Another Microsoft horror story, the Huntington Indiana public library

I’ve been meaning to mention this for a while but just never did until now.

If you want a prime example of how reliance on Microsoft software damages the community and betrays the public interest, look no further than the Huntington, Indiana public library.

To say nothing about the potentially tens of thousands dollars their reliance on Microsoft software has cost taxpayers in Huntington County directly, their reliance on it also conflicts with the budgeting they’re allocated to the point where they paradoxically  almost never upgrade anything because it will cost money.

Case in point: Their website. If you look at the source, you’ll see meta name=”GENERATOR” content=”Microsoft FrontPage 4.0″.

When was Microsoft Frontpage 4.0 out?

2000. Now I’m no mathematician, but 2009 minus 2000 means that their web page generator is 9 years old and still targeting Microsoft Internet Explorer 4 (which was still in wide use back then).

Why bother having real bona fide web standards if public institutions entrusted with public money squander and abuse their budget?

Now, judging from the image on the top right of the page which is a 1.3 Megabyte JPEG at a resolution of 2204 x 1364 pixels which someone tried laughably to turn into a thumbnail, when any semi-competent Windows user would know that even paint.exe can resize an image, I am kind of left to deduce that some fucking idiot without even the slightest skillset produced these pages.

With their caveman wit, they chose 10 year old standards-violating Microsoft products and couldn’t even figure out how to resize an image with some bundled freeware.

People like this are a disease.

The IT department

Moving on… Someone thought audio books in DRM’d WMA would be a good idea:

This means that if you’re not using Windows XP or Windows Vista, you can’t check out an audio book, so suddenly the library isn’t just abusing your tax money, they’re practically ripping money straight out of your wallet. I’d liken the Huntington Library using DRM’d WMA to a daylight theft by a pick pocket that the police wouldn’t do anything about.

That means that since I have Kubuntu Linux on my main system right now, that I can’t just load the audio file into my media player and hit play because it won’t work. It also won’t play for Mac users.

The library could use Speex, which is a codec in the public domain with no royalties and broad cross platform support, but the Imaginary Property pushers at the book publishing companies wouldn’t go for that. Who made the law that says that knowledge has to be bottled up to protect the profits of a few corporations, at the expense of the entire public?

Federal lawmakers who have been bought by lobbyists and other special interest groups of course. This one isn’t to be squarely blamed on the incompetence of the Huntington Public Library, but also on state and federal lawmakers betraying their duty to the American people.

And lastly, the internet computers at the Huntington Public Library all run Windows XP:

This falls back under the categories of incompetence of staff and the misappropriation of public tax money.

Not only that, but Windows is so susceptible to viruses and worms and spyware that would never affect any operating system where security was one of the design concepts from day one, that the Huntington Public Library has locked all of them down in the mistaken belief that this will protect them.

They’ve locked the systems down so tightly that you can’t even use sites that have been designed with Flash or use thumb drives you brought from home. Whoever did the locking down also missed one giant problem, they all use Internet Explorer 6. The least secure web browser ever.

What is the alternative?

The library in Marion, Indiana, just 15 miles or so south of me, uses Linux. Not only do they use Linux, they use a distribution based on the free Fedora Linux called Userful Discoverstation which uses terminal multiplexing. This allows one tower to power 10 workstations with their own monitors, keyboards, and mice. This is not only much better for the environment than having 10 boxes running their own copy of the OS, it saves on the electric bill, and they don’t have to buy licenses from Microsoft. (You could set up a free Linux distro to get the same effect, Userful just makes it easier).

Userful creates an account that is deleted when the user logs out, and times the session to last however long the library allows. So instead of the librarian having to get up and tell someone who is hogging the computer that their time was up 30 minutes ago and others are waiting, the system gives them a warning 10 minutes before they’re logged out to get their shit together and get lost. (In more diplomatic terms obviously).

The systems are secure with the normal permissions of a Linux user account plus the standard SELinux targeted policy inherited by Fedora which helps keep malicious remote attackers out. Since there are very few security concerns on Linux and because the user is literally incapable of any lasting damage to the system, you can do anything on one of these boxes that you could do as a user on your PC at home. (except for clearly Administrative tasks). Where the Huntington library Windows XP systems are useless, I was using the Linux system at the Marion library to log into Pidgin instant messenger, browse with Firefox, plug in a thumbdrive with documents saved on it from home, and EVERYONE is allowed to do this because the system is in no danger.

So I guess the thing to take from this if you’re the Huntington Library or are in a position of trust to use taxpayer money in a non-frivolous manner and to not discriminate against users with disabilities or with non-Windows systems (or browsers other than IE), is that you should never use Microsoft products in this setting.

They are wholly inappropriate with no merit whatsoever in this use case.

I emailed the Huntington library with my concerns about six months ago and they never bothered to reply.

Mozilla Firefox attacked by a spyware extension

According to Trend Micro, there is now a spyware extension in the wild for Firefox.

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers…Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware ]targeting] the most popular alternative Internet browser—Firefox.

Infected Firefox users will see this:

Pretty convincing huh? The spyware extension tries to sucker in unsuspecting users by posing as an Adobe Flash update.

I’ve made the case for quite some time that this could happen because there is no real security model for Firefox extensions and that they have the same rights as the logged in user.

This is also a good example of cross platform malicious software. Since Firefox extensions can work on any platform Firefox supports, this spyware also affects Linux, Mac OS X, the BSDs, and every other OS where the user is running Firefox.

Remember, if you use Firefox, that there is only one place to get extensions. https://addons.mozilla.org DO NOT INSTALL EXTENSIONS FROM ANYWHERE ELSE!

