Microsoft leaks tool that lets law enforcement turn off your hard disk encryption, clear your passwords, and scoop up batches of evidence.

Oops.

I’ve maintained for some time that Microsoft has programs that fit on bootable USB sticks and allow law enforcement to override your Microsoft Bitlocker, Encrypted File System (EFS), and password data, and gather all your private information to use against you later in a criminal trial.

That system is called COFEE, for Computer Online Forensic Evidence Extractor. (Microsoft page about it here)

It has been known for some time that Microsoft has backdoored Windows for the US government, when Microsoft got careless and forgot to obscure a cryptographic signing key given to the NSA back in 1998. (The backdoor is still there, just obscured now), but people don’t tend to believe me about COFEE.

If you use Microsoft Bitlocker or EFS, you’re wasting your time, because Microsoft gives these devices out to law enforcement on down to your local police department. If the police get a warrant and seize your machine, and you’re using Bitlocker or EFS, you’ve essentially just handed them the evidence and the only difference the “Microsoft security” will make is that it might cost the cops an extra 2 minutes to boot off the COFEE key and unlock your hard drive.

COFEE was recently leaked onto the web, and Microsoft has been sending cease and desist orders, but COFEE is still on a lot of bittorrent sites if you would like to try it out for yourself.

While I’m at it:

Many Linux distributions offer /home folder + SWAP encryption or (even better), whole disk encryption. And I doubt the people behind those projects are pissing on you and telling you it’s raining, like Microsoft has when it tell you that Bitlocker and EFS are trustworthy and proceeds to sell an instant workaround and evidence collector to the police.

 

Windows 7 Starter sucks so bad that even Windows “evangelists” are running for cover.

Microsoft’s big plan to take on Linux…

The netbook is a funny thing, funny in that the hardware has to be so power efficient and light that Microsoft could never stuff Vista onto them. Another problem for Microsoft was that Linux set the price point at around $299 USD. To compete, Microsoft dug out its 9 year old OS, Windows XP, blew the dust off it, and dumped it for around $3 a copy.

Obviously Microsoft can’t thrive without inflated profit margins, so when the time came to slap Windows 7 on the things (which I’ve used on netbook hardware, and found that it doesn’t work well), they came up with a crippled edition with all of the features turned off.

This edition is called Windows 7 Starter, and has no AERO, no Media Center, is 32-bit only, won’t let you change the wallpaper or the theme, and has a bunch more ridiculous limitations.

Last year, Microsoft conspired with retailers like Best Buy to fake some statistics on Linux netbook return rates. While in truth, most people were perfectly happy with them, Microsoft bribed companies to spread the word that they were not happy, and were returning most of them.

With Vista 7: Crippleware Edition, I’d like to see what the return rates on these suckers will be. Of course, Microsoft is hoping to surprise you with how much it sucks, and wave Windows Anytime Upgrade in your face. For a mere $80 more, you can presto change-o and transform it magically into the same OS you had before with the features turned back on!

I don’t think people will go for this, because I tend to be pissed when I buy something and then later find out that it wasn’t the full version and they want more of my money. Technically with Windows, you never have the full version unless you pay them to give you “Ultimate” which is essentially still just paying them to enable features that were already in the OS.

I believe a mixture of two things will happen to the Vista 7 Crippleware netbooks:

1. Massive return rates.

2. The rest will figure out how to install Linux, which is free, and has no such silly artificial limitations designed to pump you for more money like an elaborate Vista 7 Crippleware scam.

The article that inspired this is from Preston Gralla at Computer World, who is essentially paid by Microsoft to write favorable reviews. It kind of shocked me when he had this to say about Vista 7: Crippleware Edition:

Computerworld just published the results of a survey from the shopping site Retrevo.com, which found that 61% of people don’t know that there’s a difference between Windows 7 and the Windows 7 Starter Edition — and that 56% of those who then found out the differences between the two said they would not be happy with Starter Edition.The Computerworld article notes that, according to Retrevo.com, 23 out of 28 netbooks sold on Amazon.com are equipped with Starter Edition, which means a lot of potentially unhappy Windows customers.At $80, the price to upgrade from Starter Edition to the full version of Windows 7 is steep, particularly for people who have opted to buy a low-cost netbook.That’s bad enough news for Microsoft, but there’s worse as well. A recent study from ABI Research found that 32% of people worldwide will buy Linux netbooks this year, versus 68% for Windows. Other studies have shown Microsoft with a far more dominant lead in netbooks, but those studies are for the U.S. only.

