Firefox 7: Mozilla Still Matters

Firefox 7 is the third rapid release of the browser rolled out since the end of June. Some may consider the first true rapid release as the first that delivers noteworthy improvements over Firefox 4 – improvements that are more than just cosmetics. Firefox 7 is a shining example that Mozilla still has a strong impact on the Internet, yet it is confronted with an increasingly aggressive competitive field that could make it less relevant in the future.

If there was ever a Firefox update you should care about, it is Firefox 7. If you don’t, then you can read PC Magazine’s “Seven good reasons to upgrade”, even if you would have to admit that the reasons that Firefox is free, that it is based on an open project and a cross-platform approach don’t really count. Also, you might not care about add-on compatibility (since you expect in anyway) and a somewhat hidden new performance tool. So, there may be just two reasons (reduced memory usage, more performance) to upgrade and even those two may only be one and half good reasons as the memory management plays into performance.

For matters of completeness, I should note that Firefox 7 received the new Azure Direct 2D graphics backend that partially replaces the old Cairo API, but Mozilla isn’t quite done with this project as it is working on an entirely new graphics API anyway. At this time, Azure simply accelerates Canvas 2D and is quite effective (provided you have a decent graphics card that delivers a good amount of acceleration) in this discipline. We previously found that it can closely match IE9, which has been the class leader here. Also, keep in mind that Mozilla is working on a Cairo and Skia backend for Azure. You may recall that Skia is a 2D graphics library used by Google in Chrome (previously only for Windows and Linux, but recently also for Mac): Skia is open source and gives Google much more freedom to adjust graphical elements. Mozilla may take advantage of that opportunity as well as it does not have to rely, for example, GDI, anymore.

The memory deal: Firefox matters

Firefox 7 is a prominent update primarily because of its improved memory management that, for example, releases consumed memory reliably when you are closing tabs. The feature has been heavily pushed by Mozilla and was generally welcomed, even if some also argue that Mozilla fixed an issue that should have never been in Firefox in the first place. Still, Mozilla took on the memory issue very aggressively and made it a big deal for the latest release.

Interestingly, it wasn’t just Mozilla that has worked on memory leaks. If you browse through Chrome’s revision log, you will find hundreds of changes to Chrome’s memory management just in September and a few dozen memory leak plugs. It is evident that Mozilla may have prompted Google to check Chrome’s memory management as well. Google just doesn’t talk about it.

This has been the most apparent example to me that Mozilla still drives innovation and there have been a few cases that showed how Mozilla initiated some innovation, but was just outrun by Google which has the resources to implement more changes much faster than Mozilla can. The latest example may be the Joystick API, which Mozilla suggested more than a year ago, but is apparently being taken over by Google and there is a good chance that Chrome will get it before Firefox will: A input method for devices other than a mouse and a keyboard – such as game pads and a remote control.

Mozilla’s problem: The platform

Even if Firefox 7 is most likely the most desirable version of Firefox yet, and even if Firefox 7 is a very competitive browser and represents a necessary compromise between IE and Chrome as far as the browsing experience goes, Mozilla has issues. Mozilla will post another significant drop in market share this month and fall into the 26.6% neighborhood, current StatCounter data suggests. Chrome will be near 24% and is likely to surpass Firefox market share for the first time on individual days as early as next month. It appears that IE share has stabilized and Firefox is now the only browser that is losing market share to Chrome. Features will not solve this problem for Mozilla.

Once Chrome surpasses Firefox, the browser war will turn into a two-horse race between Microsoft and Google. It is likely that Mozilla has lost this race already and it is too late to fend off Google, but giving up is obviously not an option. The frustrating part of this deal, for Mozilla, may be that Firefox is a very competitive browser, but Mozilla has to realize that it cannot win against Google and Microsoft with features – and it cannot remain a strong contender on the sole promise of being a great browser for the people alone. Mozilla can pitch the story of being independent and not being tied to corporate interests all day long – if the story does not resonate with users, the message will have to change.

I am convinced that Mozilla is losing share as it lacks a cohesive platform. Mozilla is moving toward a platform for desktop, tablet and ultra-mobile browsers, but cannot touch certain areas, such as the iPad and the iPhone with a complete browser solution. By offering just a browser, and a crippled browser on iOS, Mozilla can provide solutions for some problems (such as BrowserID), but it is difficult to push those ideas to become standards, if the company does not control the underlying platform in a market that will be, for some time, more fragmented than it is today. Microsoft will push its own ideas with Windows 8 and Windows Mobile, Google will promote Chrome OS and Android, and Apple will obviously favor iOS and MacOS. In the end, Firefox is just an app on top of those platforms and Mozilla’s hopes rely on the strategies at Apple, Microsoft and Google.

The only way for Mozilla to escape this trap is to deliver its own platform – much faster than it has indicated in the past. 2012 is a must-hit target – 2013 will be too late. Mozilla can’t take chances in this market and has to anticipate stronger competition as the months go by. If it has a platform in place, it can take part in the platform play and will have a good opportunity to market Firefox as a platform enabler and not just as an app.

If there is a compelling platform in place, Mozilla has the foundation to grow Firefox market share again.

Wolfgang Gruener in Business Products on September 27

Google Chrome Surpasses 100,000 Revisions

This one almost slipped by unnoticed: Google posted the 100,000th revision of Chrome code last week. Build 100,000 was posted on September 7. Since then, Chrome has received 816 new revisions.