Anyhow, this is exploiting the user through a social engineering attempt rather than a browser exploit. Remember when the only warning Internet Explorer 6 gave about an ActiveX control may very well have been “Click here to install ‘install this plugin to watch all the porn on this website!!!’”, Firefox is not even that safe, because the malware vendors had to spend $200 to get Verisign to sign their ActiveX control, it doesn’t cost them anything to make or distribute a Firefox extension. And Internet Explorer now makes you click through the information bar warning, then the installer prompt, THEN it sandboxes the plugin (if you’re on Vista or Windows 7) so that it has no access to anything outside of the browser.

Firefox doesn’t even have this minimal protection from malicious extensions, any extension you install has write access you your User folder (Vista, 7, Linux. OS X, FreeBSD) or your entire system (Windows XP), and possibly your entire system on systems other than XP if it can figure out how to elevate itself.

Weak sudo password that can easily be brute forced, piggybacking onto a Microsoft system component in Windows 7 that’s allowed to silently elevate, relying on user ignorance when clicking on the UAC prompt to “Accept”, etc. I wouldn’t even be surprised if the malicious extension site asked the user to click the UAC Accept button.

So far, even with the myriad of remotely exploitable Firefox vulnerabilities, none have really been a runaway success due to the rapid patch turnaround time of Mozilla and the automatic update function. The problem is that there is no patch for an ignorant/stupid user.

So even though *you* know to look out for malicious Firefox extensions, you might be on a shared computer where your kids will be able to install malware through Firefox, so what do you do?

First, consider switching to a more secure browser:

I can almost hear you sarcastically quip “Now where have I heard THIS before?”, but the truth is that there are browsers that are reasonably safe because the vendor did not foolishly allow extensions running as full programs. Nothing as complex as a web browser will ever be bulletproof, nothing that has to run advanced scripting languages and support file transfer operations that were designed years ago can be. Indeed nothing with hundreds of thousands of lines of source code (or tens of millions in an operating system) can ever be fully debugged. I never say “Program X is fully secure” I can only say, truthfully, that “Program X is probably more secure than Program Y”.

I recommend Opera 10, I wrote about just why yesterday. It will be released tomorrow, September 1st. The RC is still available at www.opera.com/next if you want to install it today and use the built in updater tomorrow. Opera Widgets are limited as to what they can do for exactly this reason. Mozilla has rolled out a red carpet with their extension system and it looks like now that Firefox has users, the spyware writers have decided to come to the party. Firefox extensions are almost exactly like the bad old days where Microsoft just threw ActiveX into Internet Explorer with the stated purpose of extending the browser, without a reasonable security model. Just like these ActiveX plugins in IE 4/5/6, Firefox plugins and extensions are full programs that can do anything they want, not only manipulating the browser, but limited only by what the Firefox process is allowed to do to the system.

Second, consider a disposable user account:

Ubuntu as of 9.04 has a Guest User account, consider making other users of the computer who may install malicious software use this account. All the changes they make to that account, including the Firefox profile, are deleted every time they log out. If this is too frustrating, then give them their own account but do not give them access to sudo. No sudo means that the damage and malicious software in their account cannot affect other users of the computer or any system files.

Windows has various options for accomplishing the same thing, Windows XP and Vista users can use SteadyState, Windows 7 users can set up an account and configure it to use Guest Mode when the desired state is set up. (Not to be confused with a Guest Account) While in SteadyState or Guest Mode, an account cannot harm the system or other user accounts and all files and settings are deleted when the user logs out. An account can be turned back into a normal account by turning SteadyState or Guest Mode off. Again, if this is too much hassle, at least make them an account that is a “User Account” *NOT* “Administrator”, and damage and malicious software in their account shouldn’t affect other users or the system. It also stops them from installing software globally. (That is, they can only install software that resides in their User folder and doesn’t require access to the system.)

Perhaps the troubles with Apple software and “Free Software” are an “inconvenient truth” that some people will stop at nothing to cover up, but this false sense of security that these deniers provide you with is just as dangerous as Apple proclaiming that Macs are immune from viruses while they silently added a malicious software scanner into Snow Leopard.

Perhaps they could call the scanner “SnowJob”, or is that SnowJobs? *smirk*

How do you know when Paul Thurrott is lying?

His lips are moving.

Seriously, if Microsoft was the Republican Party, Paul Thurrott would be Fox News Channel.

Some people are constitutionally incapable of shutting the fuck up no matter how many times and how thoroughly they’re proven wrong, some people incessantly insist that they were taken out of context when they’re called out, and some people are just pathological liars that deliberately construct every sentence to be as misleading as possible. Paul Thurrott, in my opinion, is three for three.

On top of that, he has this odd mix of gung ho patsy and outright stupid that sometimes makes it difficult to tell when he’s lying and when he really has no idea what he’s saying.

This guy has bothered me for years with his total and utter disregard for journalistic quality, instead often opting to resort to hearsay, weasel words, the statistics that most favor his opinion, and anything that makes Apple and Linux look tiny or irrelevant.

Just a few of the lies and contradictions he’s been unable to escape (in order of how they amuse me):

(Windows Me in Thurrottland) “It is, quite possibly, the most under-hyped version of Windows ever created…It’s easy to ridicule Microsoft for milking the Windows 9x cash cow yet again. But the reality is that this release is exceptional.”

(2007 in Thurrottland) Tries bashing Firefox 2 and gets called out by Asa Dotzler

(2008 in reality) Gives up and writes a positive review of Firefox 3 but insists his abortive attack from the year before was “misconstrued”, goes on to list a few trivial gimmicky features IE 8 has that Firefox doesn’t. (Thurrott, you don’t want to go into feature comparisons between IE and Firefox, it can’t end well for IE)

(2004 in Thurrotland) Like zOMG!!!!1111 MSN Music is gonna be HUGE!

(2006 in reality) MSN Music is shutting down and your licensed files are toast if anything happens to Windows. (Such as upgrading XP to Vista or a slightly less devastating catastrophe like a hard disk crash.)

