Browser Buddy writes "A new Symantec study on browser vulnerabilities covering the first half of 2006 has some surprising conclusions. It turns out that Firefox leads the pack with 47 vulnerabilities, compared to 38 for Internet Explorer. From Ars Technica's coverage: 'In addition to leading the pack in sheer number of vulnerabilities, Firefox also showed the greatest increase in number, as the popular open-source browser had only logged 17 during the previous reporting period. IE saw an increase of just over 50 percent, from 25; Safari doubled its previous six; and Opera was the only one of the four browsers monitored that actually saw a decrease in vulnerabilities, from nine to seven.' Firefox still leads the pack when it comes to patching though, with only a one-day window of vulnerability."

Game|Life had the chance to sit down with Ken Kutaragi, Phil Harrison, and Kaz Hirai; Chris Kohler has some details on things left unsaid at the PS3 conference. From the article: "Q: You're the head of Sony's worldwide development studios. What the hell is up with that Africa game? A: Video games have a function in life, and that is: wish fulfillment. You can become a mercenary, a fighter pilot. On PS3, we can expand the realm of that experience. Africa allows you to experience a very interesting part of the world, a safari in the plains of Africa. The gameplay is entirely non-violent. You don't kill the animals. It emphasizes the positives rather than the negatives. It's about collecting experiences and keeping them for posterity."

Michael J. Ross writes "Ever since Cascading Style Sheets (CSS) first appeared on the Web scene in the late 1990s, a plethora of books have been written and published that purport to explain how CSS works, and how to make it work for you. So why would any publisher decide that what the technical world needs is yet another CSS book? Perhaps because they have taken a close look at the bulk of those available titles, and found them to be wanting — filled with overly theoretical explanations and sample code that is far too focused on some pet domain of the author. Such books may be adequate for the veteran Web developer, who has the time and inclination to separate the wheat from the chaff. But developers new to CSS need much more approachable material, with clear examples. Perhaps that is the thinking behind CSS: The Missing Manual." Read the rest of Michael's review.

Michael J. Ross writes "Given the current popularity of the Web development language PHP, it makes sense that newcomers to the language have a large number of introductory and reference volumes from which to choose. But for the more advanced PHP programmer, there are far fewer titles that explain how to make the most of the language, by applying it to solve relatively substantial problems. One such book is PHP Hacks: Tips & Tools for Creating Dynamic Websites, by Jack D. Herrington. Read the rest of Michael's review.

Aeonite writes "The Information Revolution subtitled, The Not-For-Dummies Guide to the History, Technology and Use of the World Wide Web, is the second in a trilogy by J.R. Okin. The first book, The Internet Revolution, covering the Internet in general and the third, The Technology Revolution being a guide to The Impact, Perils and Promise of the Internet. I have not read either of those two books, but I believe that each can be read independently, and this review should be viewed in that light." Read the rest of Aeonite's review.

You submitted questions for Håkon Wium Lie on June 20. Today we have his answers, not only to the (+5 moderated) questions we sent him, but to a bunch of others he thought would also be interesting to answer.

DA-MAN asks: "Browsers ship with a ton of different certificate authorities that provide 'trust' for secure sites that we visit. With all of these certificate authorities comes a certificate revocation list, which is to flag bad certs. Firefox, IE and Safari do not have an automated way to pull updated lists from all of the different certificate authorities, so one must download each CRL manually and import them into the browser. It occurred to me the other day that the only time I've ever seen this feature in use was when Microsoft inserted the CRL for a certificate that was mistakenly issued by Verisign with the "Microsoft Corporation" name. All that said, I was just wondering if anyone cares about this? Do you actually import updated CRL's into your browser? Why can't the CRL be signed by the Cert Authority and automatically imported?" What other browsers support automatic CRL updates?

segphault writes "Nokia has released the source code of it's S60 WebKit browser for mobile devices. Based on the HTML rendering components used in Konqueror and Safari, the S60 WebKit has a multitude of advanced features designed specifically for web navigation on devices with small screens. Nokia decided to release the source code under the permissive BSD license in order to promote adoption by other mobile device companies. From the article: 'the power and scalability of WebKit-based browsers and the highly permissive license under which the S60 WebKit source code is available make it a good choice for companies that want to add mobile web browsing to their devices. I think it will be particularly interesting to see how this affects Opera, whose revenue primarily comes from distribution of its own virtually ubiquitous embedded browser.'"