 

Source.

At least one of the rats can tell when the ship is sinking.

Microsoft promotes Windows 7 with a bunch of giant Whoppers

For real!

Now some Asian dude is going to drop dead from eating enough cholesterol to kill anything that’s ever lived.

I guess the lesson is, watch what you swallow.

Full story here.

“Call ‘em out” The Indiana state website is using Microsoft crap and screwing over standards-compliant browsers

As many of you know, I begrudgingly use Windows:

That doesn’t mean that I love it, and I certainly hate Microsoft Internet Explorer. Seems that some sites still don’t get that IE is a turd and that it’s not what their visitors wish to use.

Well, I had to print out a license I hold from the Indiana State Department of Health yesterday and guess what came up?

Notice the “.aspx” extension? Means they’re using Microsoft ASS.NET, errrr….. ASP.NET. No wonder it breaks when you’re using Opera.

Not every ASS.NET page breaks in Opera, but nearly every page that does break in Opera is built with ASS.NET. (On a side note, Silverblight won’t work at all, but who cares?)

Maybe now that the FCC is making a landgrab  for the internet under the veil of “network neutrality”, they can enforce real W3C standards on the assclowns that handle Indiana state websites.

Another Microsoft horror story, the Huntington Indiana public library

I’ve been meaning to mention this for a while but just never did until now.

If you want a prime example of how reliance on Microsoft software damages the community and betrays the public interest, look no further than the Huntington, Indiana public library.

To say nothing about the potentially tens of thousands dollars their reliance on Microsoft software has cost taxpayers in Huntington County directly, their reliance on it also conflicts with the budgeting they’re allocated to the point where they paradoxically  almost never upgrade anything because it will cost money.

Case in point: Their website. If you look at the source, you’ll see meta name=”GENERATOR” content=”Microsoft FrontPage 4.0″.

When was Microsoft Frontpage 4.0 out?

2000. Now I’m no mathematician, but 2009 minus 2000 means that their web page generator is 9 years old and still targeting Microsoft Internet Explorer 4 (which was still in wide use back then).

Why bother having real bona fide web standards if public institutions entrusted with public money squander and abuse their budget?

Now, judging from the image on the top right of the page which is a 1.3 Megabyte JPEG at a resolution of 2204 x 1364 pixels which someone tried laughably to turn into a thumbnail, when any semi-competent Windows user would know that even paint.exe can resize an image, I am kind of left to deduce that some fucking idiot without even the slightest skillset produced these pages.

With their caveman wit, they chose 10 year old standards-violating Microsoft products and couldn’t even figure out how to resize an image with some bundled freeware.

People like this are a disease.

The IT department

Moving on… Someone thought audio books in DRM’d WMA would be a good idea:

This means that if you’re not using Windows XP or Windows Vista, you can’t check out an audio book, so suddenly the library isn’t just abusing your tax money, they’re practically ripping money straight out of your wallet. I’d liken the Huntington Library using DRM’d WMA to a daylight theft by a pick pocket that the police wouldn’t do anything about.

That means that since I have Kubuntu Linux on my main system right now, that I can’t just load the audio file into my media player and hit play because it won’t work. It also won’t play for Mac users.

The library could use Speex, which is a codec in the public domain with no royalties and broad cross platform support, but the Imaginary Property pushers at the book publishing companies wouldn’t go for that. Who made the law that says that knowledge has to be bottled up to protect the profits of a few corporations, at the expense of the entire public?

Federal lawmakers who have been bought by lobbyists and other special interest groups of course. This one isn’t to be squarely blamed on the incompetence of the Huntington Public Library, but also on state and federal lawmakers betraying their duty to the American people.

And lastly, the internet computers at the Huntington Public Library all run Windows XP:

This falls back under the categories of incompetence of staff and the misappropriation of public tax money.

Not only that, but Windows is so susceptible to viruses and worms and spyware that would never affect any operating system where security was one of the design concepts from day one, that the Huntington Public Library has locked all of them down in the mistaken belief that this will protect them.

