.blog

I’ve uploaded a new version of Chromium to the main site. We’re now at Version 5.0.375.127. The most notable feature you’ll see in this release is probably Sync, a feature that allows you to share your user data across computers via your google account. You can download this new version here.

I’ve uploaded a new version of Chromium to the main site. We’re now at Version 4.1.249.1036 (build 42052). Features aside from security fixes include Browser Extensions, Browser Themes, and new Privacy Feature. You can download this new version here.

The web is not supposed to be browser centric or designed to be displayed on any specific groups of browsers. It is supposed to be protocol specific and browser / program neutral. Protocols and design specifications are produced by the Internet Engineering Task Force. These standards take the form of RFCs (Request for Comments) and document the protocols, mechanisms, and procedures we use on the net. This whole process is quite open, anyone can influence and participate in the development of these standards. Groups like the World Wide Web Consortium work in conjunction with the process to define a neutral standards-based web.

The implementation of these standards is up to the individual programmer. If one is to design a website, you are supposed to design one that meets whatever standard you choose. The standard is announced in the header information you include in your web document. For example, Youtube.com includes the following information that tells us what standard (or DOCTYPE) their content follows:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">

We should be able to display their website as long as we know how to interpret and display HTML 4.02 Transitional. This is how the Web is supposed to work.

Unfortunately, many larger companies (like Google / Youtube) seem to have forgotten this. Instead of designing a website that focus on the standards, they opt to design websites that focus on specific web browsers. If you were to view Youtube.com with a standard’s compliant web-browser (like Chromium) that isn’t in the top five list of modern powerhouses (Chrome, Safari 4, IE 8, Opera 10 or Firefox 3.6) then you’re greeted with a message telling you that your browser is unsupported. To me, this is just a reminder that Google is a company and at the end of the day it’s the bottom line that matters most not some idealistic good-guy notion of standards-compliance or open source.

Just a note that I’m testing a newer stable release of Chromium. I had released 3.0.190.0 for download but have since pulled it since it looks like it has stability issues. I’ll be looking into it or another more up to date stable release soon. For anyone who actually checks the site for updates, don’t worry, we are not going to go the way of srware’s Iron or other Chromium offerings and just fade away. I actually use the software and intend to keep it relatively up to date.

I’ve uploaded the latest stable build of Chromium (build 8861) which updates the browser to Version 2.0.160.0. This is a major improvement over the 1.0.156.0 release from January. You can download it from the main site.

You might have seen the headlines about the recent successful attack against digital certificates signed using the MD5 hashing algorithm. This weakness affects everything from email to banking and it is important to be conscientious about what sites and certificates you trust. Fortunately there are a few things you can do to protect yourself.

The First thing you want to do is to tell your web browser to check for server certificate revocation. This ensures that the issuing CA has not revoked the server certificate. If someones certificate is forged and that certificate is revoked you don’t want your browser to continue to trust it. To enable this option you need to open up the Options Tab, view Under the Hood and scroll down to the Computer-wide SSL settings.

Another thing you might want to do is ensure your trusted website is not depending on the flawed algorithm. You can view the signature algorithm by first clicking on the secure connection icon in the omnibar.

This will display the security information for the website. Click Certificate Information to view details on the server certificate.

You want to examine the Signature algorithm in the details tab. As long as your trusted website is not using MD5 (md5RSA) you should be ok.

This means that your bank or email provider is not depending on the flawed algorithm. The only catch to this is that a phisher could forge this part of the certificate to provide misleading information. So only use this technique to verify that your currently trusted site is not depending on MD5.

If you find that a site you trust is using MD5 then my recommendation is not to use that online service, because even if the certificate hasn’t been compromised the security of the site is inadequate and those responsible for the security of the site haven’t taken the precautionary steps to ensure your online safety.

As i’m sure many of you have read, Google Chrome has come out of beta and with it Chromium gets an update! Chromium version 1.0.156.0 is available for download.

Most people have probably explored the application shortcut available through the Chromium menu. What this does is make a shortcut on your desktop or in your quicklaunch area that passes a command-line switch to Chromium telling it to launch the web address in application mode.  What most people don’t realize is that Chromium accepts about one hundred different switches from the commanline.  Now most of those switches aren’t going to be useful at all unless you are a developer, but some are pretty cool. For instance, did you know that you can automatically launch your browser in incognito mode?

PS C:\chrome-win32> .\chrome.exe --incognito

If you can examine the source code you’ll find these switches in \chrome\common\chrome_switches.cc

Google Chrome is awesome, except for data leakage through Google Updater and the License Agreement. Enter Chromium, the Open Source web browser that Google Chrome is built from. It does not have these “features” and still manages to keep everything else that is good about Google Chrome. This Open Source parent to Chrome has been understandably under-advertised by Google (they want you to use their browser). So i’ve gone off and done the responsible thing. I’ve have created a blog to promote it and to provide a binary for end users. I hope you enjoy it. – nabiy

btw – chromium even works off of your thumb-drive so it makes a great portable web browser.

so google recently released their new web browser (google chrome) and i have to say that i’m am impressed with it so far. in my experience it out performs opera as far as speed goes and it seems very stable. one feature that i quite like is the built in task manager that lets you key in on embedded applications.

Another key feature is the use of processes instead of threads for each tab. i think security wise it is easier to isolate and protect processes from each other (especially on Vista) than it is to isolate and protect threads from each other. anyways, it’s a sweet new browser that is worth the download.