SimHacker writes to share an article he wrote recently that tries to answer the question; What is OpenLaszlo, and What is it Good For? From the article: "OpenLaszlo is an open source platform for developing user friendly web based applications, which work identically across all popular browsers and platforms (Windows, Mac, Linux, IE, Firefox, Safari, etc). It's ideal for presenting and editing raw XML data generated by PHP and other web services."

eldavojohn wonders: " Do W3C standards hold any importance to anyone and if so, why? When you finish a website, do you run it to the validator to laugh and take bets, or do you e-mail the results to the office intern and tell him/her to get to work? Since Opera 9 is the only browser to pass the ACID2 test, is strict compliance really necessary?" We all know that standards are important, but there has always been a distance between what is put forth by the W3C and what we get from our browsers. Microsoft has yet to release a browser that comes close to supporting standards (and it remains to be seen if IE7 will change this). Mozilla, although supportive, is still a ways from ACID2 compliance. Web developers are therefore faced with a difficult decision: do they develop their content to the standards, or to the browsers that will render it? As web developers (or the manager of web developers), what decisions did you made on your projects?

entenman writes "Apple Computer's security update train rumbled into the station with fixes for a whopping 43 Mac OS X and QuickTime vulnerabilities. The Security Update patches 31 flaws in the Mac OS X, most of them serious enough to cause 'arbitrary code execution attacks.'" Unfortunately, InfoWorldMike writes "InfoWorld.com reports that Independent researcher Tom Ferris said there were still holes in Safari, QuickTime, and iTunes that he reported to Apple but were not patched in the latest release on Thursday. Ferris told InfoWorld he is considering releasing the details of the unpatched holes on May 14 on his Web site. He also says he has found new holes in OS X affecting TIFF format files and BOMArchiver, an application used to compress files. He did not provide details about the flaws or proof of their existence."

A few months back we went and redesigned Slashdot with fancy new CSS templates. The idea was that with a new clean CSS framework under the skin, we could more easily redesign the look & feel of the site. At that time I mentioned that we wanted to have a contest to redesign Slashdot. Well that time has come. Read on for the rules, instructions, and timeline. Oh, and did I mention that the top prize is a new laptop?

Rytis writes "Opera has just become the second browser after Safari to be able to pass completely the famous ACID2 test. Mark Wilton-Jones is running a little article on the history of the Opera and ACID tests. Of course, it includes a screenshot of Opera 9 showing the nice happy face saying "Hello world!"."

Carl Bialik from WSJ writes "Macs have been laregly immune to the viruses, worms and malware that have plagued PCs, but the Mac's recent popularity uptick has meant that 'bad guys appear to be casing the joint,' the Wall Street Journal reports. Among the signs: two recently discovered worms and the discovery of a vulnerability in Mac OS X that leaves Safari open to a hack. A Symantec engineer predicts a 'gradual erosion' of the idea that Macs are a safer operating system than Windows. 'Some security experts believe hackers are becoming more interested in writing nasty code for Macs precisely because of reports of its relative immunity to security woes,' the WSJ reports. 'Apple itself has gone out of its way not to promote the Mac's relative safety, lest it tempt hackers to prove the company wrong. Apple declined to discuss the topic of security in depth for this article.'"

An anonymous reader writes "Macworld is reporting about a new security hole in Mac OS X that can be exploited to compromise a system if the user simply visits a web site with Safari. Currently, no vendor patch is available. Secunia has a demonstration of the vulnerability and suggestions for temporary workarounds."

Michael J. Ross writes "Given the remarkable popularity of PHP for developing dynamic Web sites, as well as the ever-increasing need for security on those same sites, one would think that there would be great demand for — and comparable supply of — books that explain how to create secure sites using PHP. However, such is not the case, and even the most extensive general purpose PHP books may only devote a single chapter to this critical topic, if that much. Essential PHP Security, written by PHP expert Chris Shiflett, aims to fill the gap." Read the rest of Michael's review.

soundofthemoon writes "Just nine months ago, Apple started the WebKit Open Source Project. In that time, contributors have added some significant improvements to WebKit (and thus Apple's Safari browser). Today Apple gave their open source contributors a big thank-you, including rewarding the top contributors with some nifty goodies: 'As a thank you, we are giving MacBook Pro computers to twelve of our top contributors. We've also invited five of them to attend Apple's Worldwide Developer's Conference 2006 on Apple's dime.' Looks like donating your time isn't a thankless job anymore."

You posted a lot of great questions for Mike Nash last week, and he put a lot of time into answering them. As promised, his answers were not laundered by PR people, which is all too common with "executive" interviews with people from any company. Still, he boosts Microsoft, as you'd expect, since he's a VP there. And obviously, going along with that, he says he likes Microsoft products better than he likes competing ones. But this is still a great look into the way Microsoft views security problems with their products, and what the company is trying to do about them.

For years now Slashdot has posted what we call "Sectional Content". That is to say, stories that we think are good, but since we try to keep the Slashdot Main Page to around 15 stories per day, some stuff just gets put into the sections. This content is mostly lost to readers who simply don't know it exists. Today we're deploying new code to help you find that content (and alternatively, to disable it).

Back in 2005 (last week) we sent Opera Software CEO Jon von Tetzchner twelve of your questions. This year (this week), we have his answers. Enjoy!