They’ve locked the systems down so tightly that you can’t even use sites that have been designed with Flash or use thumb drives you brought from home. Whoever did the locking down also missed one giant problem, they all use Internet Explorer 6. The least secure web browser ever.

What is the alternative?

The library in Marion, Indiana, just 15 miles or so south of me, uses Linux. Not only do they use Linux, they use a distribution based on the free Fedora Linux called Userful Discoverstation which uses terminal multiplexing. This allows one tower to power 10 workstations with their own monitors, keyboards, and mice. This is not only much better for the environment than having 10 boxes running their own copy of the OS, it saves on the electric bill, and they don’t have to buy licenses from Microsoft. (You could set up a free Linux distro to get the same effect, Userful just makes it easier).

Userful creates an account that is deleted when the user logs out, and times the session to last however long the library allows. So instead of the librarian having to get up and tell someone who is hogging the computer that their time was up 30 minutes ago and others are waiting, the system gives them a warning 10 minutes before they’re logged out to get their shit together and get lost. (In more diplomatic terms obviously).

The systems are secure with the normal permissions of a Linux user account plus the standard SELinux targeted policy inherited by Fedora which helps keep malicious remote attackers out. Since there are very few security concerns on Linux and because the user is literally incapable of any lasting damage to the system, you can do anything on one of these boxes that you could do as a user on your PC at home. (except for clearly Administrative tasks). Where the Huntington library Windows XP systems are useless, I was using the Linux system at the Marion library to log into Pidgin instant messenger, browse with Firefox, plug in a thumbdrive with documents saved on it from home, and EVERYONE is allowed to do this because the system is in no danger.

So I guess the thing to take from this if you’re the Huntington Library or are in a position of trust to use taxpayer money in a non-frivolous manner and to not discriminate against users with disabilities or with non-Windows systems (or browsers other than IE), is that you should never use Microsoft products in this setting.

They are wholly inappropriate with no merit whatsoever in this use case.

I emailed the Huntington library with my concerns about six months ago and they never bothered to reply.

It’s Back To School time. This year your kids get taught a lesson by “Professor RIAA”

The RIAA is at it again…

After the music indsutry has tried such brass-knuckle tactics in the past as selling fake CDs brimming with malicious software designed to disable your hardware, and violating the GNU GPL license by misappropriating a copy of Xubuntu Linux to turn into a “University Tookit” which backdoored university networks (the bastards were on the receiving end of that DMCA Take Down Notice for a change), they’re now moving on with a full frontal assault on your child’s education.

In a stunning and disturbingly stupid batch of handouts being sent to teachers, that practically begs parody, your kids may be on the receiving end of a taxpayer-funded brainwashing to benefit the RIAA monopolists.

—————————–

PARODY (by me):

This part of the activity should help students recognize how sharing with their friends songlifting, though it is harmless might seem harmless at first, can quickly become a largescale problem for Lars Ulrich. Force students Have students complete the calculations on the worksheet using spreadsheet software or a calculator properly licensed from our friends at Microsoft. If taxpayer-subsidized school time permits, repeat the first calculation by having students choose a realistic number of songs they probably already took would take since they can if they could get them all for free. Adding desire to the equation in this way can further dramatize why words made up to incite panic songlifting can put a serious crimp on the number of $100 bills we have to light cigars and snort cocaine with have an enormous economic impact.

Answers
Total number of songs lifted = 7,800,000;
Total cost of songs lifted = $7,722,000.
$926,640,000 (i.e., nearly a billion dollars).

(After you’ve pointed out that we could have made a billion dollars selling data that didn’t cost anything to duplicate, the children in your class will undoubtedly see the error of their ways.)

BONUS: Assume that a teenager works part time flipping burgers throughout the summer for minimum wage ($7.25 /hr), that taxes bring his wage down to roughly $5 an hour,  the average album has 12 songs,  each track download is $1, and the average teenager buys three albums at that price per week. It comes out to $432, meaning they get to scrub the McFat Vat for 86.4 hours over their three month summer break to purchase licenses for data we conjured up out of thin air.

The more you know!

Hey, kid! I think you missed some spit wads on the drive through window, go take a really fun squeegee and rack up some licensed download sales from the MafiAA, why don’t you?

Best Buy gives in to Microsoft anti-Linux FUD, has seen it’s last dollar from me already though.