Chrome was first made available on September 2, 2008. It took the developer crew 1100 days to hit the milestone, which averages about 91 revisions per day. Chrome software developers post more than 1000 changes to Chrome in an average week, which can be followed in the public revision log.

Revision 100,000 was rather uneventful, but developer Peter Beverloo reports that Kazuhiro Inaba was lucky enough to score the prestigious mark, while five other Google developers apparently tried to hit it as well. Revision 100,001, for example, was posted just 2 seconds after Inaba’s revision. Revision 100,000 reads:

“Move debug print functions for ex-libcros classes from .h to .cc. The functions are located in header files due to a historical reason (see the original comment in ibus_ui_controller.h), which should have disappeared thanks to the code movement from libcros to Chrome.”

The revision log stood at 100,816 at the time of this writing. The most recent public Chromium (16) build dates back to September 9 and has the number 100,430.

Daniel Bailey in Products on September 12

Google Chrome Hits 25% Market Share

Google’s Chrome browser is picking up the pace after a slight market share growth slowdown in August. Chrome has cracked the 25% mark for the first time this weekend, according to StatCounter. Firefox share is declining five times faster than IE share.

Chrome climbed above the 25% market share mark for the first time, scoring 25.02% on Sunday, according to data released by StatCounter. The average for the first 12 days of the month is 23.72%, up from 23.16% in August, which indicates that Chrome should be ending up at about 24.3% by the end of this month, if Google can continue its growth.

It appears that Chrome is gaining more market share from Mozilla than Microsoft as Firefox is dropping faster than Microsoft’s browser at this time. The average for this month is 26.98%, down from 27.49% in August. The current trend reaffirms our previous forecast that Chrome may be surpassing Firefox market share as early as October, but is very likely to climb past Mozilla by November in the 25.5% – 26% market share range.

Besides closing in on Firefox, Google is nearing yet another milestone as it is within sight of Microsoft’s IE8 and Chrome 14 could become the most popular single browser version within two months as well. IE8′s shares currently shift from about 26% to about 24%, depending on the day of the week, while Chrome 13 has about 21% to 22.5%.

Firefox 6, introduced almost one month ago, is still suffering from a slower adoption pace that the rapid release model would require. Only 14.5% of web users, or 54% of Firefox users have upgraded to the new version. StatCounter data suggests that only about one third of Firefox users are updating to a new browser version immediately, while the remaining two thirds is a rather long tail. In comparison, Chrome (automatically) upgraded 80% of Chrome 12 users to version 13 within one week of the browser’s release.

Daniel Bailey in Products on September 12

Forrester CEO: Storing Sensitive Data In the Cloud Is A Bad Idea

There are plenty of arguments for using cloud services, which reach from system scalability to your consciousness of reducing greenhouse gas emissions. But if you need to argue in the other direction, you could consult Forrester’s CEO George Colony, who considers some cloud claims as interim steps, bad ideas and “hogwash”.

“If I sat you down for coffee, here are five things I’d tell you about cloud,” Colony  wrote in a blog post. Those five things are labeled as “truth about the cloud” and some may seem surprising to come from an analyst these days, while there is certainly common sense in his advice.

According to Colony, pure cloud computing is not what we will be ending up with in the end. He envisions (1) an era of an App Internet that connects to cloud services. The distinction between the two may be rather confusing. (2) The executive also considers sensitive data in the cloud as not safe, as customers cannot review the security protocols used by their service provider. (3) Cost reduction claims of up to 50% are being called “hogwash” – Colony estimates that 10 – 30% are realistic. (4) Corporations cannot just “flip a switch” to move to cloud computing – they will need a roadmap.

Perhaps most importantly, he notes that (5) cost reduction is not the primary reason to leverage the benefits cloud computing. Instead, customers should look for agility and features that make an organization more nimble.

Colony’s post was targeted at enterprise services, but a similar reasoning applies to consumer cloud products as well. Keep an eye on your most sensitive data and do not store them in the cloud. Don’t expect cheaper products when they are in the cloud and understand which cloud services will make sense in respect to your personal needs and which do not.

Ethan McKinney in Business on September 12

GM Compares 580 HP Camaro To Ferrari

GM is sharing more information about its upcoming Camaro ZL1 which will arrive with 580 horses and the confidence that this car will be able to run with exotics for a fraction of their price.

GM today confirmed that the ZL1 will get 580 horsepower and 556 lb-ft of torque. The engine is a variation of the 6.2 liter, supercharged V8 power plant first used in the Corvette ZR-1 as well as in the Cadillac CTS-V, where it delivers 556 hp and 551 lb-ft of torque. If the breathtaking experience in the CTS-V is any indication, this Camaro should turn into a serious sports car – at least for those who cannot shell out $150,000 and more for an exotic.

2012 Camaro ZL1

At least on the power side, GM is certain that the ZL1 will deliver. “The Camaro ZL1 delivers supercar performance and technology in the sports-car segment,” said Al Oppenheiser, Camaro chief engineer. “For sheer power, the ZL1 delivers more horsepower than a Ferrari 458, more torque than an Aston Martin DB9 V12, and a better power-to-weight ratio than a Porsche 911 Carrera GTS.”

