… publicadas pela McAfee, no blog Security Insights, onde George Kurtz apresenta algumas das conclusões que retiraram, na sequência da análise forense que tem vindo a ser realizada após a divulgação, na semana passada, dos ataques dirigidos a várias empresas globais, incluindo a Google. Alegadamente, a partir da China. Vale a pena ler: Operation
.Aurora
hit Google, others
No blog oficial do Gmail:
Em 2008, introduzimos a opção de usar sempre HTTPS — cifrando o email em trânsito entre o browser e os nossos servidores. A utilização de HTTPS ajuda a proteger os dados contra a leitura ilegítima, como em pontos de acesso público sem fios. Inicialmente deixámos a escolha da sua adopção aos utilizadores, porque há um lado negativo: o HTTPS pode diminuir a velocidade de transmissão do mail, porque os dados cifrados não atravessam a rede tão depressa como os dados em claro. No entanto, nos últimos meses, temos avaliado o balanço entre a segurança e a latência e decidimos que activar HTTPS para todos os utilizadores seria a coisa certa a fazer.
in Default https access for Gmail
.
Até que enfim. E devia ser adoptado em todos os serviços que manipulam e transmitem informação potencialmente confidencial.
Google has just launched its very own public Domain Name System resolver, with which the company hopes to speed up internet traffic. The search giant claims its DNS is more secure (through protection against cache poisoning attacks) and faster than others.
Google has fixed bugs in Google Chrome Frame, including one that Microsoft called out as a security problem.
By Scott M. Fulton, III, Betanews
If, as Google says, a Web browser is not so much an application but a platform upon which a new class of applications may be built, then that platform must provide support. It needs to give its users the ability to accomplish tasks, and to devise new and better ways to accomplish them better. For as we all know now, “browser” is an inappropriate word for the thing we use to communicate with the Web using HTTP, because the Web is becoming a space for everyday applications deployment. Especially in the content industry, active work takes place within the browser, much more so than passive amusement.
To that end, a browser may serve either as a springboard or a plank.
Despite Google Chrome’s achievements, the crucial element of support remains missing. For all the spotlight we’ve given Chrome for being the fastest Web browser on Windows, it does not yet serve the purpose of supporting users and helping them to make their online tasks more efficient. This is why Google’s expert tuning of its V8 JavaScript engine for Chrome is so important, because the browser has truly evolved into a JavaScript platform rather than an HTML platform.
For everyone I know who has, over the last year, made the switch from Microsoft Internet Explorer to any other browser, the reasons have had less to do with security than in the past. People who are compelled to switch are tired of how slow IE has become, and the sinking feeling that it’s getting slower — a feeling which Betanews confirmed this week with actual facts. If you’re the manufacturer of a competitive browser, and you have the opportunity to offer your customer a free alternative that’s close to 21 times faster overall than IE, and your brand is not only one of the most recognized in the world but the only one analysts believe can truly challenge Microsoft, you’d think there would be an exodus of mass proportion.
There has been no such exodus. The reason is because, despite the number “4″ on the version currently under development, Chrome gives one the feeling that it’s never been finished once.
In a way, it doesn’t make sense to have a JavaScript engine that’s as good as it is, running a platform that is so minimalistic. As the manufacturer of any set-top box can tell you, a viewer’s entire experience in front of his TV can be ruined if the functionality of the program guide isn’t solid. A browser user’s bookmarks list is the counterpart of the program guide; it’s “what’s on,” and it’s also how to get there.
Not that a list of folders and bookmarks is anywhere near as informative as an STB’s program guide. But for years, Firefox has had the good sense to enable users to open the bookmarks list in their sidebar, to open and close it with a keystroke (Ctrl-I) and scroll through it using a scroll bar. For IE8, Microsoft added an appealing and versatile Favorites menu that opens with the same keystroke (as part of an effort to win back refugees to Firefox). This menu starts off life as a pop-up, but can then be pinned to the left side as a sidebar. Then it too can be switched from Favorites (bookmarks) to RSS Feeds and browsing history. It’s a versatile feature that Microsoft has thought through, and that performs well.
