Chrome 62 Released With OpenType Variable Fonts, HTTP Warnings In Incognito Mode (bleepingcomputer.com) 79
An anonymous reader writes: Earlier today, Google released version 62 of its Chrome browser that comes with quite a few new features but also fixes for 35 security issues. The most interesting new features are support for OpenType variable fonts, the Network Quality Estimator API, the ability to capture and stream DOM elements, and HTTP warnings for the browser's Normal and Incognito mode. The most interesting of the new features is variable fonts. Until now, web developers had to load multiple font families whenever they wanted variations on a font family. For example, if a developer was using the Open Sans font family on a site, if he wanted a font variation such as Regular, Bold, Black, Normal, Condensed, Expanded, Highlight, Slab, Heavy, Dashed, or another, he'd have to load a different font file for each. OpenType variable fonts allow font makers to merge all these font family variations in one file that developers can use on their site and control via CSS. This results in fewer files loaded on a website, saving bandwidth and improving page load times. Two other features that will interest mostly developers are the Network Quality Estimator and the Media Capture from DOM Elements APIs. As the name hints, the first grants developers access to network speed and performance metrics, information that some websites may use to adapt video streams, audio quality, or deliver low-fi versions of their sites. Developers can use the second API -- the Media Capture from DOM Elements -- to record videos of how page sections behave during interaction and stream the content over WebRTC. This latter API could be useful for developers debugging a page, but also support teams that want to see what's happening on the user's side.
Media capture from DOM elements (Score:1)
Re:Media capture from DOM elements (Score:4, Insightful)
This is exactly the problem. Unless this has user opt-in required for each site, this is a gaping potential security hole.
Re: Media capture from DOM elements (Score:1)
Do you honestly think that Google, one of the largest software developing organizations in the world, employing many of the most talented software developers in the world, overlooked such obvious security implications?
If a lowly /. user like you was able to identify these potential security issues, then Google's developers know about them too, and factored mitigation measures into the design of this functionality.
Re: (Score:3)
Google's developers surely know about these potential security issues, however Google isn't run by developers. It's run by marketing, ads and data-mining.
OTOH, Firefox is opt-in (Score:2)
I don't know how Chrome is handling video streaming,
But on the Mozilla side, all video streaming are opt-in.
Unless you authorize a website, it won't be able to stream video.
Re: (Score:3)
This Media Capture from DOM Elements API sure sounds like a potential grand-canyon-sized security hole.
Re: (Score:2)
If anyone's to blame, it's moz://a, I think. (Score:2)
I don't think that Google is embracing-extending-extiguishing the web. They can't really help it that Chrome has over 50% of the browser market [caniuse.com]. It's not a monopoly situation; there are numerous other competing web browsers out there, including from major vendors like Microsoft and Apple, that have a sizable share of the market.
I know a lot of people mistakenly think that Chrome is successful because Google advertises it. Well that's not the case at all. The reality is that people use Chrome because it's th
Re: (Score:2)
If you avoid Firefox, Edge is your only other choice on Windows and Safari is your only other choice on macOS. And both of these are the default browsers, so in both cases people have to choose to download and install Chrome.
Re: (Score:2)
Chrome comes bundled with many other popular applications. Like other malware, it even makes itself the default browser when possible. Users often get stuck with Chrome accidentally.
Re: (Score:2)
Rust, and Servo, instead of directing these resources toward improving Firefox.
How are Rust and Servo failures? The work on Rust and Servo is being integrated [mozilla.org] into Firefox to improve [mozilla.org] Firefox. Mozilla is doing exactly what you claim you want them to do.
Re: (Score:2)
What is stopping other browser vendors from having those same APIs?
Re: (Score:3)
Re: (Score:2)
What matters is that Firefox 57 still feels far slower and way more bloated than Chrome
It doesn't. You've plainly not used Firefox 57.
Re: (Score:2)
Do these "real use scenarios" include accidentally pressing Ctrl+Q when reaching for Ctrl+Tab or Ctrl+W, and having to restart the entire browser? Because the extensions that users of Firefox 56 and earlier could use to prevent Ctrl+Q from closing the entire browser no longer work in Firefox 57 and later.