It may not be able to match the sophistication of the interior of those exotics and it may not offer all of their more complex technologies, but the ZL1 comes with an improved transmission with a dual-mass flywheel, twin-disc clutch, and triple synchros. A software upgrade enables drivers to choose from three driving modes (drive/sport/manual) as well as several performance upgrades that include an engine oil cooler, a rear-differential cooler and a race fuel system.

Perhaps most importantly, the ZL1 will get GM’s magnetic ride control system (with tour/sport and track settings), which delivers a great road feel and grip in the Corvette. The traction control in the ZL1 will allow drivers to either drive the Camaro as a tame sports car or open it up to a race car in five climatic steps.

There has been no information on pricing yet, but given the fact that the 426 hp Camaro SS tops out at about $45,000, we don’t think that the SS will go on sale for less than $55,000.

Kurt Bakke in Products on September 09

IBM Patent Filing Details First 100 PFlop Computer

An IBM patent filing sheds light on the architecture of the upcoming BlueGene/Q “Sequoia” system, as well as a potential successor, which is could become the first 100 PFlop supercomputer: The system will have almost 8.4 million compute cores which will consume almost 16 MW.

IBM is well on its way to achieve the next milestone in supercomputing: BlueGene/Q is estimated to hit a peak performance of 20 Pflop/s, when it will go into operation as “Sequoia” supercomputer at the Lawrence Livermore National Laboratory in 2012. However, its architecture is now described in a patent that lifts the compute performance to 107 PFlop/s. This would be about 12 times the compute horsepower that is posted by K computer, a Japanese system that claimed the top spot in the Top500 ranking back in June with a peak performance of 8.8 PFlop/s. Five years ago, the industry-leading system was BlueGene/L, which stood at just 280.6 TFlop/s. If IBM’s calculations are correct, then this new BlueGene/Q-based system could be 381 times faster than BlueGene/L.

A massive patent filing (#20110219208) from January of this year with more 649 pages and 2263 individual claims and descriptions explains that the basic architecture of the system consists of 1024 compute node ASICS that are built into 512 racks (a total of 524,288 nodes and 8,388,608 cores.) Each compute node holds BlueGene/Q’s 4-way hardware-threaded quad-core PowerPC A2 CPU architecture that effectively creates a processing system with 16 cores for each node. IBM said that each unit, in fact, has 18 cores as 1 core is used to improve chip yield and 1 core is used for system control and 16 are available to actual computation. Each node includes 32 MB of memory, which is sliced in 16 equal parts to be accessed by each core. The total memory bandwidth per node is 563 GB/s. In comparison, the Sequoia system will have 1,572,864 cores, 98,304 compute nodes and 96 racks.

Bluegene/Q node

Each node or “cell” is a self-contained SoC processing system that integrates “a plurality (e.g., four or more) of processing elements each of which includes a central processing unit (CPU), a plurality of floating point processors, and a plurality of network interfaces.” There will also be 1 GB of 1.33 GHz DDR3 memory.

The nodes are “interconnected by links to form a [5-dimensional or 'hypercube'] torus network [with direct memory access or DMA], each processing node being connected by a plurality of links including links to all adjacent processing nodes; enable the computing system to be partitioned into multiple, logically separate computing systems.” As a result, BlueGene/Q can be split in several instances of supercomputers to work on multiple tasks simultaneously. BlueGene/L, by the way came with a 3-dimensional torus interconnect to auxiliary networks and I/O.

IBM claims that “novel packaging technologies are employed for the supercomputing system that enables unprecedented levels of scalability, permitting multiple networks and multiple processor configurations. […] “Smaller development, test and debug partitions may be generated that do not interfere with other partitions.”

According to IBM, each node will consume about 30 watts of power, which is pretty impressive for a complete 16-core system, but is substantial in an 8,388,608 core environment. The ASICs alone will consume more than 15.7 MW of power, not including network, storage as well as cooling requirements, which suggests that this system should come with its own power plant. Sequoia is estimated to draw about 6 MW of power.

Wolfgang Gruener in Products on September 09

Researchers Report Record Low Arctic Ice Cover

Physicists at the University of Bremen, Germany today said that Arctic sea ice has retreated to a coverage of just 1.637 million square miles, believed to be the lowest level in 8000 years.

The scientists said that satellite data confirm that the ice cover has exceeded below the historic low of 2007, when the Arctic ice area was measured at 1.647 million square miles. Arctic ice monitoring began in 1972 and the cover declined by about 50% since then, the research group announced. They also noted that the current ice cover is at the lowest level “most probably” in 8000 years.

“The ice maps of the University of Bremen show also that in this year, the Northwest and Northeast passages are simultaneously ice free,” a press release states. “This had happed for the first time in 2008, and in 2009 the German shipping company Beluga has traveled it commercially for the first time.”

The scientists said that the events as well as current climate models do not support claims that current global is not a man-made scenario anymore. The melting of Arctic ice now directly threatens the lives space, the scientist warn: “For algae and small animals living at the lower side of the ice, less and less living environment remains since they need a certain time to settle there. They are at the beginning of the food chain for fishes, mammals and also man.”

Kurt Bakke in Business on September 09

Apple Files Patent For An Intelligent, Zero-Power Power Supply Unit

Apple just filed a patent for a simple, but rather ingenious invention that could cut overall power consumption in any electronic device that depends on a power supply unit (PSU). Apple thinks of a much more complex PSU for the future, which will effectively cut the power draw to zero from a PSU when an electronic device is shut off.