In Chrome 3, the Bookmarks Bar was only part of the New Tab screen, and was actually provided by a Google Web page. With Chrome 4, the Bookmarks Bar becomes a feature of the actual program (along with curious re-additions such as an actual button for the home page, a recent Google discovery). But the complete list of bookmarks is only available through an “Other Bookmarks” menu on the right. Clicking on this button pulls up a drop-down menu, whose folders in turn pull up other pop-up menus. So you’re not perusing a folder tree as with Firefox or IE; instead, you’re scrolling through pop-ups. And you’re scrolling slow…ly… because these are classic menus; there are no scroll bars. So if you have a long bookmarks list, you’re not going anywhere fast.
That I’m no fan of Chrome’s bookmarks system is nothing new — I first called attention to this last June. Back then, Chrome 3 was on the “beta” and “dev” tracks, while Chrome 2 was the version declared stable. Here I noted that Firefox 3.5 was more adept at searching for stored bookmarks by various criteria than Chrome, the browser from the company that’s supposed to be known for search.
But I’m not exactly the only one screaming for functionality out here. Our own Fileforum features reviews from testers over the months who have explicitly asked why Chrome seems to be all chassis and no interface. “It’s as useful as a chocolate fireguard,” wrote madmike; “very bland, short on features, but competent,” wrote bobad; and, “I wish they could make it look and act like Firefox,” wrote CyberDoc999.
Next: Shelving basic functionality under “Other…”
Shelving basic functionality under “Other”
That the Google Chrome user might only keep eight or so Web sites on her New Tab page, plus a handful of “Other Bookmarks” in a menu that should never grow large enough to have to be scrolled; that History is a separate page and not a function you can use side-by-side with other pages; that Chrome lacks the ability to even add the searching, researching, and translating functionality that Google makes for its own Toolbar for IE and Firefox; and that the button for the home page is a new feature that’s just now being tested, are all indications that Google only projects its browser will be used lightly and occasionally, by folks who’ll do a Google query, read the result, and come back to Google. If that’s truly the case, one wonders why Google actually bothers making its underlying JavaScript engine as good as it is — effectively mounting a V8 engine to a tricycle.
In fairness, Mozilla Firefox also lacks that functionality. But Mozilla knows how to help users make Firefox more functional: through a wide array of add-ons, along with a developers’ community that’s nurtured and educated in the ways of making proper software without so much initial trial-and-error.
Plug-ins and add-ons to Chrome do exist, and forums such as this one have cropped up in anticipation of a burgeoning market in these things at some future date. But for now, the theme of these sites appears to be stuck with themes. Even now, when skinning of some applications has become an art form that has brought forth its own grass-roots competitive “Olympics,” Chrome themes are a throwback to the Netscape Navigator era, sometimes comprised of celebrity photos cropped so that their faces fit just inside the tab area, decorated like the bedroom of some Disney Channel star.
Tell me you’d actually intentionally make your own Web browser look like a just-fertilized lawn.
While Internet Explorer is dog slow, and now slower by the month, version 8 has functionality and, for the first time in IE’s existence, a reasonable degree of versatility. It also is relatively stable — crashing is not its problem. Crashing is a Firefox trademark — to this day, the “stable” version crashes on average 1.5 times per day for me, a fact which this “Firefox user” is not proud to share.
Yet even though it does exhibit greater stability, Chrome lacks the functionality that makes it adaptable to users’ everyday purposes, and that enables them to take it beyond the realm of “general purpose” into “heavy duty.” Google’s complete inability to make that jump, to get the clue, to provide evidence of having listened to the smallest portion of tester sentiment, bewilders me completely as to whether the company has any realistic notion of what “beta” means anyway.
With Mozilla, the newest code is developed under a private track, which only means that the developers aren’t taking comments from the public about it, even though it’s publicly available. When it’s developed enough to demonstrate in public, then it enters the “beta” track, which Mozilla code-names “Shiretoko” for 3.5 test code and “Namoroka” for 3.6. When Mozilla delays the rollout of a new build to the stable channel, it gets groans and moans from folks like me…but it’s generally because real beta testers have found real problems, or have advised some really good ideas.
