| posts tagged ‘google’ |


Google browser size – but what about liquid?

17 Dec 2009 19:22 EDT

People view the web in many different ways. There is little uniformity in the display sizes, aspect ratios, and resolutions that we use to browse the web. When creating a web site or a web-based application, you need to check how your design looks through different combinations of the above — and then you need to make some guesses about how many people are actually using each of the combinations. Sure, some people might still be out there trying to look at your web site in 320 x 200, I suppose, though too few to warrant a lot of work on your part to optimize for them. So you need to take into account both your majority audience as well as enough of the long tail to satisfy most of your likely customers, while weighing this against the work it takes to test this.  




The goal is usually something like making sure that the “important stuff” that you want people to catch at first glance appears above the fold — a borrowed newspaper metaphor.  

Google Labs has just released a tool called Google Browser Size that attempts to help understand what percentage of likely web audiences use various screen sizes. They measure screen size in horizontal and vertical dimensions as percentage of users. You can now understand how people are likely to interact with your page from a statistical point of view.

The tool has some neat technical aspects, such as the set of div’s that allow you to interact with the underlying page even when it has been overlaid with the Google statistics. According to their about page they get these statistics from all visitors to Google (it’s not clear if they mean the Google home page or all Google.com pages).

One unfortunate drawback is that the tool only supports the native (non-virtual) viewing size of the display of whoever is using the tool. This specifically presents an issue for web pages that use a liquid design which resizes itself at least partially according to the user’s display. On my 1280×800 widescreen laptop display viewing a liquid page like http://www.markbeadles.com/, for example, the tool incorrectly implies that objects on the right side of my screen aren’t visible to most users, when actually they are due to resizing. [I suppose the solution many of you would recommend is to not use a liquid layout. Eh. De gustibus non est disputandum.]
Tags: ,
Posted by mark beadles in Uncategorized | 2 Comments » Bookmark and Share
 

Rough week for Google (great week for Evil?)

12 Dec 2009 03:12 EDT

Google, the company whose motto is “Don’t Be Evil“, has had a rough week or so. First, they released Vevo, a crippled, redundant, and non-user friendly music video site — the only group that might like Vevo is the oligopoly of commerical copyright holders and the RIAA. Let’s put it this way: there’s not much to be found there, and what there is can all be found on YouTube anyway. And as I write this, at 2147 EST, the service cannot be reached. Great stuff, guys.

Second, a rather minor point but since I’m piling on what the heck, I love Google Chrome but I hate the current extensions. They call the extensions “beta” but in this particular case they actually mean it! Most of them seem to be broken and/or useless. Too bad, a working ad block tool is the one thing missing from their beautiful, minimalist, speedy browser.

Finally, we have their CEO, Eric Schmidt. Eric, Eric, Eric. For those who haven’t heard, this week he made a very revealing and very stupid statement regarding privacy. He said, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,. Well, Eric. Can I call you Eric? Or is that too, um, personal? I don’t want you to know what time I went to the crapper. Does that mean I shouldn’t be doing it in the first place? I don’t want you taking pictures of my children in the school locker room. Does that mean they shouldn’t go to school in the first place? I don’t want you to know my credit card number, doofus, does that mean I shouldn’t have a credit card? Things that are private, things that are personal, things that are secret – these are three different categories with complex overlaps.

I’m not building a straw man here, I warn you. I expect the argument that ‘he was just referring to what you do online’. That distinction is useful to a company like Google but in fact is completely irrelevant. Privacy is privacy on-line or off. If the head of the only search company that matters, the company that sends vehicles down our streets to take pictures of our homes and workplaces, the company that uses satellite photography to show us our neighborhoods and schools, the company that wants to put its OS onto our billions of mobile devices — if the head of that company doesn’t respect our privacy, then maybe they’ve grown beyond their “Don’t Be Evil” infancy into something less…Not Evil.

Which sucks, I kinda like their software.

Tags: , , ,
Posted by mark beadles in Uncategorized | No Comments » Bookmark and Share
 

Browser-in-browser virtualization security nightmare

29 Sep 2009 20:45 EDT

So I’ve got five browsers running on my Windows laptop, three running on my Blackberry handheld, and at least one more on the Mac Mini. OK, this isn’t exactly typical. But all these browser choices are available on the market today to consumers who want them. Most people still use IE, but Firefox now has a respectable market share (65% IE vs 26% for FF).  Apple Safari (4%), Google Chrome (3%), and Opera (2%) have a small but noticeable and growing share of the browser market. These figures don’t include the matrix of OS’s x Browsers. The browser market is finally competitive.

From an economic and feature perspective, competition is obviously a Good Thing.  At first blush it seems that it would be a security Good Thing as well, since there are more competing platforms to drive security fixes and avoid a monoculture.  But there’s a new wrinkle in the browser security, which may be an indication of more problems to come.

Google Chrome is a stand-alone browser — which I love for its speed and simplicity and hate for no adblock — but its technologies are also now available as a plug-in to IE. Google Chrome Frame is an open-source project which allows you to essentially run Chrome inside of IE.  Geeky/neat functionality, to be sure.  But what a security outcry it has raised!

In rare agreement, Microsoft and Mozilla both slammed Google on Chrome Frame.  They pointed out that since browsers are now the primary route for infection on PC’s, slamming two browser’s worth of potential security flaws into one browser is asking for trouble. Each browser may have security bugs, and the combination of the two may open yet more holes. Microsoft also piles on to point out privacy implications: Chrome Frame breaks IE 8′s private browsing.

As the latter article reveals, Google’s answer isn’t good: “Google Chrome Frame is an open source plug-in that is currently in an early developer release and was designed with security in mind from the beginning…” Open-source and developer releases are not excuses for lax security. If the security isn’t there, don’t release the code. Google’s other point is that they can somehow magically secure old browsers, in particular IE6:

Accessing sites using Google Chrome Frame brings Google Chrome’s security features to Internet Explorer users, providing strong phishing and malware protection (absent in IE6), robust sandboxing technology, and defenses from emerging online threats that are available in days rather than months.


Again, this answer is not well thought out. There is a simple answer to improving security on IE6: don’t run IE6. Yes, it’s still supported by MS, but IE8 is out now; upgrade. Google Chrome Frame isn’t a patch to IE; if there’s a bug in IE6 allowing an attacker to gain a foothold, that bug is still there in IE+Chrome Frame.

I’m sure this little kerfuffle will blow over soon. Browser makers fighting with each other in public is just business as usual.  IE6 will end-of-life, Google Chrome Frame will improve its security and its mechanisms for integrating with IE, etc.  This is a harbinger of things to come, though. Browser technology is getting more complex, and complexity is the enemy of security. Chrome Frame is an early example of browser-in-browser virtualization. Just as desktop virtualization brings new security headaches along, so will browser virtualization.

Welcome to my nightmare.

Tags: , , , ,
Posted by mark beadles in Uncategorized | No Comments » Bookmark and Share