It is a very common assumption that a PSU does not pull power out of a wall socket when an electronic device is turned off. The fact, however, is that a PSU typically continues to draw power and convert alternating current (AC) to regulated direct current (DC), even when a connected device is not active. Apple engineers a relatively simple idea how to turn the PSU completely off – it almost seems to be the obvious thought when reading through the patent filing.

According to the patent application #20110215656, Apple creates an intelligent PSU by splitting the PSU circuitry into the normal regulating circuitry portion as well as a low-power monitoring or control  circuitry, which consists of extra wiring, a small battery as well as a microprocessor. The extra circuitry is used to monitor whether there is activity on the side of the electronic device or not, which is determined by sending data back and forth. If there is data flow, the control circuitry will enable the regulating circuitry; if there is no data flow, it will decouple the regulating circuitry and prevent it from drawing power.

To power the control circuitry, Apple uses integrated and rechargeable “power storage” that is charged during normal power flow to the AC-DC unit. While the patent does not explicitly mention another charging process, it is reasonable to assume that the circuitry would be intelligent enough to charge its battery through the wall socket before running out of power, even if a connected electronic device is turned off.

This PSU idea, which was filed as patent on April 29, 2011, is the kind of out-of-the-box thinking that reminds me of Apple’s magnetic power plug that is a seemingly small step, yet has the potential to make your life much more convenient. A PSU itself may not draw much power, but if you consider how many PSUs your household or office uses, those small improvements could amount to significant power savings down the line.

I am not aware of any reliable information how much power the average PSU draws when a device is turned, off, but Apple’s inventions is even more interesting if you leave your electronic devices in standby mode: According to the patent, the control circuitry would even be able to limit the regulating circuitry when a device is, in fact in standby mode and requires minimal power. Standby power, however, is one of the huge culprits of wasted power usage in our lives as desktop LCDs can use about 0.2 watts when in standby, a PC 1.5 watts, a broadband router 2 watts, a cable modem 5 watts, and computer speakers 7.5 watts.

Add everything up and limiting the power usage or turning your electronics off suddenly makes a lot of sense.

Ethan McKinney in Business on September 09

Mozilla Threatens CAs With Possible Removal From Firefox

ComodoHacker’s claim to have access to more certificate authorities (CAs) than just DigiNotar has apparently prompted Mozilla to ask all other CAs to investigate their CA infrastructures for data breaches and confirm specific security barriers in their certificate issuing process.

Kathleen Wilson, CA certificates module owner at Mozilla, notified CAs that are supported by Firefox that Mozilla is expecting them to go through a list of requirements that has been created to safeguard Firefox users. 

The CAs have until September 16 to

- audit their PKI and check their infrastructure for intrusions at CAs and RAs

- send Mozilla a list of cross-signed CA certificates - confirm that the CA requires multi-factor authentication - confirm that there are automatic and manual blocks in place for high-profile domain names - confirm technical controls to “restrict issuance” to certain domain names to third party CAs and RAs or provide a list of all third parties with links to their certification practice.

Wilson noted that “Mozilla recently removed” the DigiNotar root certificate in Mozilla, because DigiNotar “failed to promptly detect, contain and notify Mozilla of a security breach regarding their root and subordinate certificates.” She did not explicitly threaten other CAs with root certificate removal, but said that “participation in Mozilla’s root program is a [Mozilla's] sole discretion” and that Mozilla “will take whatever steps are necessary to keep [its] users safe.” That said, Wilson also noted that Mozilla wants to work with CAs as “partners.”

To us, it is pretty clear what Wilson’s words mean. (We tend to think that Wilson wrote this post as  Mozilla employee and in the name of Mozilla.) Failure to comply with its requests will result in certificate removal. The email is justified, even if its tone is a bit out of place. Security and trust in certificates has to be restored and, given the current situation, there isn’t much time. Better safe than sorry, I guess.

Daniel Bailey in Business on September 08

Turning Around Yahoo: An Apple Based Primer

Yahoo just fired their CEO largely because she failed to turn Yahoo around. Failures such as Yahoo and successes such as Apple differ from the start. A successful turnaround actually looks very similar to a successful startup in its transition phase suggesting the same skills needed to cure an ailing company can be found in a firm successfully transitioning from an unprofitable startup to profitable sustaining firm.

Three Phases

A company goes through three phases to success. They are founding, transition, and sustaining. There is a fourth phase, decline, that generally occurs (realize that you can count the firms that have been around 100 years on your fingers), but since we try to avoid that phase, I won’t dwell on that.

A turnaround is very similar to taking a firm from its founding or startup phase to a sustaining profit stage and it often requires a different skill set than either the sustaining phase or the startup phase. It is interesting to note that, while it is common for CEOs to be good at one of these phases, given the massive differences, it is very rare for a CEO to be able to do all three successfully.

This is because those that are good at doing startups like small teams, have deep personal loyalties and passions, and often relatively short attention spans. The most successful transition executives have few ties to the way things were in the startup and can focus like a laser on the eventual profitability goal, and sustaining managers are good at not breaking things that are working. In the first two phases, excitement is a way of life, but, in the third, it often is a bad thing.