A full-featured browser chassis capable of running thoroughly debugged JavaScript add-ons that won’t crash, and that contain the basic functionality that Microsoft and Mozilla discovered as far back as 2005, coupled with the proven superior V8 JavaScript engine, would clinch the alternative browser market in maybe one year’s time. But that year has already passed for Chrome, which is already gaining a reputation as a browser that makes up for its performance superiority with slow and cumbersome functionality. As long as Google continues to not get this message, then we all need to face up to the fact that Google isn’t exactly open, is it?
postfail writes ‘lwn.net coverage of the 2009 Linux Kernel Summit includes a recap of a presentation by Google engineers on how they use Linux. According to the article, a team of 30 Google engineers is rebasing to the mainline kernel every 17 months, presently carrying 1208 patches to 2.6.26 and inserting almost 300,000 lines of code; roughly 25% of those patches are backports of newer features.’
Read more of this story at Slashdot.
xchg passes along a WiseAndroid piece on the drop in value of Garmin and TomTom shares following Google’s announcement yesterday of Google Maps Navigation. “Shares of GPS device makers Garmin and TomTom plummeted… through a combination of their quarterly results and the launch of Google Maps Navigation. Following both low guidance for Garmin’s next quarter as well as poor results from TomTom, shares for the two fell 16.4 percent and 20.8 percent respectively and remained low through the entire trading day after news of Google’s free, turn-by-turn mapping service became public.” Today Lauren Weinstein posted a number of reasons why standalone GPS won’t go away any time soon.
Read more of this story at Slashdot.
An anonymous reader writes “In a curious contrast to conventional wisdom, there are reports of X11 Chromium being faster than Windows or Mac versions. In the thread titled ‘Why is Linux Chrome so fast?,’ a developer speculates that it is due to the use of X11 capabilities: ‘On X-windows [sic], the renderer backingstores are managed by the X server, and the transport DIBs are also managed by the X server. So, we avoid a lot of memcpy costs incurred on Windows due to keeping the backingstores in main memory there.’ Has the design of X11 withstood the test of time better than people tend to give it credit for?”
Read more of this story at Slashdot.
By Scott M. Fulton, III, Betanews
If Apple’s Safari is going to make any kind of a challenge for best performing Windows-based Web browser moving into next year, it needs to be now. In Betanews’ most extensive testing to date, involving tests that by anyone’s guess should not have given it any special advantages, the latest stable edition of Google Chrome runs away with a three point lead over the latest stable Safari — a lead that now grows by one-half point with each point release.
Chrome now posts test scores in certain heats of our revised CRPI 2.2 test battery that are virtually obscene — so far ahead of competition that we have to validate our results on various machines to make sure we’re not generating false results. For example: On the control flow element of the SunSpider test, both Chrome 3 and the dev build of Chrome 4 post record low time scores of 2.6 ms. This is an element that tests the JavaScript interpreter’s capability to keep track of nested loops and its location in a twisted program. By comparison, the latest public Firefox 3.6 Beta 1 — released late yesterday afternoon after a flurry of delays totaling over one month — posts a score of 38.2 ms in that category.
Mozilla’s team has been making efforts to better Firefox’ control flow scores, evidently knowing how much they influence test results like ours. The evidence comes from the latest daily builds of Firefox 3.7 Alpha 1, on the “Minefield” track, whose control flow scores recently quantum-leaped down to 8 ms. That’s almost a 5x improvement, but it will need another 3x blast to catch up with Chrome. The latest stable Apple Safari scores 3.4 ms on this element.
Another example: A factorial is the result of multiplying together all positive integers that are less than or equal to a number, and a new element of our testing battery includes a classic algorithm for obtaining the set of all factorials. On this heat, the higher number is better since the objective is to obtain as many factorials as possible over a set period of time, so the score is a relative index. While Firefox 3.6 Beta 1 scores a 17 on this heat, Chrome 3 scores a 150.4, and the latest dev build of Chrome 4 scores 164.5.
