Google Chrome: an index of what developers need to know (good and bad)
For quite some time, some of us have heard a very persistent rumor about the new Google browser. Well, here it is. And by that I mean: now. Well, tomorrow. And when you see some of the technological pieces it incorporates, it is definitely months ahead of the other guys (Javascript, you are so sexy!)
You can find the official announcement here.
Philipp Lenssen, at Blogoscoped, does a good job of listing the visually appealing goodies offered by Chrome. He even scanned and posted the comic book he got in the mail.
Here is, for your convenience, a list of what’s exciting for developers (oh yeah, it’s open source!):
Each tab runs its own process. Why, in this day and age, should a modern application that will remain open for days or weeks, stick with a memory model close to that of dinosaurs like VxWorks?
It’s WebKit + the V8 JavaScript VM. With a JIT compiler and all the optimizations offered by a VM, we should start seeing JavaScript performance close to that of native languages. Unfortunately, the DOM is not mentioned. Ideally, all DOM manipulation should be also compiled (with the possibility of inlining, etc)…we will know more as soon as we run some tests.
V8 uses aggressive garbage collection. OK I was a bit dishonest in the previous bullet point. This is a bit less exciting than some might think. Yes, there is a cost with conservative collection, since the gc needs to go through the execution stack and identify pointers heuristically and it is impossible to keep track of actual space allocation. Oh, and no generational collection…so, wait, it’s great that we don’t do that, right?
Well, I do not think that it’s the cat’s meow the Google guys are claiming it to be. Precise pointer housekeeping means that your program may incur quite a dramatic overhead, which of course depends on your program’s structure. For instance, one of the advantages of garbage collection is to reduce the need for synchronization in multithreaded programs. Precise housekeeping, however, requires the re-introduction of safe points, which force the compiler to synchronize bits of code where it is safe to reclaim memory. This would explain why some existing benchmarks show the new JavaScript VMs as not performing so well when simply running dumb loops as opposed to performing lots of local allocations.
Tabs run in their own sandbox. That’s certainly a proven security model and it makes it very hard to meddle with another tab’s content. Note that plugins are exempt, however. I wonder if frames are sandboxed,because if they are this is going to break a great deal of pages, just like AIR does.
Google Gears comes standard. Well, it’s no surprise. But it certainly makes me wonder if I want to change the browser requirements for the professional applications I am working on. After all, it’s been proven that Gears can really help desktop-like applications scale more easily.
OK, that’s what I have for now.
Oh, just a last, non-technical comment: I hope that regular users do not read this page and take its content literally. It makes it look like scammers “send users to a nearly exact copy of their bank’s website” and shows a somewhat different URL. People need to be made aware that they could actually be sent to the VERY SAME link as their bank’s and still fall prey to a scammer, since it is possible to fake that link’s destination through DNS poisoning.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Similar Posts:
- Ext Licensing: Oh, what a mess.
- jQuery UI now professionally maintained!
- Air GenPass: Air is easier than you think!
- Twitterified…at last!
- My dilemma: rewrite and lose features or keep building on old framework?
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
I get an error that my java script is turned off please turn it on!!
i tried searching for the setting for that but there is no such option in the settings panel
please help 
Good point; DNS poisoning’s impact was underestimated for years but recently the big players got more serious about it.
Basically, with DNS poisoning, you may point your browser to ‘paypal.com’ to find that you’re not really on the real ‘paypal.com’ - that’s because your computer was led to believe that paypal now lives in a back alley somewhere in Russia rather than its actual location.
This article: http://www.pcworld.com/article/140465/dns_attack_could_signal_phishing_20.html# describes a method where the attack happens on your own PC. Problem is, this too is misleading: DNS poisoning does not need to access your PC. Compromising your service provider’s DNS is a move that will pay much faster for the scammer.
A good protection — as long as they keep their servers secure — is to use the services of http://opendns.com/
Instead of using DN servers automatically pushed to your internet configuration by your service provider, explicitely tell your computer to use the DNS of the opendns people. Their knowledge base makes the conversion fairly painless.
I would like more details about DNS poisoning. There are a lot of people who do online banking and I think its reckless for us not to be warned about the possibility of DNS poisoning.
November 15, 2008 @ 3:35 pm
vikas, you mean when using chrome?