Steve Jobs initially showed competence in startups, but as he matured that maturity led him to excellence in transition and eventually enabled him to create one of the strongest sustaining companies I’ve ever seen. In a way, his skills changed, which made it unlikely that he could ever do another successful startup, but making him ideal for running Apple in its current form.

The Second Most Important Part

The second most important part of any firm going through a transition is its core team. You have to have a stable group of folks who can work well together and cover the critical aspects of the firm. This never seemed to happen with Bartz in Yahoo and this is often why a high profile, very highly paid, CEO fails.  The star status of the CEO and their unusually large compensation tends to make it difficult for the core team to work as a team. Having said this, that doesn’t mean they have to operate as peers. In fact, a solid line of authority is generally best, but if the CEO is massively overpaid it can both foster resentment in his or her subordinates and their salary can become a big distraction for the board, the executives, and employees.

The Most Important Part

The most important part is vision. This can be a very different problem for a startup and a turnaround. A startup generally gets to the transition point as a result of the successful vision from its founders. A turnaround often is in trouble due to either the lack of a vision or a failed vision. But without a clear idea of what is trying to be accomplished it is virtually impossible to pick the core skills that are needed – let alone execute a successful turnaround. Experienced boards either hire to vision that they believe can be achieved or use the interview process to discover which CEO has a vision for the firm they think will be best and then assess whether that CEO is capable of building a team to execute it.

Inexperienced boards do what Yahoo’s board did with Bartz: Hire a CEO who has been successful and hope they can repeat that success. This approach, as we saw with Bartz, is rarely successful. Jobs came back to Apple with an initial vision in line with Apple’s creation and then, once survival seemed more assured, altered it to embrace the iPod.

Where Bartz Failed

Bartz failed at three levels. First her selection wasn’t based on a vision and she wasn’t able to create a viable vision. Second, she was massively overpaid and her salary added significant difficulty to the process. Third, the combination of the first two things didn’t allow her to form a team that could succeed. Fourth, she never was able to take the company down to a level that created a foundation she could build from. In short, like a house of cards, she lacked a foundation of vision, team, and offerings Yahoo would have needed for a turnaround.

The next team should look at how Bartz failed, how Steve Jobs succeeded, and craft a simpler, more evenly skilled, team and product set that can be a foundation for a new Yahoo. If that happens Yahoo’s success is more assured, if it doesn’t Yahoo will join Netscape in the history books.

Rob Enderle in Business on September 07

ComodoHacker Claims Responsibility For DigiNotar Hack

As the Dutch government is reportedly preparing a complaint against Iran, there is now an individual who claims to have broken into DigiNotar and issued 531 fake certificates. He says he is in control of four more CAs and hinted that he will not stop now. The hack may not have been targeted at Iran after all, but there is still a political motive that is directed against the Dutch government.

Security researchers from F-Secure were first to notice ComodoHacker’s updated Pastebin page, which delivers some clues about the DigiNotar hack. ComodoHacker, who created fake certificates back in March, also with an origin that pointed to Iran, said that not an “Army” in Iran, but he as a 21-year old individual penetrated DigNotar 5-6 layers deep and “owned” their entire computer network. He published DigiNotar’s administrator password as evidence that he breached the company’s network. DigiNotar has not replied to our request to either confirm or deny ComodoHacker’s claims.

ComodoHacker says that he has also access to four more Certficate Authorities (CAs) and he is able to issue certificates as he desires. He also claims that he can send out Windows Update messages in Microsoft’s name. To proof his point, he is offering Microsoft’s Windows Calculator for download that is signed with a Google Certificate.

There appears to be still a political motivation behind the hack, as the hacker says that the attack is directed at the Dutch government in retaliation for the July 1995 events in Srebrenica, Bosnia. Back then, 110 Dutch peacekeeping troops were stationed to protect the Muslim population of the town, but were overrun by Serbs who committed what is now know as the Srebrenica massacre or genocide, in which between more than 8000 people have been slaughtered. The Dutch Peacekeepers reportedly were lightly armored and accepted rapes and killings that took place close by. Following a report on the events in Srebrenica, the Dutch government accepted partial responsibility for the massacre and the cabinet resigned 2002.

Pastebin Screenshot

ComodoHacker directly refers to the events in Srebrenica: “Dutch government is paying what they did 16 years ago about Srebrenica, you don’t have any more e-Government huh? You turned to age of papers and photocopy machines and hand signatures and seals? Oh, sorry! But have you ever thought about Srebrenica? 8000 for 30? Unforgivable… Never!” […] “I heard also that Dutch government tries to gather documents and make a compliment against Iran, really? Shame on you man! Have you been in court for Srebrenica? Who should file compliment for Srebrenica? You should pay, these are consequences of Srebrenica, just know it! This is consequence of fighting with Islam and Muslims in your parliament.”

He claims that his actions affected the Dutch government as government services had to be shut down and DigiNotar has been virtually deleted as a trustworthy CA authority globally.

Kurt Bakke in Products on September 06

Chrome Gets A Suicide Feature

oogle has added a few more features to Chrome recently. One of them is a self-crash mode, if the browser finds that it can’t gracefully shut down.

New releases of Chrome are being granted 25 seconds to shut down. If the browser still hangs after 25 seconds, Chrome will simply crash itself, Google’s revision log indicates. We have not been able to test the feature, but we are told that it is integrated in Chromium 15 builds 99620 and higher.