(2002 in Thurrottland) Like zOMG!!!!1111 Windows Media Audio is the second coming!

(2007 in reality) Finally forced to eat crow and admit that WMA is dead, and everybody uses MP3.

BONUS:

“AAC doesn’t play nice with products made by Microsoft and its partners. AAC isn’t compatible with Windows Media Player or Media Center” -Thurrott, October 2007

“Put simply, I am a fan of the Zune…The online marketplace is good, but not as good as iTunes Store, though that matters less with music because MP3/AAC is universally compatible.” -Thurrott, July 2009 (Note that Zune supported AAC in 2007 when he made the first post)

And just for an added face palm:

“..there are audiophiles and technology trolls out there who might recommend [lossless formats]…Don’t be confused by the term “lossless,” however: These formats are still compressed…This is a foolhardy idea, unless you will never use a portable media device or enjoy the thought of storing and managing two copies of your music collection, one in lossless and one in another format that’s been transcoded from the lossless masters.” – Thurrott, October 2007

I don’t suppose he bothered to mention that you can decompress lossless files back into WAV or onto another CD and the CRC checksums will even match the original disc! Or perhaps that both Windows Media Player and iTunes can transcode from your lossless library on the fly and put the resulting lossy files on your device? This isn’t new folks, they’ve both been able to do this since at least 2003-2004.

(2009) Admits the Zune is going nowhere but tries to play it off by comparing it to a Macintosh computer’s supposedly miniscule market share.

In a survey conducted last fall, IDC’s Kevorkian said only 4.8% of those with a portable media player reported having a Zune, while 61% had some sort of iPod.

So, in late 2008, the Zune actually had 50 percent more usage share in the MP3 player market than the Mac did in the worldwide PC market. (Hey, math can be fun.)

Of course it is, especially when it’s wrong/fake/conjured up with the rest of his delusions.

While we’re comparing apples and bowling balls, Mac rounded out the fourth quarter of 2008 with 8.87% of the desktop computer market (nearly double the market share of the Zune in the MP3 player market), and the Mac has gone on to 9.81% as of May of 2009. *source*

Mac and Linux have driven Windows down to an 87.75% market share, which is still a commanding lead, but in 2004 they had 96.34% *source*. While Windows isn’t dying off as fast as Microsoft’s other products (Read: Dropping like a brick), it *is* shrinking, and it should worry any investor when a company cannot at least break even year-over-year.

Mr. Thurrott, since IDG has Kevorkian on hand, can they possibly put the Zune under? It can be so quick and painless… No reason to punish the people that unwittingly put Microsoft in their 401(k) for another 2 years.

This of course brings me to today’s Paul Thurrott crap.

Thurrott slanders anything that competes with Microsoft, but seems to go out of his way to bash Apple. Now Opera is on his vendetta list since they won freedom of choice for European consumers to decide what browser they want with Windows 7.

The fact that he is bashing the browser with the most strict adherence to World Wide Web Consortium markup standards should not be overlooked, because Thurrott has a history of bashing industry standards like AAC while promoting Microsoft’s dead end (WMA).

His tirade is, essentially   “Well, uhhhm, Internet Explorer has 66% of the browser market, so it should call all the shots”. (It had 92% at the end of 2004 *source* )

Now, Mr. Thurrott has been gay for Internet Explorer for a long long time, and has stood faithfully by it despite several hundred security flaws, the fact that its rendering engine is prehistoric and buggy, and that you can’t extend it with anything but toolbars (oh do we know about IE toolbars…). (Although I have my doubts about whether or not even Thurrott could stomach any version of IE for longer than it takes to glaze over some Microsoft PR notes and grab a few screen shots)

To be dramatic, Paul Thurrott kind of reminds me of that episode of South Park “AhhhH!!! My baby is killing again! Don’t worry, mommy will protect you! I have such a good boy, such a nice boy…”, but there’s only so many bodies you can hide in the backyard and IE is a fuck up that people witness first hand from day one, so there’s really no point in even trying to defend it.

Apparently Thurrott has his panties in a twist this time because he can’t stand that the European Union, unlike the United States, actually has and enforces consumer protection laws. (And it will be interesting to see how the eradication of IE bundling in the Euro Zone affects the spread of spyware over there…)

Thurrott argues, plainly, that users should not be presented with a choice of what browser to use, that IE should remain welded onto Windows, inseparable and popping up even when you thought you hid the fucking thing, and that naive users should continue using what’s there and getting their system deluged with porn dialers, trojans, search page hijackings, and every kind of web annoyance and active content abuse that Adblock Plus for Firefox (or an ad blocking file loaded into Opera’s content blocker) can silence once and for all.

Paul Thurrott remains as pro-Microsoft and anti-user as ever. One could only assume that his yellow journalism is the kind that only Microsoft Monopoly Money could afford.

Dress up Firefox and integrate it into Windows

It’s been a little while since I wrote about computer software, but I’ve noticed a few good add-ons for Firefox that make it blend into Windows a lot better.

As you may or may not know, Windows 7 lets you “remove” Internet Explorer, it leaves the rendering core so it doesn’t break any apps that need that, but it removes the browser front end so that nothing can start IE even if it tries.

This is sure to be a welcome relief to disgruntled Vista users that tried every way to make IE go away, and yet it kept cropping back up, started by asinine programs that were hardwired to invoke only it, and attempting to take over your system again.

In Vista, no matter how hard you tried to make IE disappear, the scourge of the Windows platform uninvited guest kept coming back, but now it’s as simple as going to Uninstall Programs, Turn off Windows Features, unchecking Internet Explorer 8, and rebooting twice. (Make sure you have another browser first), and if you ever want it back, Windows can re-install it for you just as easily.