There are certain things that Chrome does where the score differences are factors of 10, where one might get the impression that Google is improving Chrome just to score better with Betanews (the company has been expressing its interest to us directly in recent days) or more likely, with its own internal test suite. Indeed, the company’s V8 benchmark suite would have users thinking the browser is hundreds of times more capable than its competition — a claim for which we just don’t see the practical evidence just yet, which is why V8 isn’t part of our tests.
That’s why we’ve made an effort to pack our CRPI test suite with examinations of a multitude of real-world characteristics in various categories, now with 69 different “heats” in ten separate batteries, plus a multitude of derivative scores (e.g., average of 50 iterations, consistency between the fastest and slowest run, etc.) for each browser.
Once we include all these different elements, we get a much more practical and believable result. There are many reasons why a person chooses a favorite Web browser, with JavaScript performance being just one of them. But that factor is becoming more important now with the onset of applications delivered to you from the Web rather than your hard drive. So with regard to that factor alone, Betanews can say that Google Chrome delivers almost twice the performance (not quite 2x) of the latest stable Mozilla Firefox builds, with Apple Safari probably pulling close, and Opera being left in the dust until it comes time to be thinking about Opera 11…if not Opera 12.
Click here for a comprehensive explanation of the Betanews CRPI index version 2.2.
“Probably” pulling close? What, Betanews can’t do better than that with respect to Safari? Yea, unfortunately there’s still trouble with that: Apple’s test builds of Safari come by way of grafts of its daily WebKit engine onto the existing 531.9.1 browser. Usually, after applying one of these grafts, the updated Safari displays better if not superior rendering performance than even Chrome. But its ability to serve as a full-scale browser for other tests vanishes. However, over the last week while Betanews has been trying to resolve this problem, it actually only got worse: Windows testers reported through Apple’s forums that not even the grafting mechanism was working.
We validated those claims, discovering that the manifest which the replacement executables were being shipped with (the embedded XML files that point to proper COM components in the System Registry) were pointing instead to incompatible versions of Windows Common Controls, versions that may have worked back in the 1990s. Apple is apparently already aware of this, but as is the company’s policy with regard to any kind of problem with its software or hardware, will not publicly comment.
Next: The latest test scores broken down…
Click here for a comprehensive explanation of the Betanews CRPI index version 2.2.
The runaway train you see at the bottom of your screen there is Google Chrome. And yes, that splash of orange at the bottom of the platform-by-platform breakdown very graphically illustrates what we’ve been saying for the last few months: Chrome’s platform of choice is Windows XP, the one with the smallest footprint that’s deployed on the greatest number of netbooks — the hardware platform where Google is working to make a breakthrough.
Usually Microsoft Internet Explorer isn’t even a topic of conversation with regard to performance tests, except to point out that the older IE7 is our baseline. But over the past few weeks, IE8 has made news by marching the opposite direction, with security fixes and a Jscript update bogging down IE8 speeds quite noticeably. It’s also created the only situation where the Windows 7 version of a browser is faster than the XP version; as you can see elsewhere, XP typically provides the much faster platform, although with Opera of late the difference is more minor.
Nowhere is Google’s concentration on Windows XP more pronounced than in the Nontroppo CSS rendering test, where Chrome’s XP scores continue to double its scores on Vista. Another trend worth pointing out here, though, is how well both Firefox and Opera perform on this test on Windows 7 (the blue line in the middle) compared with the other platforms — for Firefox 3.6 Beta 1 and both stable and beta versions of Opera, XP is actually the slowest of the three Windows versions.
Chrome’s performance on classic benchmark scores in the new JS Benchmark battery is phenomenal; and here, Chrome 4 on Windows 7 posts a higher score than on XP, which is not Chrome’s usual pattern. The new JS Benchmark is about the interpreter’s capability to handle complex, highly nested mathematical problems, which is more related to how the browser will run Web apps than render Web pages.