If you have not checked the Chromium flags page (about:flags) lately, a few other additions may also have slipped under your radar.

There is now support for smooth scrolling (which shows animated scrolling when using the space bar to jump further down in a long page), a new (not functional download UI), automatic pre- and auto-logins to Google pages, taskbar Chromium logos that feature profile logos, greatly enhanced syncing customizations, including the option to sync search engine settings as well, and improvements to the prerendering process, which includes several memory improvements.

Google also added a first interface for controlling WebIntent settings.

Daniel Bailey in Products on September 06

Mozilla Developer Attacks DigiNotar Over Now 531 Hacked Certificates

The attack that compromised DigiNotar’s certificate authority infrastructure is much worse than originally thought: There were 531 fraudulent certificates that targeted the web sites of not just Google, but popular destinations such as Twitter, WordPress, Yahoo and Facebook as well as the sites of secret services. A Mozilla developer is taking the lead in criticizing DigiNotar and is accusing the company of being deceptive. DigiNotar is now engaging in damage control and restates what we know already: It was a politically motivated hack that especially threatens the privacy and security of Internet users in Iran.

Last week, a Google Chrome user noticed suspicious certificate activity in his browser, which has lead to the discovery of one of the most extensive Internet security hacks that went unnoticed for more than a month and was covered up by certificate authority (CA) DigiNotar. While we initially knew that there were “multiple” fraudulent certificates and Google’s changes in Chrome code hinted that there may have been a total of 247 fake certificates, the Dutch government now confirmed that 531 certificates have been affected and enabled the attackers to intercept communications between users and those sites. Organization sites included in the hack are Mozilla, LogMeIn, WordPress, Facebook, Twitter, Skype, CIA, Google, The UK Secret Intelligence Service, Verisign, Israel’s Mossad, and Live.com.

Mozilla developer Gervase Markham, who apparently led the investigation in the data breach on Mozilla’s side, expressed frustration with DigiNotar and the lack of its responsiveness. In fact, even upon the discovery of the breach, DigiNotar’s parent company felt no need to provide a complete data set describing the breach. It simply admitted that its CA infrastructure had been compromised, but remained unclear about the extent and simply told investors that there would be no financial impact on Vasco’s operations. Markham now said that his initial requests for information from DigiNotar were not answered and the company’s public statements “have been, at best, incomplete and at worst actively misleading.”

Markham’s blog post indicates, if we are generous, at least gross negligence on DigiNotar’s side. The way the security breach was handled did not only put the Internet security of countless users at risk, put possibly the lives of particularly Iranians as well. The decision to remove trust for DigiNotar certificates overall in web browsers was a reasonable decision as a result. Markham also said that Mozilla exempted certificates owned by the Dutch government per request by the Dutch government, which apparently claimed that those certificates should be trusted. Security firm Fox IT later found that those certificates may have been compromised as well and trust for them was removed in Firefox as well. Mozilla questioned how the motivation of the Dutch government could have given an assurance that its certificates are secure when they were not.

DigiNotar responded to the sharp criticism with another public statement. The company now says that the attack was designed to obtain confidential information of people in Iran and that the hack was “politically inspired.” DigiNotar claims that it is now doing what it should have done when it discovered the hack in July and take the CA systems offline, and work with browser makers to block the fake certificates. It now also advises end users to take “online security warnings seriously.” However, the company still portrays itself as the victim, while some may claim that its decision not to disclose the security breach back in July and not to address security concerns immediately and appropriately have made it a catalyst to support successful data interceptions.

Neither DigiNotar’s security response nor its PR have worked very well and may spark a new discussion how much people can trust a CA. To us, however, it seems as if DigiNotar has lost all its trust as a CA.

[Update: Upon our best belief and interpretation of Markham's post and an explanation that was headlined "Our Response", we assumed that Markham was explaining the data breach and Mozilla's investigation that he conducted on behalf of Mozilla and therefore referred with the claim of "our response" to an official Mozilla opinion. As we now learned, that assumption was false and Markham did not refer to an official Mozilla opinion, but posted the explanation of Mozilla's decision to remove support of DigiNotar certificates as his own opinion. We changed the headline of this article as a result.]

Daniel Bailey in Business on September 05

A Year In Browsers: Dazzling Performance Gains!

CTPI Benchmark & Analysis – There is no other mainstream software category that evolves as fast the web browser. Recent announcements by Mozilla to upgrade its JavaScript and graphics engine were reason enough for us to compare the developer versions of upcoming IE10, Firefox 9, Chromium 15, Opera 12 and Safari 5.1. And boy, were we surprised!

It has been some time since our last browser performance test and since our last update to our CT Performance Index (CTPI). One of the reasons simply was that the browser speed race in JavaScript performance was largely declared over at the time Firefox 4 was released earlier this year and Google indicated that there would be only be marginal improvements in the future, even if JavaScript execution remains the most critical component in future web apps as JavaScript will be the interface to hardware acceleration in technologies such as WebGL and WebCL.

Last week, Mozilla announced that it has found new ways to accelerate Firefox in JavaScript again – we found that claim to be accurate as Firefox 9 was up to 32% faster than Firefox 6 in a quick benchmark run. However, new versions of Firefox (starting with version 7) will also get Mozilla’s new Azure graphics backend that promises much better graphics and Canvas 2D performance that can challenge the class-leading graphics engine in IE9 and IE10. Our JavaScript and HTML5 benchmark index revealed that browser performance has shifted within half a year.