Now if you’re like me, you generally like Firefox, but you think the Strata theme is butt ugly and wonder why it can’t just look like a normal Windows application. You also like a few things that IE 8 does, like color coded tab grouping and domain highlighting. Firefox just feels wrong and unnatural.

To make Firefox work and look like a normal Windows program, you need two add-ons:

Glasser: https://addons.mozilla.org/en-US/firefox/addon/7336

Vista Aero: https://addons.mozilla.org/en-US/firefox/addon/4988

You’ll also need to disable the extension compatibility checker in the browser and create an account on the Mozilla add on site so you can disable the Firefox version check there too. (Glasser complains otherwise and won’t install into Firefox 3.5, but works fine if you ignore the compatibility check.)

If you prefer Bing Search instead of Google, the Microsoft people have a Bing add on for Firefox.

(Of course I also use Adblock Plus, worth mentioning.)

When you’re done, Firefox’s interface will be much like Internet Explorer 8, complete with a lot of its features, minus the slowness, security problems, and other crap that plagues Internet Explorer.

Click for Screenshot

There is no Internet Explorer. There Is Only XUL ;)

Microsoft pays yes men to spread more FUD about Firefox, Chrome, and Opera

Since Microsoft cannot promote IE on it’s own merits:

They have apparently paid for another biased opinion from a bunch of spin doctoring suck ups, to try and do damage control on Internet Explorer 8, the slowest and most brain damaged browser on Windows in a fair benchmark conducted by myself, comparing IE 8’s (lack of) performance compared to its competitors.

(Note: Firefox 2 and 1 have been unsupported for a while, I just threw them in as a baseline, I later ran IE 7 through and got a score of 435, the same performance of Firefox 1 from early 2004)

There are simply no lies that can cover up Internet Explorer’s inherent insecurity, its bad performance, and Microsoft’s outright contempt for established web standards.

This review from Jingo Associates Janco Associates is poorly written and trips over itself several times.

“So far user acceptance of Vista has been slowed by the lack if user acceptance for the new OS.”

Uhhhm, and statistically, the biggest cause of redundancy are redundancies.

“An added kicker is those who move to Vista can more readily have multiple browsers on their systems or switch from one to the other quickly and with little pain.”

What exactly stops me from installing Firefox and Chrome and Opera and picking a default on XP, or Windows 2000 for that matter? If anything Vista makes it harder to keep your defaults as Internet Explorer keeps trying to steal them all back while you’re not looking, and instead of one menu to choose your default (XP), Vista has no less than five.

“The cost of doing that is minimal.”

Yeah, Firefox, Opera, and Chrome are all free, Internet Explorer is built into the price of Windows.

(Fact: Microsoft increased the price it charged for Windows 95 to OEMs by $10 after IE was “integrated” See: United States v. Microsoft)

“Google is a challenge for Microsoft to face — so far Microsoft continues to outpace Google and beats both Google Desktop and Google Chrome.”

Internet Explorer can’t beat any other browser currently in support.

As for Windows built-in search, that’s integrated so more people have it, no shit.

Microsoft’s mighty 5% share of the internet search market (down from 9% in 2007) after dumping several years and millions of dollars into it, not even counting the user-bribing search “incentive” programs will surely make Google cower and tremble at the almighty Windows Live Search Hijacker. :) (Yes, they’ve resorted to borderline search hijacking, even of your Firefox and preferences when you install IE 8 or Windows Live Essentials if you slip up and push the wrong button)

“In addition, IE 8 is feature rich and a step ahead of the other browsers.  Both Firefox and Chrome has major defects which limit their usefulness on all sites.  Several of these defects are highlighted in this White Paper.”

Yes, IE’s ActiveX enables drive-by spyware infestations and the lack of an advertising blocker is also a major plus for the chowderheads that want to make the web nigh unusable and install all kinds of malicious software.

I hope Firefox gets cracking on copying these innovations post haste. /sarcasm

The study concludes by offering no explanation or reconciliation of why Internet Explorer has lost 10% of its users in the past year since Microsoft has “stabilized” the situation and its competitors are so “crippled”.

Amusingly, they also admit that only 18% of the operating system market is comprised of Vista users, after having been out for 3 years.

I suppose even the most flagrant lies are covered with a grain of truth, but clearly you are all too stupid to know what you want, now kindly go back to Microsoft, show’s over, nothing to see here, pay no attention to that man behind the curtain.

Don’t forget to tune in for my next review of IE 8 where I compare the browser to a steaming pile of dog shit. (Spoiler Alert: The dog shit wins)

IE 8 fails

Surprise, the fastest browser on Windows is in fact….

Safari 4!?

Yep, I ran every browser I could find through Peacemaker (the same people that make Futuremark/3dMark apparently), and got this.

"It's lonely at the bottom, it's dark and I can hear spyware makers laughing."

Yes, even the unoptimized port of Konqueror had its wicked way with Microsoft’s latest browser. :)

You have to go back to Firefox 2.0 to find a browser that performs worse than IE 8.

But even that doesn’t give you the full picture. IE 8 in 2009 does not support complex graphics through the <canvas> element, whereas Firefox 1.5 released in 2005 supports it quite well, so IE 8 actually skipped that entire part of the test because it’s too crippled to run it. (If you run the test in IE, it will skip that cool spaceship animation because IE is incapable of running it)

It’s obvious why Microsoft continues to blatantly defy web standards that are several years old, in order to push their proprietary Silver Blight crap.

So really Firefox 1.5 is more advanced than IE 8, even though IE 8 is marginally faster, 4 years later.

Now I can almost here you say “So what? Silver Blight runs on Mac and there’s a Silver Blight compatible for Linux”.

Where do you think those are going to go if Silver Blight is ever successful?

You’re better off running anything that is not IE. Internet Explorer 8 has improved nothing and is beaten quite easily by browsers that are 2, 3, or 4 years old.

