Mobile Web and Glass Houses

Nilay Patel is wrong on the “The mobile web sucks” article he posted on the Verge.

Let’s take a look at the article itself.

In portrait mode, the site logo is on the top of the screen followed by a large ad. The title of the article is in the bottom half of the screen.

The Verge Mobile Web Sucks (Portrait)

In Landscape mode without the navigation bar, only part of the article title showed up on the screen.

The Verge Mobile Web Sucks (Landscape)

Let’s see how it looks with mobile Safari navigation bar. The title of the article doesn’t even show up on the screen.

The Verge Mobile Web Sucks (Landscape with navigation bar)

The fact is that The Verge is one bloated site, littered with ads and analytics. I generally avoid The Verge like a plague because of that.

Patel adds:

Now, I happen to work at a media company, and I happen to run a website that can be bloated and slow. Some of this is our fault: The Verge is ultra-complicated, we have huge images, and we serve ads from our own direct sales and a variety of programmatic networks. Our video player is annoying. (I swear a better one is coming, for real this time.) We could do a lot of things to make our site load faster, and we’re doing them.

Patel knows what the actual source of the problem, but he is trying to shift the blame to the web-browsers. If the square peg doesn’t fit the round hole, you should stop giving the peg paint jobs.

I unapologetically use ad-blocker and host-file to make my web-browsing experience better.

Blink and Servo

It is a back to back news on web browsers.

First, Mozilla and Samsung are working together on new Servo web browser engine for Android and ARM. Servo itself is written in Rust, a programming language developed by Mozilla.

Should Samsung ever want to fork Android, they would have their own web browser.

Mozilla-Samsung

——-

Second, Google announces Blink, a new open source rendering engine based on WebKit.

In a sense that Google is in a disagreement on what direction Webkit should go.

Chromium_Logo

Bring on all the different web browsers, as long as they adhere to one HTML standard.

 

 

Safari 3.1.1 is Available

Safari Icon

Apple releases Safari 3.1.1 to address stability, compatibility and Security.

Safari 3.1.1 is available for Mac OS X Tiger, Leopard, and Windows XP/Vista.

About the security content of Safari 3.1.1

Safari 3.1.1

  • Safari
    CVE-ID: CVE-2007-2398
    Available for: Windows XP or Vista
    Impact: A maliciously crafted website may control the contents of the address bar

    Description: A timing issue in Safari 3.1 allows a web page to change the contents of the address bar without loading the contents of the corresponding page. This could be used to spoof the contents of a legitimate site, allowing user credentials or other information to be gathered. This issue was addressed in Safari Beta 3.0.2, but reintroduced in Safari 3.1. This update addresses the issue by restoring the address bar contents if a request for a new web page is terminated. This issue does not affect Mac OS X systems.
  • Safari
    CVE-ID: CVE-2008-1024
    Available for: Windows XP or Vista
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution

    Description: A memory corruption issue exists in Safari’s file downloading. By enticing a user to download a file with a maliciously crafted name, an attacker may cause an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of file downloads. This issue does not affect Mac OS X systems.
  • WebKit
    CVE-ID: CVE-2008-1025
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
    Impact: Visiting a malicious website may result in cross-site scripting

    Description: An issue exists in WebKi’s handling of URLs containing a colon character in the host name. Opening a maliciously crafted URL may lead to a cross-site scripting attack. This update addresses the issue through improved handling of URLs. Credit to Robert Swiecki of Google Information Security Team and David Bloom for reporting this issue.
  • WebKit
    CVE-ID: CVE-2008-1026
    Available for: Mac OS X v10.4.11, Mac OS X Server v10.4.11, Mac OS X v10.5.2, Mac OS X Server v10.5.2, Windows XP or Vista
    Impact: Viewing a maliciously crafted web page may lead to an unexpected application termination or arbitrary code execution

    Description: A heap buffer overflow exists in WebKit’s handling of JavaScript regular expressions. The issue may be triggered via JavaScript when processing regular expressions with large, nested repetition counts. This may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of JavaScript regular expressions. Credit to Charlie Miller for reporting these issues.

Safari 3.1.1 can be obtained through Safari Download Page or Apple Software Updates.

WebKit Achieves 100/100 on Acid3 Test with Flying Colors

The people who develops Opera and WebKit are racing to pass Acid3 test. Both camps have scored 100/100 on Acid3 test. According to both Opera and WebKit camp, even though they scored 100/100, there are still some bug fixing to do.

The WebKit folks announces that WebKit achieves Acid3 100/100 in public build, today.

With r31342 WebKit has become the first publicly available rendering engine to achieve 100/100 on Acid3.

Meanwhile, Opera folks were the first to claim perfect score on Acid3 test using their internal build.

I downloaded WebKit build r31344 and ran Acid3 test on it. The video can be found here (QuickTime Movie 744KB).

WebKit Acid3 Test 100/100

WebKit is available for Mac OS X and Windows.