A few notes

Our performance index does not compare absolute benchmark result against absolute benchmark result. In the end, what does a score in WebViz of “2823″ really mean? Our index compares the performance of a browser to the performance of Firefox 3.6.11, which we use as our baseline benchmark with a performance level of 100% in each category. A performance of, for example, 150% would mean that this specific browser delivers 50% more performance than Firefox 3.6.11. Rather than giving our readers absolute numbers, we believe that a relative performance index is much more useful. we are providing the absolute performance numbers in a separate table as well.

Keep in mind that all test results heavily depend on the software and hardware test platform. All our browser tests use an off-the-shelf Dell Studio XPS 7100 PC that Dell has donated to us for the purpose of browser performance evaluation. The hardware includes an AMD Phenom II X6 1055T processor with six CPU cores. The PC has 8 GB of memory and integrates an AMD Radeon 5870 graphics card and runs on an up to date Windows 7 OS. Depending on the hardware in your PC, your benchmark results may vary. However, our benchmark parcours is designed to test a wide variety of browser features and balance the strengths of each browser.

Our JavaScript run includes Sunspider 0.9.1 (50 iterations, weighed at 60%), Mozilla Kraken (20%) and Google V8 (20%). Our HTML5 evaluation includes Asteroids (Canvas 2D effects, 20%), WebViz Bench (25%), Mandelbrot Canvas 2D (15%), GUIMark 2 Chart (10%), GUIMark 2 Gaming (10%), GUIMark 2 (10%), Microsoft Pysychedelic Browsing (5%) and Microsoft Mr. Potato Gun (5%).

The browsers included in this test are:

Firefox 3.6.11 (baseline browser)

IE10 PP2 Firefox 9 Nightly (August 31 build) Chromium 15.0.871.0 Build 99507 Safari 5.1

Safari 5.1 stands out as it is a stable and not a final version. Apple does not provide easy access to developer versions of its browser and the raw Webkit build does not truly reflect what Apple’s next browser may be. However, we thought it would be interesting to see the difference of this browser in comparison to the developer version of the other upcoming Webkit browser, Chromium. That said, it is no secret that Safari not a competitive browser on Windows anymore and that is in desperation need of a new installation process, much memory management as well as JavaScript and HTML5 enhancements. So think of Safari as a complementary extra, but not as critical information in this test.

JavaScript: Firefox Catches Up

There is little denying that Chromium owns this discipline. It is more than 7.3x faster than Firefox 3.6 across Sunspider, V8 and Kraken. Firefox 9 follows with a 5.2x advantage, Opera with 3.5x, IE10 with 3.0x and Safari with 2.3x.

Chromium wins all three disciplines with a significant margin, while we notice that Firefox 9 is slowly catching up with Google and may be able to match Chrome with its new IonMonkey JavaScript engine. IE10 has fallen behind again: Chromium is 33% faster in Sunspider, 74% in Kraken and 272% in V8. Opera, which dominated the JavaScript discipline in the past, is just ahead of IE10 and placed third twice and placed fourth once in this run. Both Opera 12 and IE10 need JavaScript enhancements desperately as this discipline is driven by Google and Mozilla these days. There is no reason to use Safari 5.1 on Windows these days and Apple may want to think about removing the claim as world’s fastest browser, as long as Apple considers Windows a part of this world.

Firefox 9, which is scheduled for a December 20 release showcases the impressive improvement Mozilla has made in just one year. Compared to Firefox 3.6, Firefox 9 is 4.2x faster in Sunspider. 4.3x faster in Kraken and 9.4x times ahead in Google V8.

Wolfgang Gruener in Products on September 03

Chrome Market Share Growth Slows In August

While Google’s Chrome posted its 34th consecutive month of market share growth for August, the browser also posted its lowest growth rate since November 2008. Just a hiccup or a first sign that it will get tougher for Google to acquire market share from its rivals.

Google continued its phenomenal pace which added 1.03 points of market share to Chrome, which now stands at 23.16%, according to StatCounter. However, the percentage growth rate was just 4.65%, the lowest in 34 months and the lowest positive growth rate for the browser overall. The losses posted by IE and Firefox, 0.58 points and 0.46 points, respectively, also continued to closely match Google’s gains, which suggests that Chrome can attract both Firefox and IE users.

IE is now down to 41.89% and Firefox is at a 31-month low of 27.49%. Firefox market share peaked in November of 2009 at 32.21%. There was no indication that the rapid release process is slowing Firefox’ market share losses at this time as the browser surrenders about half a point of market share per month. At the current pace, it will be surpassed by Chrome in November of this year.

Microsoft continues to struggle and there is no sign that it will be able to halt or even revert its losses. A few days ago, we reported that IE had, for the first time in 13 years, fallen below 40% market share for the first time on a single day in August.

However, Microsoft largely ignores this trend and focuses on IE9 on Windows 7. The company quoted Net Applications and said that IE9 now holds almost 27.7% share on Windows 7 in the U.S. and 20.4% globally. Chrome is gaining market share at a similar pace and holds 18.3% of Windows 7 share globally, but only 12.7% in the U.S. Firefox is at 13.2% globally and 11.3% in the U.S.