My message to the IE team is that you should all go commit seppuku for this abomination.

Don't say I never gave you anything.

Anyhow….

Safari 4 is 421% faster than IE 8

Google Chrome 2.0.180 is 376% faster than IE 8

Chrome 1.0 is r 326% faster than IE 8

Safari 3.23 is 273% faster than IE 8

Opera 10’s May 13 weekly build is 247% faster than IE 8

Firefox 3.5 Beta 4 is 224% faster than IE 8

Opera 9.64 is 79% faster than IE 8

Firefox 3.0.10 is 49% faster than IE 8

Konqueror 4.2.3’s Windows port is even 17% faster than IE 8 (And that’s written with Unix-like operating systems in mind, not Windows)

On a technical level, IE is competing with Firefox 2 for speed and Firefox 1.0 for standards support.

Internet Explorer 8 vs Google Chrome…..The Duel

Also see: http://izanbardprince.wordpress.com/2009/05/15/surprise-the-fastest-browser-on-windows-is-in-fact/

After trying out both of them on Vista Business, I feel comfortable going over them:

If you run Windows, you have Internet Explorer, Internet Explorer is like the herpes of web browsers, a lot of people have to deal with it, most people wish they didn’t have to, life goes on…

Since the dawn of Windows 98 when IE started to sink its tentacles into the OS, creating performance, relability, and security problems, it’s been the first thing I’ve tried to get away from, it was easy enough to remove at first using unofficial Windows customization kits, but soon many incompetent software vendors, and Microsoft themselves started embedding it, thus making it a dependency….at least the local security policy editor can forbid iexplore.exe from running with a local path rule, but I decided to let it out of its cage to use long enough to write this review.

Competition is a good thing, in fact, it’s because of Microsoft’s innovation in letting IE 6 fester and bitrot for 5 years that Firefox took off, and because of Firefox that IE apologists are not still using a browser that hasn’t been improved since 2001.

The entire design of IE 7 and 8 has been almost stolen verbatim, except that they left out adblock plus, IE extensions are still binary and difficult to write or debug, it doesn’t perform well, and you have to reinstall Windows if something manages to corrupt it, other than that it’s all taken from Firefox….

Do you see where I’m going with this? Internet Explorer is the sewer, it’s a benchmark for how to build something that thoroughly sucks. To write a good browser, you start with WWIEND, or What Would Internet Explorer Never Do…

Now Firefox is much much better than IE, and Firefox 3.5 is going to kick ass as far as features go, don’t get me wrong, but it also has a few $20,000 toilet seats that hinder performance.

Horrible COM dependencies, memory leaks, and when one tab dies it can still take out the entire browser… clearly this can be scary if you leave a lot of tabs open and can’t find your way back when the browser is re-opened. Firefox has crash recovery and session restoration which IE still noticibly lacks, but it doesn’t always work, and it’s seemingly becoming less reliable than it used to be.

Enter Google Chrome:

Chrome is Google’s new web browser based on Webkit (used in Safari) which Apple based on KHTML (Konqueror on KDE in Linux/BSD operating systems.

Apple had evaluated Mozilla Gecko before basing Webkit on KHTML but decided against it mainly for the reasons I listed above. Finally Windows users can have a small, efficient, fast, secure, standards compliant browser based on the KHTML engine, with no bloat. (sorry, but Safari has never been all that great on Windows).

I’ve been using Chrome for a few days now and I am seriously impressed, so much so that it’s hard to think of what to mention first. So Performance?

Performance is always popular, and Chrome has plenty of that, especially in the area of JavaScript, javascript delays can cause your browser to freeze and crash, they can cause web applications to be unresponsive, and they can cause page load times to suffer. Chrome has no such hangups because of the excellent V8 Javascript engine which compiles and runs javascripts at the speed of a native binary.

I tested out the latest stable 1.x build, 2.0 beta, and the current weekly build and they all score between 700 ms and 800 ms on the SunSpider test, which makes Chrome the fastest browser for javascript, followed in second by Safari 4 in the 900 ms range, followed by Firefox 3.5 beta 4 at 1100 ms, followed by Firefox 3 at 3700 ms, followed by Opera 10’s latest weekly at 3900 ms, followed by Opera 9.64 at 4800 ms, followed by IE 8 on Vista at 5700 ms, followed by IE 8 on XP at 8800 ms, followed by IE 7 Vista which froze several times then ended up at 14,000 ms, followed by IE 6 on XP  which crashed. :)

“In the land of the blind, the one eyed man is king.” -Person who obviously noticed Firefox taking usage share from Internet Explorer

Now lets go to security…

*Blip* “Your computer is being a retard, to fix it, come fidget with this stupid yellow bar”

Security is something IE has never been good with. The faux appearance of security in IE 7 and 8 make the browser a pain in the ass to use more than they help with anything else.

How many times have you *blip* tried to *blip* download something and *blip* “Did you notice the information bar?”

As I was saying, Microsoft will gladly pester the user while letting all proprietary Microsoft content load and do precisely whatever the hell it wants. Like in this screenshot.

It goes on and on like that. So if I’m trying to use a Flash or Java applet *BLIP* “Sorry, the grand prize was behind door three*, and if I’m using some proprietary Microsoft “active content”, then it automagically loads with no prompt, even if there could be a security problem, which is their excuse for getting in the way of using competing products.

So until someone shows me where they play by their own rules instead of trying to expand their monopoly under the guise of security, I’d have to say that IE 7/8 have largely the same shitty non-security model of IE 6, which I may add, is STILL what XP has if you don’t make a custom remastered disc yourself integrating IE 8 (like mine is configured for), so there are still a fair number of IE 6 users out there that still use it just cause it comes with XP.

