. That’s why they like GUI’s. So things like tabs become much more accessible as a button than as a menu option in the file menu. That’s obscure, and users don’t see it. But as a button it’s easily accessible.

Comments welcome.


Prevent websites from removing right-clickability

Between being sick the other day, and studying for some serious tests next week, I’m reading and seeing things (and not other things). Disregard. For historical purposes only until further notice.

First let me say on a personal level, I’m very much in favor of bug 86193. But I’m not sure everyone will be as thrilled as I am.

The web browser serves as the vehicle to the corporate intranet. A vast resource of company resources. The problem many companies have had with making their companies assets available on the intranet is stealing. It’s harder for an employee to go into a document storage facility, and steal some folders. It’s very easy for someone to browse into the companies document retention system and lift some very important data.

But enough background, what does this have to do with Mozilla?

I’ve got a small suspicion, this could cause Mozilla to loose a chance at being the browser of choice in the workplace, with this patch. The problem is many companies are deploying Asset Management Software. They want employees to browse the resources, and easily work with them as necessary, and per company protocols. What they don’t want, is a user just saving to their HD. As a result, with software like this, right click is often disabled (see bug), and various other methods are used to obscure the image (funny CGI’s that save with file name and improper extension, etc.).

Granted there is no 100% security on the web, and a user could also take a screenshot, or http dump, or one of the many methods available (get Page Info and go to the media tab). Most of these methods are out of reach (or at least knowledge) of the casual user. Meaning, the assets are at least safe from the general user who wants to take advantage.

Again, this is nothing more than a reflection, with some knowledge of such systems. It’s not meant to spark a huge debate, or a flame. Just a thought out loud. Because that’s what the internet is all about.


HTTP Decompression Bombs

Interesting find here. Just FYI.



As undoubtably, everyone will blog in the next 24 hours… New has been launched. Looks great. Also has a wonderful end user focus.

One thing I would do, is make a subdomain for corporate customers. Gear the same information, but corporate advantages (why Mozilla is good for an organization). How to deploy? Security? Updating? Customizing? Branding? etc. These corporate users involve thousands of users per company. And remember. Convince 1 company, and potentially thousands of users are exposed to Mozilla. That means some will undoubtedly, download for home use.

An ISP targeted subdomain may not be a bad idea either.

While not technically end users. These customers will advertise for the Mozilla project. All have reason to consider Mozilla. For example licensing. Mozilla is free distro for all OS’s. Great for ISP’s. Can be customized, etc.

Food for thought.


Mozilla 1.5b Out

As Asa noted the other night, Mozilla 1.5b is coming real soon…. and now it’s out!

Horray, download now. Enjoy the lizard. New since 1.5a is:

  • Mozilla now includes a spellchecker for MailNews and Composer.
  • Mozilla MailNews now supports the printing of the attachments list.
  • The 0.9.x branch has landed and brought many improvements to ChatZilla, Mozilla’s internet relay chat client.
  • MailNews users can add header lines to *every* msg sent out via a certain identity.
  • A common application hang with SSL-encrypted SMTP connections in MailNews was fixed.
  • Unstyled XML display has been improved.
  • Users can now mark message as read by date in MailNews.
  • Gecko now supports setting color for HR and br tags.
  • A common problem collapsing the URLbar popup on Windows has been fixed.
  • Mozilla’s view source now displays line and column numbers in the status bar.
  • Mozilla has improved performance, stability, standards support and web compatibility.

Download and spread the word.


Rendering Issues

Lovin’ anything browser/html related.

David Hyatt has an interesting post on Browsers. A good read for any developer. A very good read. Interesting notes.

When designing this site, I wanted to be very compatible. Good code, and I am. Works in all browsers I tested.

Apple Software

Safari Madness

I’ve used it before, but today I gave Safari a real go. Despite the fact that some bugs exist, it does a pretty good job. My biggest complement goes to the UI. It’s clean, simple, and totally Apple. It shares the same DNA as Steve Jobs.

I also like the snapback and iSync functionality. Some nice little Apple features make web browsing pleasant. Rendering is pretty good, fast, clean, and pretty compatible.

Still though, I favor Camino. From the pages I tested (including my own) it loaded faster, and had the best rendering of the two browsers (both of which blow Internet Explorer away). The biggest incompatibilities I’ve noted are mainly with JavaScript not functioning properly (especially sites with large complex scripts) or some XHTML pages. All of which Camino and Mozilla do very well.

IMHO the winner is still Camino, and the entire Gecko line of browsers, although Safari gets an honorable mention. It’s UI features are clearly superior.

I don’t think many sites will cater to KHTML browsers though. I think it’s much more likely for them to test in Netscape or other Gecko browsers, than KHTML based browsers. As a result, Gecko based browsers will most likely always have an upper hand in compatibility, unless KHTML manages to really keep up, despite the never ending obstacles that lie in it’s way.

A side note: I’m need to check out OmniWeb (the WebCore version), and give that a go. I haven’t gotten to that yet.