I’ve been in retail and retail management before and have some idea of what goes on there:

I’ve worked for two retail companies spanning a total of five years, and have a total of just over half of those in management. The first company was a major superstore, the second was when I had some experience behind me and left for a job at a predominate rent-to-own chain which offered me a better salary and more benefits.

I mention this because of a computerized training module that has surfaced at a Best Buy store detailing not only the usual marketing spiel of whoever happens to be selling widgets on your shelves, but rather, defaming the competition at the same time. This training module is for their sales associate level employees and details the “ease” of Windows and the “strife” of Linux.

Most of the module went on quite a stretch, relying heavily on studies paid for by Microsoft, and using a collection of half-truths and total lies to besmirch Linux. As is typical, there’s a quiz at the end to make sure you don’t just say “fuck this shit” and skip through the module.

The quiz of course, being paid for by Microsoft, fails you if you say that Linux is secure, easy to use, or works with most peripherals. This isn’t just something you can refuse to do either. The store management gets a printout of who has taken these modules and passed them, and if you leave them unfinished (at least in the retail chains I’ve worked at), it often starts the write up process which eventually will lead to being fired.

I can’t say for sure that Best Buy would fire you for refusing to complete a training module which involves cashing in your integrity and submitting to bold faced lies and propaganda, but I know that the retail chains I worked at sure would have. So if you want to keep your just over minimum wage, part time, no benefit retail job which stands between you and starvation while you put yourself through college, you’re just going to have to suck this one up and tell some whoppers about Linux.

Low end retail is all about cashing in your dignity for minimum wage or mediocre salary anyway, isn’t it? Abusive customers trashing the store and cursing at you, evil pointy haired bosses that want you to work unpaid overtime, impossible quotas and policies that they overlook most of the time, but gives them a reason to fire any of you at any time, for cause or for made-up cause… I’ve been on the receiving and giving end of that, and in many ways, it’s like a fraternity hazing process where the salaried management is the guy with the paddle and the hourly employees are the ones shouting “Thank you sir, may I have another?” In short, anyone who intends to go no further will have to put up with the shit every day for the rest of their life. You won’t find better advertisement for a college education or management ambitions.

Of course management ambitions are only something you want to get if you’re part of a company that has a future, and I would venture a guess that Best Buy doesn’t have one. They’re trying to figure out how to load down more of the the ignorant and imbeciles with more Windows-based computers, more Windows-based hardware, a Zune or three, an XBOX 360, Microsoft Office, and an antivirus product. If they can just figure out a way to get you to keep paying thousands of dollars for a temporary license to their software that allows you to purchase more temporary licenses to run binary software from them, and hardware that only works with the software you have licensed from them and will only keep working if you buy more licenses for more of their software in the future, they may have a shot at this. It’s not just about the cost of Windows, because with “only” your $320 copy of Windows Ultimate, you still can’t really do anything with it.

There’s a certain demographic that will pay any price because they have lots of money to set on fire. These same people buy Hummer H2’s. The rest spend about a month’s salary every year or two on Microsoft software and partner products under the mistaken impression that they simply have to. They don’t want to, they’re not evil people, they’ve simply been led astray by the sales associate, the lowly peon making $8 an hour at the Best Buy store, the unwitting foot soldier in Microsoft’s propaganda battle. Exactly what’s in it for the sales associate if people continue maxing out their credit cards on shit they don’t need? They may be able to come back to work next Monday, or Wednesday, Friday, Saturday, Sunday, or whenever they’re expected to show up for their 4-8 hours shift so they can continue making the $8 an hour. It’s how retail treats people.

ASUS  launched a site called “It’s Better With Windows” a few months back. With sales down and increasing competition, the profit for computer sales is marginal at best, sometimes they have to sell them at or below cost to simply out-cheap their competitors. That $50-$80 kickback for loading down the hard disk with crapware may not sound like much, but chances are it’s most or maybe even all of what they make on the sale. If they sell a system with Linux, they are no longer in a position to load you down with crapware that doesn’t do anything til you buy it.

Benjamin Mako Hill wrote an excellent essay a while back that describes the trial crapware bundled on new Windows PCs perfectly, he would call something like a crippled 60 day demo of Office or a 30 day trial of Norton antivirus that times out an “Anti-Feature”. An anti-feature is something that a software maker does to limit your use of the program that no customer would have asked for. The cheaper “Home” versions of Windows without the “Professional” or “Ultimate” features are an anti-feature of themselves, because nobody would have asked Microsoft to turn off functionality that may have been helpful to them.