(And even if they applied the same rules to their own content, security by endlessly harassing the user is NOT cool)

Shit happens. You patch it and move on. But with IE, you install the patch, then the patch for the patch, then the patch for the patch for the patch…

Does anyone remember how many patches IE 6 got? I know it had to be over 200, and I still wouldn’t trust it. IE 7? A lot. And of course it could get 1,000 and not be safe because nobody but Microsoft knows what’s lurking in there.

Which takes me to my next point:

Chrome is open source. Chromium (the source for Chrome) is even released under a license that’s more free(dom) than Firefox.

With open source projects, code is audited, it is fixed, and when someone says “Oh shit, that’s a bug”, you don’t wait for the second Tuesday of next month to get the patch!

IE users usually don’t even upgrade or install hotfixes til Microsoft prods them in some way, but with Chrome or Firefox the browser updates itself, protecting your grandmother from online porn and casino spyware taking advantage of something that was fixed 8 months ago (known to happen with IE users).

To stability and beyond!

One thing that really stands out in Chrome over Firefox is that tabs run in their own process, this not only has security benefits (if there’s a malicious script that could otherwise somehow affect another tab, it can’t now), but another benefit is stability.

If one tab crashes, all you lose is that tab, and you can click refresh to resurrect it.

I’ve forced a crash here to show what happens.

Now another thing this gives us is reduced memory fragmentation and leaks don’t really matter a lot any more because the process associated with each tab is destroyed completely when you close it.

So unlike Firefox, which leaks memory til you close the browser, tabs in Chrome could only leak memory til you close the tab, then it’s gone, without having to shut down Chrome.

So what about add-ons?

Chrome doesn’t have them yet, they’re planned for a few months from now.

Add-ons are not really a huge deal for me, most of Firefox’s are overrated and leak even more memory. The only thing I care about is blocking ads and privacy-invading garbage.

That can be done in Chrome with Privoxy, just install it and change your Lan proxy in Windows Internet Options control panel to use 127.0.0.1 for http and https.

Privoxy will act as a filter for all that nasty stuff no matter what app you use, it even filters out the ads in Windows Live and Yahoo Messenger.

How about standards support?

IE 7 and 8 have both made token gestures, but for every standard they implement, they implement 10 times as much Microsoft-only garbage like Silver Blight and XPS documents, IE 8 only scores 20/100 on the Acid 3 test.

Chrome 2.0 will score a 100.

But IE will keep trying to manipulate you until you go back to it:

IE 8 is now an “Important” update and will be automatically trojaned in with Windows updates.

I don’t really have a problem with this since IE 7 sucks more, but IE 8 has a setup wizard that launches the first time you load it which:

1. Tries to trick the user into making IE 8 the default browser, Windows Live the default services, and turning on all the shit that phones home to Microsoft to spy on you.

2. If you try to do custom options, IE punishes you with 12 screens of configuration to get Google services back, disable the Microsoft spyware, and not make IE the default browser.

Oh, and upgrading to Windows 7 automatically makes IE steal back all its defaults too.

So no matter what way you cut it, Microsoft will find a way to piss all over your user preferences and trick you into agreeing to let IE phone home with what websites you visit, what you are downloading, and memory dumps when the thing crashes that may contain confidential and sensitive information.

On a side note, I’ve noticed that Internet Explorer 8 will even try to hijack your Google Chrome and Mozilla Firefox preferences, all of a sudden after installing it I was using Live Search in both of them and had to manually delete that.

IE 8 is bad enough on it’s own merits, but Microsoft has sank pretty damned low in turning it into a borderline trojan horse/spyware/browser search hijacker.

I would say “Damn it Microsoft, why can’t you guys just make something that people WANT to use!?!?”, but they made Windows Vista and Windows 7 and insist that both have absolutely no problems and can credibly compete against much more advanced competitors, so it would be a moot point.

Final Rating:

IE 8: More toxic waste.

Google Chrome: Excellent replacement.

Do 64-bit web browsers perform faster than 32-bit browsers?

I saw that as one of my search engine redirects in my statistics, so I’d like to say….

No.

Click here to see 32-bit IE 8 vs 64-bit IE 8 on Sunspider.

This tells us a couple things.

1. Internet Explorer 8’s scripting engine has been improved, a lot. Speedwise it’s now in-line with Opera 9.6 or Firefox 2. Although every time Microsoft nudges up to a bar that was set by their competitors 3 years ago, their competitors move the bar ahead another mile.

Opera 10 is in the 3,500 ms range, Firefox 3.5 will be in the 1200 ms range, and Google Chrome 2 Beta is coming in under 800 ms. So clearly IE 8 is no speed demon, but it’s much less torturous to use than it used to be.

2. Just recompiling something as an X86-64 binary usually has no improvement on the performance and in some cases may even make it worse.

The point of the X86-64 architecture was not to make your web browser (or any other particular program) faster, it was to (A) Allow your OS to recognize and access memory addresses above 4 GB and (B) Allow applications to use more than 2 GB each. I think we have a while before web browsers take two gigs of RAM, the worst I’ve seen yet were Safari and Firefox bloat to around 500 megs, and should they actually go crazy and leak infinite memory, then letting them go beyond a 2 GB barrier could prove to be trouble. :)

So why does Microsoft include both versions of IE?:

Users that have used 64-bit Linux distributions can answer this one. 64-bit browser will cause all kinds of plug in hell.

This is less of a problem on Linux, mostly because all open source plugins can be recompiled, and the types of people that work on distributions like Fedora tend to be more of the mind of “So what if we broke Flash?”. Yes, there are hacks like nspluginwrapper to get some things to work, but these introduce stability problems and were created long after the distributions started shipping a 64-bit Firefox that couldn’t use Flash, JAVA, etc.

So a better question would be “Why didn’t the Linux distros ship a 32-bit browser?”

