Slashdot Mirror

It does.

That depends.

(that code is gone in more recent releases, but it's been there for several months)

Very interesting. There's no explanation in the commit that added it, nor the commit review, nor the commit or review when it was removed. It was removed just a few days after someone posted a complaint on the review of the commit that added it.

Does IE offer a choice of search engines the first time you run it?

It does, but it's not straightforward - it basically asks you if you want to use Bing or "something else", and it will only show the selector if you pick the latter.

I'm impressed they went that far. It's still a far cry from Chrome's three big buttons, making it look like changing the search engine is some obscure customization that only the knowledgeable or the adventurous should try, but better than I expected.

It does.

That depends.

(that code is gone in more recent releases, but it's been there for several months)

Does IE offer a choice of search engines the first time you run it?

It does, but it's not straightforward - it basically asks you if you want to use Bing or "something else", and it will only show the selector if you pick the latter.

It does that on all platforms on first run. But there was a time when it did not do that if you had LANG="ru".

The story he was referring to was not about the ability to change the search engine in general, but rather about the dialog that pops up when you first run Chrome on a given machine and asks you to select the initial default search engine (kinda like that browser ballot box that Microsoft had to add in Windows to satisfy EU).

Which is a nice thing - though not legally mandated in any way (but I bet it was a pre-emptive move by Google's legal department). Except that they then specifically disabled it if current locale is Russian. Legal, of course, but kinda sleazy to do this kind of market differentiation.

All that said, the code seems to no longer be present in Chromium trunk.

The story he was referring to was not about the ability to change the search engine in general, but rather about the dialog that pops up when you first run Chrome on a given machine and asks you to select the initial default search engine (kinda like that browser ballot box that Microsoft had to add in Windows to satisfy EU).

Which is a nice thing - though not legally mandated in any way (but I bet it was a pre-emptive move by Google's legal department). Except that they then specifically disabled it if current locale is Russian. Legal, of course, but kinda sleazy to do this kind of market differentiation.

All that said, the code seems to no longer be present in Chromium trunk.

Google's proprietary browser

Proprietary?

Here's the relevant info about Aura.

"No shipping browser currently supports this"...

Are you sure about that?
Support for the "noreferrer" option was added to Chromium in 2009.

Then I have some news for you!

Though it's been over a year and the codec is still supported, Google announced they plan to drop support of H.264 in the future. Opera also does not support H.264. Moving forward, I would wager that Google will phase out H.264 in favor of WebM on mobile devices as well. Google seems to be taking a more cautious approach of keeping H.264 support for now and hoping WebM catches on eventually before dropping it entirely.

parts of chrome may be OSS

True, but misleading. It's more like "small parts of chrome are proprietary". Almost all of it OSS and included in Chromium.

The V8 Javascript engine, for example, was all developed by Google and released under the BSD license.

I find it funny how most geeks who espouse the wonderful benefits of Linux and other open source software now hate Firefox and love Chrome.

I find it funny that you FUDsters are so easily amused.

"Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web."

http://www.chromium.org/

Chrome isn't. Chrome is derived from Chromium, Google adds a few miscellaneous bits to it, rebrands it then releases it as binary only.

I find it funny how most geeks who espouse the wonderful benefits of Linux and other open source software now hate Firefox and love Chrome.

I find it funny that you FUDsters are so easily amused.

"Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web." http://www.chromium.org/

You may not like them, but that in no way makes your statements valid. PPAPI is BSD licensed, and so usable everywhere a browser vendor chooses to use it.

NaCl on the other hand allows for native binaries using (effectively) the same APIs available to JavaScript, in compliance with W3C standards. In other words, if it's safe to run JavaScript from some web site, it's safe to run NaCl from some web site. The only difference is that it will run faster. It also isn't locked into a particular CPU: the eventual goal is to support llvm bitcode as the intermediary:

http://www.chromium.org/nativeclient/pnacl/building-and-testing-portable-native-client

You should like that last one: if successful, it will rip away the monopoly control from vendor-locked in App stores by standardizing the ability to run code that isn't controllable by a single party.

-- Terry

Looks like they have an implementation of the PPAPI:

http://www.chromium.org/developers/design-documents/pepper-plugin-implementation

No one wants to use Native Client because it will tie the web to specific CPU architectures. Comparing this to ActiveX is appropriate in some way, because it puts additional restrictions on what devices can access the web. If Native Client had come of age at the same time as JavaScript, real smartphone platforms would be probably still not exist, since websites would require x86 processors to run. Intel has only recently announced x86 chips that can provide decent performance while fitting the power profile of a mobile device, and only after getting their ass kicked for many years as the mobile market has continued to grow.