Re:Firefox can't keep up with this pace. (Score:4, Insightful)
What is this, FUD?
I installed Firefox 57, headed over to /., and the render speed was jarring. I gave Firefox Sync a round of testing and found it wildly superior to Chrome's sync strategy (FSync actually keeps track of changes, whereas Chrome merely does a set union on your current running instance and the remote server - meaning that any sort of deletion action requires interesting gymnastics). The dark bar took a moment to get use to, but in the end feels great (too many websites shoot for the pure-white-elegance look and having the browser do that as well just hurts the eyes by the end of the day).
Servo failed? Servo is a testbed for Firefox, and ported chunks of it are what makes Firefox 57 so fast.
Rust failed? People are having serious discussions on how a kernel written in Rust would play out.
Firefox has no say? I mean...in what regard? UI? User tracking? Sure. In other fields, such as cryptography policies, Mozilla plays the flute.
Come on, now. Don't be so dramatic.
Re: (Score:3)
Except...I'm a Chrome user. Have been for maybe nine years. On a whim I gave Firefox 57 a shot and it feels great, so I'm using it.
Really, what is the chip on your shoulder?
Does "Chrome user" necessarily mean exclusive? (Score:2)
I gave Firefox 57 a shot and it feels great, so I'm using it.
So you're not a Chrome user, like you've wrongly claimed.
You're a Firefox user, like you just stated.
By "Chrome user", did you mean "occasional Chrome user", "regular Chrome user", or "exclusive Chrome user"? I seek this clarification because neither "occasional Chrome user" nor "regular Chrome user" is mutually exclusive with "occasional Firefox user".
Press Ctrl+Q and I'll reply (Score:2)
Really, what is the chip on your shoulder?
The chip is that extensions to disable the Ctrl+Q shortcut no longer work. Try composing a reply to me in Firefox 57 for Linux and then pressing Ctrl+Q before submitting it.
Re: Press Ctrl+Q and I'll reply (Score:2)
The question must be asked, why are you pressing Ctrl+Q.
I've used Firefox since it was called Firebird (and Netscape before that), and never once have I had this problem.
I think this is a user error. But that's just my opinion.
Accidental Ctrl+Q when reaching for Ctrl+Tab (Score:2)
The question must be asked, why are you pressing Ctrl+Q.
Because I am reaching for Ctrl+Tab to switch to the next tab or Ctrl+W to close a tab and missing, instead by accident pressing the key between them.
I think this is a user error.
How would I go about making my copy of Firefox 57 resilient to this sort of error that I have identified?
Re: (Score:2)
Rust and Servo have taken away resources that could have been used to improve Firefox
Rust and Servo are being used to improve [mozilla.org] Firefox. Those resources have not been wasted and neither Rust nor Servo are failures.
Interesting but... (Score:3)
Re: (Score:2)
And since Apple don't release Safari for older versions of OS X, it means my only choice is to switch to Chrome if I want to keep up with the latest web technologies.
Re: Interesting but... (Score:2)
Yeah, and Apple has only themselves to blame.
Re:Interesting but... (Score:4, Insightful)
The font changes are interesting but...... until other browsers support it, who in their right mind is going to design a chrome-only website? Maybe some kind of feature test could support this optimization, but then you'd have divergent code paths and that gets messy too. This is why it's better to work on updating STANDARDS instead of just adding one-off features... else it's internet explorer all over again.
After reading your first sentence, my first thought was "the same sort of people who used to design IE-only websites."
I got stuck using a Chrome-only website for a "training course" for work a couple days ago. Since Chrome now has a share of about 60%, this sort of thing is going to keep happening.
Re: (Score:2)
I think you're missing my qualifier, "right mind." Yes, there are people/companies that do stupid things. Anyone who had to support IE8 where having an id and a name that were the same meant document.getElementById could not longer fetch the id knows this all too well. And don't get me started on IE6...
And even if it does have 60% of the global market, that does not mean it has 60% of YOUR market, nor does it mean that 40% isn't important. 40% growth in ANY market is HUGE HUGE HUGE, and 40% loss the same.