Best Buy is in the same position. If they don’t sell you a computer, somebody will, and if they aren’t making a profit on the computer itself, they need to sell you additional products and services to go along with it. They see the computer as a foot in the door to sell you bogus “extended warranties” you likely won’t need, antivirus software suites, video games, printers, Windows-only subscription music accounts, and when Windows breaks down, it’s even more money for them because you get to haul it back in and pay hundreds of dollars for their “Geek Squad” to try to disinfect all the malware and salvage whatever data the malware didn’t eat. The more Windows breaks down, the more money they make fixing it. The more Windows doesn’t do, the more money they make selling you software that enables it to do what you’re trying to get done.

It seems stupid when you look at it this way. You wouldn’t buy a car at full sticker price if the horn, air bags, brakes, radio, and upholstery were sold as “add-ons”. If a line of cars has a faulty gas tank that explodes, there will be a lawsuit. Yet this is how Microsoft and retail stores like Best Buy get you to part ways with more of your cash. If the $500 Windows PC cost the full $2,000 up front, nobody would buy them. Better to just suck the rest of your blood out later, as you go.

The tighter the market gets, and the less that Best Buy is able to compete with sites that sell hardware at just over wholesale, and systems that come without operating systems, the more of this kind of thing you’ll see. It’s taking less and less bribes, threats, and coercion from Microsoft to get them to play ball. Their entire remaining customer “base” are zombies that are there to be victimized repeatedly. Best Buy has no future as a company, the very most they should expect is to not go bankrupt immediately.

Five to ten years from now, I don’t even think Best Buy will even be around, but Microsoft can use them in the remaining time they have left to help sell people on Windows. Consumer electronics stores have painted themselves into a corner where they need Microsoft far more than Microsoft needs them. The phoney baloney “education” that customers receive at Best Buy will, Microsoft is hoping, carry on when Best Buy is gone and the customer is buying their next Windows system at Walmart.

Also, just before going through with this, Best Buy silently disappears the Ubuntu boxed set. Hmmmm.

Comcast deploying astroturfing services of Radian6, spying on blog postings with their services

After being angered by yet another Comcast fuckup that led to me being W.O.I. (With Out Internet) for over nine hours one day last week, I noticed that within the next day, a Comcast “representative” under the pseudonym of “Melissa Mendoza” had commented on the post with links to their “support” email address.

As I’ve written about before, Microsoft and other large companies often use the services of large astroturfing  agencies. Microsoft uses one called Visible Technologies and apprently Comcast uses one called Radian6.

I’ve brought these incidents up both on this blog and in the IRC chatroom at Boycott Novell.

For those that don’t know, whenever you write a blog post about Comcast, apparently the folks at Radian6 will index it and flag it for review by a Comcast employee, this is so they have a chance to try to derail the conversation. Obviously that’s harder on a blog like this because I don’t *have* to accept messages that are obviously that sort of spam in disguise.

My post about the Playstation 3 spawned a comment from a fellow in Japan who hammed up his love for PS3 so much that anyone should have been suspicious that he may have been a Sony representative in disguise, needless to say, I hit the “Spam It” button and that’s the last I ever heard of him.

So why did I accept the comment from “Ms. Mendoza”? Because it wasn’t vulgar or laden with hate speech, and because it was clearly identified as being from a Comcast employee, hence there was no attempt at deception of where the comment came from. These attributes are somewhat irregular in the overall scheme of corporate astroturfing agencies usual methods of saying or doing anything, even misrepresenting themselves, to try to get you to shut up about them. Maybe the astroturfers are trying to catch more flies with honey than they did with hydrochloric acid?

Still the only question on my mind for Comcast, and I know you’re reading this, because I can see where the referrals to each page view come from, is “Why don’t you fire the astroturfing agencies and apply the money to network upgrades or discounts to your service?”

I spy with my little eye, something that looks an awful lot like bullshit.