Native Client works on ARM as well, but actually there is something called Portable Native Client, which is truly architecture-independent since it uses LLVM-bitcode as its binary format. Conceptually, you can think of Portable Native Client as the penultimate step in creating a Native Client binary. If you stop at the step right before you turn it into actual machine-specific instructions, you'll be left with LLVM-bitcode which is then distributed to clients. Before execution, the clients only need to complete that final conversion step to convert the LLVM-bitcode into actual machine instructions that are native to that particular client.

Read more about PNaCL here: http://www.chromium.org/nativeclient/pnacl/building-and-testing-portable-native-client

Then you will be happy to hear that Chrome developers not only use delta patching, but that they also cooked up their own implementation where they decode x86 binary back to assembly, diff that and then reconstitute the x86 code, resulting in incredible savings over binary diffs. Here's the link, it's called Courgette.

Full update: 10,385,920 bytes
bsdiff update: 704,512 bytes
Courgette update: 78,848 bytes

I don't know what is so different in Chrome that it is so much faster and usable in general...but Firefox needs to get with the program.

Chrome has a multi-process architecture.

http://blog.chromium.org/2008/09/multi-process-architecture.html

Firefox does not but they're working on it.

http://blog.mozilla.com/products/2011/07/15/goals-for-multi-process-firefox/

They originally planed to implement a multi-process architecture with the Electrolysis project but they've since put it on the back burner.

http://lawrencemandel.com/2011/11/15/update-on-multi-process-firefox-electrolysis-development/

i wish chrome or chromium would support GPOs

Your wish was granted quite some time ago:

http://www.chromium.org/administrators/policy-list-3

http://www.chromium.org/administrators/policy-templates

i wish chrome or chromium would support GPOs

Your wish was granted quite some time ago:

http://www.chromium.org/administrators/policy-list-3

http://www.chromium.org/administrators/policy-templates

http://www.chromium.org/administrators/policy-templates

1) NaCl is free/open source software, both the SDK and the client implementation in Chromium; ActiveX was proprietary and every program required to be signed by Microsoft to run by default;

2) NaCl is secure (see this IEEE article, it's very interesting) and designed to be portable to different browsers and OSes; you can safely run untrusted code, just like you would do with JavaScript; ActiveX required not only to trust that the controls weren't malicious, but also to trust that they all were free of security bugs: if only a single signed ActiveX control somewhere had a security bug, it could be exploited to p0wn Windows PCs (that's why Microsoft had a growing list of signed controls and another growing list of signed-but-blacklisted controls).

Native Client is certainly not perfect, but please don't compare it to ActiveX. Entirely different beast.

Disclaimer: I speak only for myself and not anyone else. IANARE.

This page makes me think NaCl is part of chromium-browser as opposed to being one of the few non-free things bundled with chromium-browser to make Chrome.

I think it's still indicative of the problem GP mentions. The more code you are trying to pull in, the larger the footprint during the build process. You don't see a 'Hello world' program requiring a 3GB+ build footprint do you? No, because it's not doing enough to warrant that. Likewise, Firefox apparently *is* trying to do a lot. More than it used to at any rate.

Well you're right in that Firefox does need a hell rather large amount of RAM to build... but it's not just them; all browsers are trying to do a lot nowadays.

Chrome doesn't exactly have light build requirements either. In fact, the Chromium project already seems to have dropped 32-bit build environments:

A 64 bit OS is highly recommended as building on 32 bit OS is constantly becoming harder, is a lot slower and is not actively maintained.

(From "Build Instructions (Windows) - Build Environment")

That's why I think that the parent poster's implication that it's due to Firefox becoming "bloated" is basically hogwash. Browsers are more complex than they were in the mid-90s. That's what happens when you add 10+ years of new formats and technologies that must be supported for a browser to be considered "usable". Directing one's ire at Firefox is unwarranted, IMHO.

http://browserfame.com/38/firefox-addon-usage-stats
85% Firefox users have at least one add-on installed

http://blog.chromium.org/2010/12/year-of-extensions.html
one-third Chrome users use extensions

I can't find any data about IE "add-on/extension" usage nor could I locate a place on their site to look for plugins and as I do not run Windos not IE I do not know if it is in some menu somewhere, though I can get to chrome's and firefox's add ons from any browser. I know some exist and I have found few sites with lists of them, but due to the lack of ease finding them I figure most users wouldn't use them. (not that my guesses are worth much)

It would more accurately represent the browsers if firefox and chrome were tested with popular extensions installed as they could cause more security threats or in the case of noscript or adblock plus lessen them. (though noscript only has around a million users and adblock plus only eleven million.