Re: (Score:2)
I think you're missing my qualifier, "right mind."
Are you claiming that users ought to boycott sites operated by developers not "in their right mind" in favor of a different site operated by developers "in their right mind", or just doing without if there exists no suitable replacement?
Re: (Score:2)
Re: (Score:2)
Chrome only? Argh. I hate Chrome. I really wished web developers and designer stop being lazy and on one specific web browsers like that (remember IE only?). :(
Re: (Score:2)
who in their right mind is going to design a chrome-only website?
"Who in their right mind is going to design an IE6 only website!?" History does repeat itself.
Also, I can see a lot of projects adopting Chrome's core to provide a UI to an app. When looking at the mess that is Python's UI toolkits we decided to go with Flask and HTML5. With a bit more work we can just make 'a double click this exe and the app opens' interface. All driven on the backend by a web framework and HTML5, rendered locally in a chrome window.
Re: (Score:1)
Sounds exactly like back in the day. A ton of business apps embedded IE to render text and layouts. Removing it would break these apps because they assumed: I'm running. I only run on windows, therefore IE is available. Hence one reason (good/bad) that MS insisted IE couldn't be removed. It would cause a lot of hassle for the business customers.
Re: (Score:3)
The font changes are interesting but...... until other browsers support it, who in their right mind is going to design a chrome-only website?
If you're using Google Fonts for font hosting then you don't link the fonts directly; you link a CSS file on the Google servers that in turn links the font files. And they already serve different CSS files based on your user agent. Thus, from my understanding, for any site using Google Fonts this can be enabled transparently for supporting browsers without the site developer even knowing about it.
Re: (Score:2)
The font changes are interesting but...... until other browsers support it, who in their right mind is going to design a chrome-only website?
If you hadn't noticed, this is standard play from the Chrome playbook. They go for the first mover advantage [wikipedia.org] by implementing something before anyone else. When the standards groups finally start taking notice, Chrome has an already-working implementation that serves as the basis for new standards. We've seen this in the HTTP/2 an QUIC protocols.
Re: (Score:2)
The font changes are interesting but...... until other browsers support it, who in their right mind is going to design a chrome-only website?
It's not an either-or choice.
Re: (Score:2)
who in their right mind is going to design a chrome-only website?
The owners of Discordapp.com. Normally, someone who owns a "server" (their term for a guild, or a group of related users and channels) on Discord or has the "Manage Emoji" permission on a server can add up to 50 small images that can be used within in a message or as a reaction to a message. Uploading emoji works in Chrome, but it has been broken in Firefox since May 23, 2017. A Firefox user can only rename or delete emoji, not upload new ones. Clicking the Upload button neither has any visible effect nor p
Re: (Score:2)
Re: (Score:2)
And broke Flash again... (Score:2)
Re: (Score:2)
Or stop using insecure outdated software. I believe later versions don't use flash anymore
Re: (Score:2)
Yes, but.... (Score:1)
can you put the tabs below the address bar?
Re: (Score:1, Insightful)
What's the point of that? The address bar belongs to the tab you're in. Putting it above the tab makes very little sense in conveying this information to the user.
Re: (Score:2)
No
"Incognito" mode? (Score:2)
It doesn't save history, etc. etc. but when you open an incognito window, it is in a striking black background with a highly contrasting icon and letters saying "YOU ARE IN INCOGNITO MODE". Hey world, see, this browser window is in INCOGNITO MODE!!! Did you miss that? Here, let me use high contrast theme to tell you that this BROWSER IS IN INCOGNITO MODE!!!
Certificate viewing?? (Score:3)
Still no way to view certificates for my users. Unacceptable as developer tools are too hard to use for my older users over the phone to check if a site is a scam site or if they have been infected.
Why the hell did Google remove this feature? It's security 101
Re: (Score:2)
chrome://flags/#show-cert-link (was added in Chrome 60, IIRC.)
Thanks, random AC for this. I added it to my browser and it will make my life a bit simpler. However, the grandparent's concern still exists. It still is difficult to help users over the phone.
Fonts wasted on me (Score:3)
A couple of years ago I did everything I could with preferences and a user