Mozilla’s highest score yet on the Acid3 compliance test from the Web Standards Project comes from the latest Firefox 3.7 Alpha preview build: a 96%. Before long, we could be seeing all the non-IE browsers posting perfect 100% scores, making Acid3 almost a non-factor.
Safari’s most impressive scores have always come from the SunSpider test on Windows XP, which are much better than even Chrome’s scores on Vista and Windows 7. But it’s Chrome’s scores here on XP that are the true phenomenon, and the real indicator that Google builds Chrome to fly on the most popular Windows for netbooks.
Next: The rest of the field…
Click here for a comprehensive explanation of the Betanews CRPI index version 2.2.
We added the TestCube 3D battery earlier this month in deference to a number of Betanews readers who pointed out that we weren’t paying enough attention to the browser’s capability to plot and work geometry simultaneously. This test remains Opera’s forte, especially on XP where Opera 10 Beta 1’s numbers are better than double those of Google Chrome. There’s something here about parallelism between rendering and math that Opera still gets and the others don’t.
The SlickSpeed test measures how well each browser manages a variety of different JS libraries, especially for managing layout elements in a page and arrays full of content strings. Firefox’s scores for stable and beta versions are improving here, especially for XP, although it’s interesting how Vista and Win7 scores are very close to one another. Safari is the king, for now, with JavaScript library management.
The Nontroppo table rendering test examines how well the browser manages the <TABLE> element — the part of HTML that CSS proponents would just as soon everyone forget about. But many old-style Web sites prefer the old HTML way of dividing pages over the more modern CSS, maybe just because CSS is just one more thing to have to learn. The surprise here is how Chrome 4’s performance in this test on Windows 7 is actually quite poor; we ran this test several times, and the amount of time Chrome 4 consumed in attempting to find the start of the table sequence, was much slower than for Chrome 3. Version 4 made up for this by rendering the table faster, but it could not make up for the time lost.
The third Nontroppo test in our suite evaluates how fast each browser renders a very ordinary page that does not use CSS — a majority of Web pages still out there (though a declining one with Yahoo’s recent closure of GeoCities). We just can’t figure out the scores from Mozilla’s latest preview build of Firefox 3.5.5 (the “Shiretoko” track), but there it is: a 9.90 on XP versus a 2.34 on Windows 7, even slower than Vista. Both 3.5.5 and 3.6 Beta 1 are actually slower at accessing the first element of the page in memory than even 3.5.4, but 3.6 makes up for this by rendering the page almost one-third faster.
One of the two new additions to our CRPI suite is Delgado’s Canvas rendering test, which evaluates how well the browser uses its internal Canvas object to render graphics in memory, rather than rely on the server to provide graphics for it. It’s a two-part test where the outlines of the 48 contiguous United States are rendered in the first, and a detailed outline of Alaska is rendered in the second. Firefox is actually quite good with this — we expected Firefox to be bested by Opera here, and it wasn’t. But Chrome still has a clear advantage.
The second addition is actually a very old library that tests how well the interpreter executes individual JavaScript instructions in a sequence of 1,000,000 iterations. There were two surprises for us here: First and most obvious is the poor performance of Opera, a clear indicator that Opera slows down exponentially as a task gets heavier and heavier. If Opera’s developers can concentrate on this alone, Opera 11’s performance could start to rival at least Firefox’s. The second surprise was Firefox itself, whose scores were right in line with those of Safari and Chrome — quite competitive, in fact — except for Chrome on XP, where Google once again runs away with the show.
Dan Jones writes “Google has open sourced several of its key JavaScript application development tools, hoping that they will prove useful for external programmers to build faster Web applications. According to Google, by enabling and allowing developers to use the same tools that Google uses, they can not only build rich applications but also make the Web really fast. The Closure JavaScript compiler and library are used as the standard Javascript library for pretty much any large, public Web application that Google is serving today, including some of its most popular Web applications, including Gmail, Google Docs and Google Maps. Google has also released Closure Templates which are designed to automate the dynamic creation of HTML. The announcement comes a few months after Google released and open sourced the NX server.”
Read more of this story at Slashdot.