Yes if it was a test between the vanilla browsers to see those differences then add ons and extension should of course not be included, but as it was a test of security their data is possibly skewed in favor of firefox and/or chrome/chromium/iron.

You mean like MSI and ADMx (Group Policy) extensions for AD?

http://www.google.com/apps/intl/en/business/chromebrowser.html

and

http://dev.chromium.org/administrators/policy-templates

http://dev.chromium.org/developers/design-documents/http-authentication

Chrome has supported Kerberos for a while. They kind of want to be able to work in IE environments so they need Kerberos to function in ActiveDirectory shops ... and well, their own internal networks are Kerberosized.

And yet Chrome is all right by you people.

This was my first thought too. People getting all pissy about Firefox getting rapid releases and switching to Chrome in response. Do any of them realize that Google were the pioneers of rapid release? Google started out with quarterly releases, which they then cut to six weeks, which was then adopted by Mozilla as their release schedule as Google seemed to have made a compelling argument for it.

So feel free to criticize Mozilla for rapid releases if you like, but give Google some credit too. It was their idea.

I don't have the time to spend a few days making a adm/admx file to modify the registry keys to make security configuration changes for widgets run from 0: My computer, 1: the local Intranet, 2: The Intranet, 3: untrusted Sites, etc...

I have five pages of settings on how to configure IE on my network. Almost every one of those security settings is applicable to Firefox, or any other browser. I have personally posted this to bugzilla, slashdot, etc... and the answer is: "Do it yourself (TM)" or use an obselete adm template for an old version of (Mozilla, Seamonkey, Firefox 2.x) - they should work.

I want to use a non IE browser at work. Yes, I will also have to use IE due to IE only applications we have - but at least not 100% of the time. The developers want to use Firefox outside of the sandbox. SECURE says: You have to implement the same security settings on every browser.

If I had to guess, I would say that Google will implement adm/admx files for security settings for Chrome on XP/7 before Firefox will. At that point, Chrome will get a large % gain in browser share because it will be implentable on corporate networks.

oops: http://dev.chromium.org/administrators/policy-templates they allready did it. Guess that's why Chrome has surpassed Firefox share.

Dev's requesting Chrome for their department in 3,2,1....

When I install or upgrade IE a popup asks me to choose my default search engine. It's true Bing is the default under "Express Settings", but you are given the choice.

Chrome does it on the first run as well, but, interestingly enough, they used to disable it in those markets where they run into significant competition (in this case, Russia, where the local search engine Yandex is dominant, and Google is a runner-up). They've since put the engine selector back after Yandex raised a fuss about it.

When I install or upgrade IE a popup asks me to choose my default search engine. It's true Bing is the default under "Express Settings", but you are given the choice.

Chrome does it on the first run as well, but, interestingly enough, they used to disable it in those markets where they run into significant competition (in this case, Russia, where the local search engine Yandex is dominant, and Google is a runner-up). They've since put the engine selector back after Yandex raised a fuss about it.

At expense of being modded down, I suggest Gentoo Linux.

Gentoo Linux is actually a meta-distribution, which means that you can use Gentoo to create your personalized Gentoo-based distribution. The package manager (portage), which builds packages from source, can compile the package to the same (as the host/running arch) or any other architecture transparently, while tracking dependencies and anything else you would expect from a modern package manager. We can argue that it provides more or less the same features as bitbake (openembedded) or buildroot (debian), but really the big benefit of Gentoo is that the cross-development tool is actually the same as the system's package manager. This means that your new embedded system can benefit from all the available packages in the Gentoo repository, given that they build for the target architecture - of course.
For more information have a look at http://www.gentoo.org/proj/en/base/embedded/handbook/
If you are not familiar with Gentoo but you are already know how to create a GNU/Linux system from scratch, learning how to use Gentoo utilities is straightforward. However, if you are both new to embedded Linux development and Gentoo Linux, it might take some time to get used to it. But once you get your development system setup and your team used to it, trust me, Gentoo makes it really easy because you can automate most of the process. An example is the Gentoo LiveCD (which is still Gentoo) which is automatically built in a regular basis.

I've seen some interesting use cases in the Gentoo embedded mailing list but probably the most important one is Google. Google is using Gentoo to build it's Chrome-OS, for more information look here - http://dev.chromium.org/chromium-os/developer-guide
There was a extensive discussion at Chrome-OS on what to use for their development system, and they ended up choosing Gentoo. Look up at their archives for the relevant thread since, if I remember correctly, the discussion provides a lot of pros and cons for some Linux-based embedded development solutions out there.

Just my two cents.