My guess is because that requires pulling in a backwards compatibility subsystem (32-bit shared libraries), which would cause the base system to no longer fit on a CD (boohoo) combined with the stickign of fingers in ears and pretending 64-bit plugins exist for everything.

It’s worth noting that on modern 64-bit Linux, this problem is nowhere near as bad as it used to be, 64-bit plugins exist for Flash, JAVA (through Iced Tea), and your media codecs. But for the first 4 years, it was a real pain in the ass.

So another question could be “Why does Microsoft ship both versions?” ;)

Well, the 32-bit version is obviously there to spare the end user the plug in hell, while the 64-bit version is there cause it doesn’t take up all that much extra space and clearly having a 64-bit OS without all components having a 64-bit version would clearly not be “correct”.

Eventually 64-bit plugins for IE will exist and Microsoft can shed the old 32-bit antique version for good.

In any event, they include the 32-bit backwards compatibility in Windows whereas you’ll need to go get the libraries yourself on Linux cause they thought they’d be cute and leave them out to save space on the disc.

If an Ubuntu developer actually reads this, why don’t you guys cut out that stupid brain damaged .Net wanna-be (Mono) (about 60 megs) and that stupid notes application which as near as I can tell is the only thing that uses it that comes with Ubuntu (5-6 megs) and ship 32-bit compatibility by default?

So there you have it:

The benefits of a 64-bit web browser are mostly dubious, I’m sure though that they can most likely take advantage of some of  the extra security of the X86-64 environment, but they can also be slower and go berserk and eat all your RAM.

Troll Dropping? The Troll will grant you an audience!

I picked this one up at Free Software Daily directed at my post about switching to the (much superior) Epiphany Browser from Firefox:

http://www.fsdaily.com/EndUser/Epiphany_is_my_new_web_browser_goodbye_Firefox

Troll-droppings.

I use Epiphany, but I use it as a secondary testing browser. Firefox is my main development browser. I also have Conkeror and Konqueror installed.

But what do you use Epiphany for? To troll against Firefox? You say that “Linux is an after-thought” Firefox developers?

Did you mean GNU and Linux? Is GNU an afterthought for you?

Where’s the proof of your benchmarks of FF3 Windows binary running faster than GNU/Linux native FF3?

Beyond that, since windows is an arguably incomplete operating system without all the hooks for monitoring and controlling processes, I wouldn’t care if it ran a little faster on Wine.

Firefox doesn’t need to be subject to Gnome’s human interface guidelines. Gnome devs do a pretty fine job, but they don’t have the final word on human interfacing and they’re not the only desktop environment for GNU and Linux.

Epiphany is good, and innovations can be shared among various projects.

Also the EULA of FF3 pertains mostly to respecting the trademark, IIRC. The code is available under the GNU GPLv2, so what are you crying about, exactly? That Mozilla wants to protect their corporate reputation by not allowing modified versions of the code which is released by the Firefox project to be presented as Firefox when it is not?

That’s why we have trademarks so that identity can be maintained. That’s why we have ice-weasel, so you don’t need to worry about one entity such as Debian making changes to Firefox and then having Mozilla devs say “hey, those changes don’t represent us”.

It’s fine for Debian to be using IceWeasel instead. It’s fine for Mozilla to be conservative in what they’re willing to allow to be called “Firefox”.

———-

But what do you use Epiphany for? To troll against Firefox?

Absolutely not. I feel that Firefox is a god awful thing on Linux. The reason it shines on Windows is because (1) The Mozilla people care more about Windows. (2) IE is such unrepentant crap that anything that isn’t IE is an improvement.

You say that “Linux is an after-thought” Firefox developers?

Yes, it’s obvious that if you browse for a little while and use 5-6 tabs and run top or System Monitor, Firefox is usually staring back at you using 500 megs of RAM(!)

Firefox developers have a C++ and XUL/XPCOM fetish and both are grossly deficient and leak memory like a sieve. It’s impossible to write a decent garbage collector in C++, so they ripped off jemalloc from FreeBSD 7 to collect some resources they leak. This causes increased CPU load.In a rough analogy, they fixed a leaking roof by throwing a pale under it.

Epiphany itself is written in C and the user interface is GTK+. Firefox is mostly C++ and the interface is XUL, it has GTK+ bindings to mimic a native application with limited success.

As I sit here writing this, I’ve had Epiphany open several hours and have 7 tabs open, it is using 111 megs of RAM, Firefox would be collapsing under its own weight and using 400-500 at this point.

Please understand that I don’t hate Firefox just to troll, I hate it because it sucks. ;)

Did you mean GNU and Linux? Is GNU an afterthought for you?

Of course not. I love using GNU/X.ORG/GNOME/KDE/XFCE/LXDE/Enlightenment/Fluxbox/OpenStep/DASH/BASH/ZSH/TCSH/Supercalifragalisticexpialidocious/LINUX…to the point that a gas pump is a part of my car.

I wonder how Hurd is coming along…..(cue tumbleweed)

Where’s the proof of your benchmarks of FF3 Windows binary running faster than GNU/Linux native FF3?

You mean you missed the obvious link that I provided? You mean you probably didn’t even read the post?

Beyond that, since windows is an arguably incomplete operating system without all the hooks for monitoring and controlling processes, I wouldn’t care if it ran a little faster on Wine.

I think you miss the Firefox sucks hierarchy. Firefox performance is something like this:

(Acceptable)Windows>>>(Slower than Windows but Faster than Linux native)Wine>>>Linux Native(Utterly Craptacular)

And Windows is at least 7 years older than Linux (3 years if you’re talking about NT), it’s their own fault if their infrastructure sucks.

Firefox doesn’t need to be subject to Gnome’s human interface guidelines. Gnome devs do a pretty fine job, but they don’t have the final word on human interfacing and they’re not the only desktop environment for GNU and Linux.