I did some googling on the Radian6 astroturfing agency and “AIH Alerts” (You’ll notice that’s in the URL of their “conversation page”), and got this gem:

http://davefleet.com/2009/03/reviewing-radian6-features/

Apparently, Comcast and other Radian6 astroturfing  agency customers get to build a detailed profile of bloggers and journalists that hearken back to the bad old days of McCarthyism and the Hollywod Blacklists. (Communist witch hunts).

When a Comcast employee is scouring your blog, this is what they see in that sidebar on the conversation page that asks you to log in:

Under “Sentiment”, they get to flag your post “Positive”, “Neutral”, “Negative”, etc. They get to “Assign to” the appropriate employee which “works” your case. Along with how to approach you (Engagement).  The Add To Conversation bar lets them leave notes for other employees over how successful their attempt to silence you was.

The only thing missing is determining your level of influence on the series of tubes internet:

“The new release adds the total number of inbound links (according to Google) to the analysis widgets. Very handy, and very easy to spot.”

Nothing tells them how much of a pain in the ass you are quite like the number of people that are linking to you, apparently. You could easily fuck with them here by simply turning their tactics against them and having friends, family, and others link to you I suppose.

————-

“Well, if they’re big and you’re small, then you’re mobile and they’re slow. You’re hidden and they’re exposed. You only fight battles you know you can win. You capture their weapons, and then you use them against them the next time. That way they’re supplying you. You grow stronger as they grow weaker.” -Gene Hackman’s character in “Enemy of the State”.

Mozilla Firefox attacked by a spyware extension

According to Trend Micro, there is now a spyware extension in the wild for Firefox.

We have seen a lot of malware target Internet Explorer in the past. This is probably one of the reasons why a huge number of users are opting to use alternative browsers…Though this used to be considered a safe computing practice before, it seems it no longer is with the proliferation of malware ]targeting] the most popular alternative Internet browser—Firefox.

Infected Firefox users will see this:

Pretty convincing huh? The spyware extension tries to sucker in unsuspecting users by posing as an Adobe Flash update.

I’ve made the case for quite some time that this could happen because there is no real security model for Firefox extensions and that they have the same rights as the logged in user.

This is also a good example of cross platform malicious software. Since Firefox extensions can work on any platform Firefox supports, this spyware also affects Linux, Mac OS X, the BSDs, and every other OS where the user is running Firefox.

Remember, if you use Firefox, that there is only one place to get extensions. https://addons.mozilla.org DO NOT INSTALL EXTENSIONS FROM ANYWHERE ELSE!

Anyhow, this is exploiting the user through a social engineering attempt rather than a browser exploit. Remember when the only warning Internet Explorer 6 gave about an ActiveX control may very well have been “Click here to install ‘install this plugin to watch all the porn on this website!!!’”, Firefox is not even that safe, because the malware vendors had to spend $200 to get Verisign to sign their ActiveX control, it doesn’t cost them anything to make or distribute a Firefox extension. And Internet Explorer now makes you click through the information bar warning, then the installer prompt, THEN it sandboxes the plugin (if you’re on Vista or Windows 7) so that it has no access to anything outside of the browser.

Firefox doesn’t even have this minimal protection from malicious extensions, any extension you install has write access you your User folder (Vista, 7, Linux. OS X, FreeBSD) or your entire system (Windows XP), and possibly your entire system on systems other than XP if it can figure out how to elevate itself.

Weak sudo password that can easily be brute forced, piggybacking onto a Microsoft system component in Windows 7 that’s allowed to silently elevate, relying on user ignorance when clicking on the UAC prompt to “Accept”, etc. I wouldn’t even be surprised if the malicious extension site asked the user to click the UAC Accept button.

So far, even with the myriad of remotely exploitable Firefox vulnerabilities, none have really been a runaway success due to the rapid patch turnaround time of Mozilla and the automatic update function. The problem is that there is no patch for an ignorant/stupid user.

So even though *you* know to look out for malicious Firefox extensions, you might be on a shared computer where your kids will be able to install malware through Firefox, so what do you do?

First, consider switching to a more secure browser:

I can almost hear you sarcastically quip “Now where have I heard THIS before?”, but the truth is that there are browsers that are reasonably safe because the vendor did not foolishly allow extensions running as full programs. Nothing as complex as a web browser will ever be bulletproof, nothing that has to run advanced scripting languages and support file transfer operations that were designed years ago can be. Indeed nothing with hundreds of thousands of lines of source code (or tens of millions in an operating system) can ever be fully debugged. I never say “Program X is fully secure” I can only say, truthfully, that “Program X is probably more secure than Program Y”.