We are in the era of open source, so with that, if you dont like the direction they're taking, here is the source, http://src.chromium.org/viewvc/chrome/, now less complaining and more coding!

I just checked the chromium.org web site and it seems you can download all of the source code and build it yourself without adding in any proprietary bits.

"Chrome" is the official Google product and what you get when you download it from Google. It's a binary only release. "Chromium" is the open source version of Chrome without the proprietary bits.

Do you have a link which describes the proprietary bits?

Here's an official link from the early days, after people starting figuring out that Chrome was not fully open source:

http://blog.chromium.org/2008/10/google-chrome-chromium-and-google.html

"Chromium is the name we have given to the open source project and the browser source code that we released and maintain at www.chromium.org. One can compile this source code to get a fully working browser. Google takes this source code, and adds on the Google name and logo, an auto-updater system called GoogleUpdate, and RLZ (described later in this post), and calls this Google Chrome."

Here's a more up-to-date wiki. I don't know how accurate it is:
http://code.google.com/p/chromium/wiki/ChromiumBrowserVsGoogleChrome

But I do know that Chrome contain's Adobe's proprietary Flash plugin at the minimum.

You can also read the EULA for Chrome: http://www.google.com/chrome/eula.html , which includes the following:

"9.2 Subject to section 1.2, you may not (and you may not permit anyone else to) copy, modify, create a derivative work of, reverse engineer, decompile or otherwise attempt to extract the source code of the Software or any part thereof, unless this is expressly permitted or required by law, or unless you have been specifically told that you may do so by Google, in writing."

So any bits not open source are explicitly declared proprietary here.

The source for the extension is available so this might be a good chance to create an open-source alternative to TeamViewer and LogMeIn.

http://src.chromium.org/viewvc/chrome/trunk/src/remoting/base/

Is Iron a Scam? Yes

The article title appears to be too harsh, but basically somebody compared the Iron source code to the Chromium source code and found that the only real changes were to disable 3 items that were already user-configurable within Chromium.

Here's another article that suggests that the actual reason for the Iron fork was just to make money (using Google ads on their website) by taking advantage of peoples' fears about Google: The story of Iron

So if you really are worried about Google, you should also worry about the misinformation being spread by the creators of Iron. If you want to have access to the full source, I suggest installing Chromium instead of Iron.

They are using SPDY for the client to cloud connection, which is not only very fast but also https by design, you cannot have SPDY over plain http.

Google's dropping it,
http://blog.chromium.org/2011/01/html-video-codec-support-in-chrome.html

Then there's x264, which is GNU based, can't patent that, but it only works one way, makes the H.264 patent that much more complicated,
http://mewiki.project357.com/wiki/X264_Settings

All in all, this reminds me of the divx deal, it's patented, nobody cares its patented, and though it was a bit popular before the lockdown, it got quickly and promptly replaced and phased out. The only difference is this is a much grander scale for format patent wars :)

http://www.chromium.org/

If there is code verification for it to succeed, you must only allows a subset of X86 to be run else you run into the halting problem.

I don't think you understand the meaning of the term "code verification" in this context, or for that matter the term "halting problem."

not native speed as to sandbox you must create a vm like system.

Go read up on how Native Client actually works. It's not like it's a secret.

How is using Pepper different than ActiveX with Internet Explorer?

In at least one significant way: The Native Client code is all open source, like Chromium itself.

The above is not valid NaCl, since any indirect jump is encoded as a pair of AND/JMP instructions to ensure that the destination is 32-bit-aligned. Instructions cannot straddle 32-bit word boundaries, either (padded with NOP as needed). Thus, it is guaranteed that no jump will happen into the middle of an instruction. You can make it jump to the wrong instruction, but since we're dealing with segmented memory here, at worst you'll fuck up your own data and/or stack, and eventually segfault (which the sandbox can easily intercept and handle gracefully by indicating to the user).

See http://src.chromium.org/viewvc/native_client/data/docs_tarball/nacl/googleclient/native_client/documentation/nacl_paper.pdf

Note that NaCl code is only cross-platform in the sense that it's OS-independent. Being true native code, it's not processor-independent; if you want NaCl modules to run on x86, x64, and ARM, for example, you need to have compiled three separate versions of your NaCl binary, one for each architecture.

For now; though with NaCl now in a non-dev version of Chrome (its been in dev versions since 7 or so, I think) that probably means that there is going to be more focus on getting PNaCl (Portable Native Client) ready for public consumption, which will see code deployed on the web as LLVM bitcode and compiled to native code at the client, at which point you'll have real portability.

A quick googling finds that PNaCl is scheduled for Jan. 1, 2012 Beta release on Mar. 1, 2012 general release.

