Attention Ruby on Rails fans, 37 Signals — the folks who created Ruby on Rails — have put together a new, configuration-free, version of Rack for OS X, the Ruby web server interface. Pow, as the new tool is know, allows you to install and run Ruby apps on your local machine without fiddling with Apache config files or setting up virtual hosts. It just works.
Pow is a Node.js app written in CoffeeScript. It includes an HTTP and a DNS server and runs Rack apps through the Nack library. For some more background on Pow, check out this screencast, which covers the internal workings of Pow, along with some of the motivation behind it.
Some commenters on Hacker News have expressed concern that Pow’s installation process consists of running a shell script from a remote server — simple and fast to be sure, but potentially vulnerable. If that bothers you than Pow is not for you.
Otherwise, head on over to the Pow site, fire up your terminal and you’ll have your Ruby on Rails app up and running in no time. The source code is available through Github.
Firefox fans, your tabs are headed for the top of the browser. Opera started it, Safari flirted with it, Chrome brought it to the masses and now Mozilla is falling in line as well — Firefox 4 will feature the tabs above the URL bar by default.
Before you panic, bear in mind that the location of tabs will still be a preference. No one is forcing you to use the new tabs on top look, but that will be the look for new installations of Firefox.
Frankly, after watching Faaborg’s video, which outlines the four main reasons that led to Mozilla’s decision to switch, we’re hard pressed to offer a counter argument. As Faaborg says in the video, the change is less about a trend and more about the evolution of the web as a platform.
Here are Mozilla’s reasons for moving tabs above the URL bar:
Conceptual model — The URL bar contains state information about the tab, therefore it makes more sense to place the URL bar within the tab. Visually, having the tab above the bar makes the URL bar part of the tab.
App tabs — App tabs are smaller, semi-permanent tabs designed to hold web applications you want to keep open all the time — Gmail, Facebook, Pandora, etc. App tabs are coming in Firefox 4. Because app tabs don’t really need a URL, having tabs on top makes it easier to display the app tab without a URL bar.
Notification — Firefox 4 will have a new panel-based notification system. Small overlay windows drop down from the URL bar giving you an easy way to log in to sites or authorize geolocation requests. Tabs below the URL bar will be hidden by these overlays, making it impossible to see or interact with other tabs at the same time.
While Faaborg doesn’t mention it and the mockups he uses don’t take advantage of it, tabs on top also use less screen real estate — at least if they’re designed like those in Google Chrome. Because Chrome’s tabs are nearly flush with the top of the application window, there’s a bit of extra room on the screen. It’s not a huge amount of space, but it really can make a difference on small netbook screens.
Still not convinced? Well, you’ll always have the option to revert to the old, tabs-below-the-URL-bar look, but check out the video below to see if Faaborg doesn’t convince you that tabs on top are the way to go.
Keep in mind that everything Faaborg shows in the video is still in the mockup stage and will no doubt change a bit before it works its way into Firefox 4.
Google has updated its Chrome web browser to version 5.0, and, perhaps more importantly, given the ready-for-prime-time blessing to the Mac and Linux versions of Chrome. Previously versions of Chrome for Mac and Linux were limited to beta and developer builds.
To update to Chrome 5, head over to the Google download page and grab a copy for Windows, Mac or Linux.
If you’ve been using the Chrome beta or developer builds there isn’t anything new to see in the official version, but the bugs should be gone and Chrome 5 is now ready the same across all platforms.
In a post on the official Google blog the Chrome team reports that “the Mac and Linux versions [have] caught up with the Windows version.”
One feature you won’t find in this release is the integrated Flash plugin that Google is working on. By adding Flash to Chrome Google plans to make it easier to keep users up-to-date with Flash patches, but so far that feature hasn’t made it to the official versions yet.
On the Mac side Chrome now sports a more polished UI and has a few tricks you won’t find in Apple’s Safari (Mac’s default WebKit-based browser) such as a full-screen mode, integrated bookmark syncing, and of course support for extensions.
We should also note that Mac beta users will be automatically updated to the stable version, so if you want to stick with the beta channel you’ll need to download it again after you’ve updated to stable.
Traditional phishing attacks are reasonably easy to avoid, just don’t click links in suspicious e-mails (or, for the really paranoid, any e-mail). But Firefox Creative Lead Aza Raskin has found a far more devious way to launch an attack — by hijacking your unattended browser tabs.
The attack works by first detecting that the tab the page is in does not have focus. Then the attacking script can change the tab favicon and title before loading a new site, say a fake version of Gmail, in the background.
Even scarier, the attack can parse through your history to find sites you actually visit and impersonate them.
For example, using Raskin’s method an attacker can hijack your page, detect that you frequently login to Citibank’s website and impersonate that site, complete with a message about automatically ending your session and asking you to login again.
Because most of us trust our tabs to remain on the page we left them on, this is a particularly difficult attack to detect. As Raskin writes, “as the user scans their many open tabs, the favicon and title act as a strong visual cue — memory is mailable and moldable and the user will most likely simply think they left [the] tab open.”
The only clue that you’re being tricked is that the URL will be wrong.
Raskin has set up a demonstration on his blog post. Visit the page, switch to another tab and then notice that Raskin’s site will reload to look like the Gmail interface (Raskin uses an image for the demo, obviously easy to detect, but a real attack would offer a login page just like Gmail).
In my testing the attack worked in Firefox 3.6, 3.7a, Opera 10 and Safari 4. It did not work in Google Chrome on OS X when the tab was in the background, though it did work when I switched from Chrome to another application. Also, some browsers don’t change the favicon, though it’s possible that they could with a little tinkering to Raskin’s script.
So how do you stop this attack? Well, Raskin points out that Firefox’s coming Account Manager — which delegates tasks like logging in to the browser — is one possible fix, since it always looks at the URL, even if you don’t. Similar tools like 1Password would also work, provided you use them every time you login to a website.
The other fix is on the developer side, just make sure your site doesn’t load any remote scripts. Even if you trust the site your script is loading from, it’s possible that site could be compromised.
In the mean time, up your paranoia level and start paying attention to the URL bar.
While the Opera web browser may not have the largest market share, it is the source off many browser innovations. Tabbed browsing got its start in Opera, and the browser was one of the first to broadly support emerging standards like HTML5 and CSS 3.
The new Mac version features a revamped interface that makes Opera look and feel almost like something Apple would have created. In fact, aside from Apple’s Safari, Opera 10.52 is the most Mac-like of the web browsers available on OS X.
The changes — which include using the Cocoa and Core Text frameworks — also offer some performance improvements. Opera 10.5 was already one of the fastest browsers available and the new update continues to best both Firefox 3.6 and Google Chrome in our informal page load tests.
This update is also notable for supporting the multi-touch trackpad gestures available in Apple’s more recent laptops. In Opera 10.52 you can use gestures like pinch to zoom and three finger swipes to navigate back and forth in your browser history (both Safari and Firefox support the same gestures).
Opera 10.52 for Mac features a number of smaller enhancements that make day-to-day browsing a bit nicer. The URL bar’s search capabilities have been improved and you can now search your bookmarks and history page as you type — much like the Firefox “awesome bar,” and Opera’s page dialogs and alerts are now considerably less intrusive.
While Opera 10.52 is relatively minor update, it’s worth the upgrade for Mac fans — particularly those looking for a more “Mac-like” experience. To get Opera 10.52, head over to the Opera downloads page.