The entire concept of a HIG is that you don’t have to relearn the interface of every program you open. Users in Windows may not even be aware that there is a HIG, because even Microsoft violates it with things like Office, and Apple ports over the OS X interface into iTunes and Safari…

One of the nicest things about GNOME apps is that if one app behaves a certain way, so will the rest. I don’t need to worry about Firefox putting some setting or menu item in a certain place while the other apps on my system are uniform and well behaved.

You may get used to correcting for a badly laid out interface, but this can be confusing for new users and there really is no reason to subject anyone to it.

Epiphany is good, and innovations can be shared among various projects.

Dear Mozilla,

Please copy the innovation of using C and GTK+ so you don’t leak all my RAM and make the baby Jesus cry.

-Ryan

Also the EULA of FF3 pertains mostly to respecting the trademark, IIRC.

If they can control how you modify or redistribute it, or if you can continue using it, it is not free software. The source is, but Firefox is not, and it makes way for extensions to violate the trust and privacy of the user.

The code is available under the GNU GPLv2, so what are you crying about, exactly?

Actually, it’s not. It’s under a GPL-incompatible (yet Free Software) license called the Mozilla Public License.

http://www.fsf.org/licensing/licenses/index_html#GPLIncompatibleLicenses

” …a module covered by the GPL and a module covered by the MPL cannot legally be linked together. We urge you not to use the MPL for this reason.”

They state that MPL 1.1 has a clause that lets the author choose to allow his work to be dual licensed, but he or she does not have to.

That Mozilla wants to protect their corporate reputation by not allowing modified versions of the code which is released by the Firefox project to be presented as Firefox when it is not?

No, that’s really not it either. How about instead of popping up a big fat EULA, Ubuntu lets you choose between Firefox+Eula and “abrowser” which is Firefox without artwork and name, with no EULA? All they’d have to do is remove the branding package if you clicked “Screw their damned EULA” (My wording). Then everyone can be happy.

That’s why we have trademarks so that identity can be maintained.

“Please don’t soil the good name of our privacy invading, non-free software, bloated as hell, eat all your RAM and fall over dead, porker of a web browser with an inconsistent interface, or we’ll send Hans Blix after you.”

you don’t need to worry about one entity such as Debian making changes to Firefox and then having Mozilla devs say “hey, those changes don’t represent us”.

“See those pieces that work? We didn’t do that. It is against Mozilla policy to sign off on anything that works right!”

It’s fine for Debian to be using IceWeasel instead. It’s fine for Mozilla to be conservative in what they’re willing to allow to be called “Firefox”.

Mozilla doesn’t even own the rights to use the name Firefox. Those are licensed to THEM by the Charleton Group, look in the about section. Anyway, I have the right to tell them to kiss my ass, and you also.

Have fun!

Epiphany is my new web browser, goodbye Firefox!

For those that don’t know, GNOME has an official web browser, and it isn’t Firefox:

Epiphany is the official browser of GNOME.

For a while I ignored it largely because Firefox *does* work, but it’s been quite obvious for a while that Linux is an afterthought for them. Debian fixed up a lot of the more patently Windows-centric crap including the broken Extensions manager. Their reward? Mozilla’s legal department started harassing them about modifications to make it work better (at all in some places) on Linux, and rather than get into a fight, Debian renamed theirs IceWeasel. (Ubuntu still gets preferential treatment even though they have all of Debian’s modifications and some of their own.)

But after doing some benchmarks a while back comparing Firefox 3 in Ubuntu with Firefox 3 for Windows in Wine, and finding out the Windows binary was still better than the Linux native (Someone else came to the same conclusion), I decided to go shopping. What are our options?

Opera was the first thing I tried to replace Firefox with but ended up abandoning it for a few reasons:

1. It *is* proprietary, even though it is freeware.

2. It’s even slower than Firefox in many cases.

3. It’s built with QT which makes it not fit very well into GNOME.

4. It still has trouble with plugins. It cannot embed Totem’s Mozilla plugins, it has a really buggy plugin wrapper for Flash on X86-64 that even tries to wrap the new 64-bit player(!), and it can’t find your IcedTea (free software version of JAVA) installation.

5. It can’t figure out how to open common Linux file types, or even open up a folder for that matter. (Hint: xdg-open you idiots! If you can’t be bothered to figure it out properly, at least use that!)

So moving on, I tried various lesser-knowns such as Kazakhese, Midori (Which will eventually be great but is still incomplete), etc.

Why use Epiphany?

1. It is completely free software, Firefox isn’t.

2. It is an official part of GNOME.

3. Since it’s a part of GNOME, it obeys their Human Interface Guidelines (Firefox doesn’t) and uses GTK+ to natively draw its interface (Firefox uses the much slower and buggy XUL and tries to disguise itself as a native app).

4. It should work with any plugin Firefox does as Epiphany uses Gecko like Firefox does. Even when they switch to Webkit eventually (same as Google Chrome and Apple Safari), the Netscape Plugin specification will still be used. It can also render any page Firefox can.

5. Firefox extensions have a lot of overhead and can be cumbersome to load/unload, Epiphany extensions turn off or on instantly (Yes it has Adblock).

6. They remove the maze of pointless and redundant configuration options and make a browser that you would instantly walk up and just use.

7. There doesn’t need to be any separate themes engine because it simply uses your GNOME theme.

8. They don’t make you agree to a EULA (End User License Agreement) like Firefox does when you open it up the first time. (Bringing you the Windows experience)

9. It performs better and uses fewer resources.

10. I can has awesomebar! (In GNOME 2.26)

How to install Epiphany:

sudo apt-get install epiphany-browser epiphany-extensions

How to remove Firefox if you like Epiphany better:

sudo apt-get purge firefox ubufox firefox-3.0 firefox-3.0-branding firefox-3.0-gnome-support firefox-gnome-support xulrunner-gnome-support

Epiphany