Of course, verifying and sandboxing JS is easier. However, JS is not high-perf enough for many real-world applications. The question then becomes whether it is possible to sandbox native code without some mindboggingly complicated scheme. And the answer is yes - and I invite you to read the NaCl research paper for details. The scheme is, in fact, surprisingly simple - less so than e.g. bytecode verifier for CLR.

Chromium not Chrome. Chromium is the open source version, which comes without things like built in pdf readers, h.264 support and built in flash.

While I realize the post was in the Chromium Blog, the January blog post says h.264 support is going to be removed from Chrome "to make it consistent with the codecs already supported by the open Chromium project."

Well, on that site it is really easy to compare browsers, as you may know Chrome will remove a few video codecs:

http://caniuse.com/#compare=y&b1=chrome+13&b2=chrome+14
http://blog.chromium.org/2011/01/html-video-codec-support-in-chrome.html
http://blog.chromium.org/2011/01/more-about-chrome-html-video-codec.html

So that is why it is dropping.

It is all based on things that can be checked/tested. The farther future numbers are very unclear.

Well, on that site it is really easy to compare browsers, as you may know Chrome will remove a few video codecs:

http://caniuse.com/#compare=y&b1=chrome+13&b2=chrome+14
http://blog.chromium.org/2011/01/html-video-codec-support-in-chrome.html
http://blog.chromium.org/2011/01/more-about-chrome-html-video-codec.html

So that is why it is dropping.

It is all based on things that can be checked/tested. The farther future numbers are very unclear.

Chrome/Chromium. Chrome has support for group policies and you can also get Chrome in .MSI format, although frankly you don't need .MSI you can use .EXE with AD as well.

While I work mainly with small business and home users I have begun switching them over to Comodo Dragon, based on Chromium. The Dragon doesn't break extensions, is fast, and has better security features IMHO like better SSL validation.

What someone hasn't explained to me though is WHY, why did they do this? Why when finally gaining share against IE and while facing the juggernaut that is Chrome would they purposely take a big old dump on their users and extension writers? It was the extensions that made Firefox and now they are jumping ship to Chrome/Chromium. When I first started testing Dragon many extensions simply didn't exist and now the ONLY extension I used on FF that doesn't exist for Dragon is NoScript and from what I've read the Chromium team is trying to work with the NoScript guy to come up with an API that will give him the hooks he needs.

So I just don't get it, what did they gain? They pissed on the enterprise which news flash, people tend to use at home what they use at work and admins aren't gonna touch FF now with a 50 foot pole, they pissed off the little shops and normal folks by causing massive extension breakage while at the SAME TIME pulling support for the previous version so we couldn't even stick with FF 4 until the extensions we needed got fixed, so what did they gain? Anything? Sadly IMHO Mozilla has become Netscape...an arrogant company without the code to back up the bad attitude. And we saw what happened to them didn't we?

First to answer your question: I agree about using Opera in business--I actually think that makes a lot of sense for businesses concerned about stability. I'm sure Opera would sell support agreements, and they don't have an insane release schedule, though they manage to keep up with standards. I suspect Opera doesn't have brand name recognition, so no IT manager would bother suggesting it out of fear of a backlash. For example, what if an obscure version of Oracle's timecard crapware fails on Opera? Then you would need to tell people to use IE or Firefox to run internal apps -- and you're back to the same problem.

As for Chrome-- "Google Chrome" is not open source because it includes a version of flash player, a custom trademark, and PDF support, among other things. (Firefox has this distinction too--the difference between Firefox and Iceweasel.). But in general, the developers actually want to release as much as open source as they can. They need to have a really good reason before deciding to make something closed source (usually a result of legal requirements, as in Adobe Flash's redistribution license).

However, Chromium comprises most of the code (enough that most developers modify and test chromium, and wouldn't notice the difference). Chromium is what you should be using: it is shipped entirely under the revised BSD license (it's about the most liberal open source license out there), and you probably can't tell the difference with the exception of missing a few google-specific features like Sync (most of these are open source but disabled by default).

If you want to use the open source version, feel free to download nightlies here (updater is disabled here since it doesn't make sense):
http://build.chromium.org/f/chromium/snapshots/
Or, if you want--just compile Chromium yourself. It's a cakewalk on Mac/Linux -- and it's easy on windows if you have Visual Studio.

To implement this thing correctly is would require that JS have direct access to the file system, which as I understand it, aint fucking supposed to happen

Too late.

The entire notion of the browser needs to be forked out to an application shell with hard as nails security and a presentation shell and never the twain shall meet.

What a novel idea!