Daniel Bailey in Business on September 01

Firefox 9 Gets 30% Boost In JavaScript Performance

There is more room in JavaScript to get faster. The most recent nightly builds include Mozilla’s Firefox 9 nightly builds include support for type inference, which accelerates Firefox in JavaScript benchmarks by up to 32%.

While we considered the JavaScript performance battle between web browsers to be critical up until the beginning of this year, a fast compiler has become a given in modern web browsers and the focus on performance disciplines has largely shifted to HTML5-driven features, such as Canvas. Google, which has been responsible for the aggressive JavaScript push in 2009 and 2010, appeared to have abandoned JavaScript performance as it considered JavaScript compilers not as the bottleneck of web browser app performance anymore.

However, JavaScript improvements are still being implemented and as Mozilla is developing its next-generation compiler called IonMonkey, we are noticing especially Google and Mozilla making huge improvements that send IE to the back of the pack again. Mozilla recently added type inference to its JavaScript engine, which refers to a process in which the compiler is using contextual information in the code to “infer” missing type information. The feature is present in programming languages such as Visual Basic 9 and up, C# and Clean among others, but is a novel concept for JavaScript.

Mozilla’s JavaScript lead Dave Mandelin announced the new feature and claimed performance improvements of up to about 44%. We could not resist to take Mandelin’s claims to the test. Our results showed that, compared to Firefox 6.0.1, Firefox 9 Nightly was 11% faster in Sunspider, 32% in Kraken and 24% in Google V8. Given the fact that variations in hardware impact the performance results, type inference has, in fact, a big impact on Firefox JavaScript performance. It is not enough to give it the lead among all browsers, as Chrome has seen and even bigger jump in Kraken performance, but Firefox is now clearly ahead of Microsoft’s IE10 PP browser. We ran our benchmark on an off-the-shelf Dell Studio XPS 7100 PC with an AMD Phenom II X6 1055T (2.8 GHz) processor.

With the upcoming memory usage enhancements as well as the addition of the Azure graphics backend in Firefox 7, GUI improvements in Firefox 8 and more performance improvements in Firefox 9, Mozilla appears to be in a much better position to make its case for a compelling browser and compete with Google Chrome. We also checked a few HTML5 and WebGL benchmarks, which included Mozilla’s WebGL port of Microsoft’s FishIE tank, which simulated 10,000 fish (!) at 54 fps, compared to just about 29 fps with the current graphics backend in 6.0.1.

It is reason enough for us to run a comprehensive benchmark comparison. Check back soon for those results. You can download the Nightly build of Firefox 9 here.

Wolfgang Gruener in Products on August 31

Why Firefox Could Own Browser-Based Gaming

Google and Microsoft are heavily pushing the creation of HTML5 games for Chrome as well as IE9 and IE10. However, the opportunity is much greater for Mozilla, which isn’t nearly as active in this space as its rivals.

We stumbled over this bit of data during our routine checks of market share data that is provided by a number of reputable sources. This particular one comes courtesy of Valve’s Steam unit, which has become the dominant digital game distribution service worldwide. According to Valve, Steam had more than 30 million paying subscribers at the end of October 2010, about 5 million more than in January of that year.

The Steam Hardware and Software Survey for July 2011 reveals a huge gap between the browsers that are installed on the computers accessing the Steam service. Apparently, gaming enthusiasts have a preference for the Firefox browser. 63.05% of all Steam gamers using the Windows platform have a version Firefox on their computer, while only 19.82% have Internet Explorer and only 11.56% use Google Chrome. Valve did not offer a breakdown of versions among those browsers.

HTML5 gaming is still in its early days and both Microsoft and Google are aiming to capture a big chunk of that developing opportunity. Yet it is Mozilla that seems to currently own the enthusiast gaming market, at least as far as the presence of the browser on their computers is concerned. There is a tremendously influential user base that Mozilla could tap for its marketing and a quickly emerging segment of browser applications.

Should Mozilla go after this opportunity? We think so. There ought to be more to this than the current Mozilla Labs gaming site.

Daniel Bailey in Business Products on August 30

DigiNotar Confirms Google SSL Security Breach

SSL Certificate Authority (CA) confirmed an intrusion in its infrastructure, which resulted in the fraudulent issuance of public key certificate for “a number of domains,” including Google.com.

DigiNotar, whose certificate has been revoked in browsers from Google, Mozilla and Microsoft, said that it detected the breach on July 19, 2011 and deleted the affected certificates. An external security audit verified that all fake certificates were revoked. However, the Google certificate was not deleted:
“Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. After being notified by Dutch government organization Govcert, DigiNotar took immediate action and revoked the fraudulent certificate.” DigiNotar said that the attack was “targeted solely at DigiNotar’s Certificate Authority infrastructure for issuing SSL and EVSSL certificates. No other certificate types were issued or compromised.”
Vasco, the parent company of DigiNotar, told its investors that it does not expect a huge impact resulting from the security breach, as DigiNotar’s SSL business brings in less than $100,000 per year. The note is possibly a response to Google, Mozilla and Microsoft removing DigiNotar as a trusted CA in their products and a new discussion how safe CAs can be. We can’t help but think that the timing of DigiNotar’s press release is strange and we wonder why it did not provide that information when it discovered the breach back in July.

Kurt Bakke in Products on August 30