I recommend Opera 10, I wrote about just why yesterday. It will be released tomorrow, September 1st. The RC is still available at www.opera.com/next if you want to install it today and use the built in updater tomorrow. Opera Widgets are limited as to what they can do for exactly this reason. Mozilla has rolled out a red carpet with their extension system and it looks like now that Firefox has users, the spyware writers have decided to come to the party. Firefox extensions are almost exactly like the bad old days where Microsoft just threw ActiveX into Internet Explorer with the stated purpose of extending the browser, without a reasonable security model. Just like these ActiveX plugins in IE 4/5/6, Firefox plugins and extensions are full programs that can do anything they want, not only manipulating the browser, but limited only by what the Firefox process is allowed to do to the system.

Second, consider a disposable user account:

Ubuntu as of 9.04 has a Guest User account, consider making other users of the computer who may install malicious software use this account. All the changes they make to that account, including the Firefox profile, are deleted every time they log out. If this is too frustrating, then give them their own account but do not give them access to sudo. No sudo means that the damage and malicious software in their account cannot affect other users of the computer or any system files.

Windows has various options for accomplishing the same thing, Windows XP and Vista users can use SteadyState, Windows 7 users can set up an account and configure it to use Guest Mode when the desired state is set up. (Not to be confused with a Guest Account) While in SteadyState or Guest Mode, an account cannot harm the system or other user accounts and all files and settings are deleted when the user logs out. An account can be turned back into a normal account by turning SteadyState or Guest Mode off. Again, if this is too much hassle, at least make them an account that is a “User Account” *NOT* “Administrator”, and damage and malicious software in their account shouldn’t affect other users or the system. It also stops them from installing software globally. (That is, they can only install software that resides in their User folder and doesn’t require access to the system.)

Perhaps the troubles with Apple software and “Free Software” are an “inconvenient truth” that some people will stop at nothing to cover up, but this false sense of security that these deniers provide you with is just as dangerous as Apple proclaiming that Macs are immune from viruses while they silently added a malicious software scanner into Snow Leopard.

Perhaps they could call the scanner “SnowJob”, or is that SnowJobs? *smirk*

Opera 10 is almost here!

The Release Candidate of Opera 10 landed a few days ago:

I’ve been using the (roughly) weekly builds available on the Opera Desktop Team Blog for quite a while, but since those are potentially-unstable testing versions with features that may or may not make the release, I did not want to comment on it one way or the other until I was satisfied that I could give something close to the final code a decent review.

As you may or may not be aware, the Opera browser is one of the older ones, not the first, but it is the oldest surviving browser still being actively developed. It not only predates Firefox, it also predates Monopo$oft Idiot Exploiter Internet Explorer.

You may have even used Opera and not been aware of it. They are the only worthy browser on mobile phones, and roughly tie the mobile version of Safari (which only runs on the hypePhone) for user share. (In fact, Apple blocking Opera on the iPhone is reason enough to avoid the iPhone in my opinion.)

Opera started out as a skunkworks-type project at a Norwegian phone company back in the early 90’s, version 1.0 was apparently never circulated.

I personally started using Opera in 1998. It was small, so small in fact, that before version 5.0 the installer fit on a floppy disk. It was fast, dramatically faster than IE (still is) or Netscape Navigator (R.I.P.), had bleeding edge support for W3C web standards (still does), and it had a feature that most people probably thought was invented by Firefox, tabs.*

(*Well, actually, better than tabs, a true Multiple Document Interface where every tab was also it’s own window, this can still be activated but it defaults to tabs for the sake of users familiar with Firefox.)

Every release of Opera has had better overall support for W3C standards than any competing browser at that time. Unfortunately a lot of pages were written to humor Internet Explorer’s horrible nonstandard Trident rendering engine and so you sometimes still had to fire up IE. *gnashes his teeth remembering IE 5*

Also, Opera didn’t get a lot of mainstream attention on the desktop because it used to be $39 shareware. IE may be terrible, but everything installed it, you couldn’t get rid of it, and this eventually included Windows 98. (And the IE 4 installer was responsible for corrupting more copies of Windows 95 than I care to remember.)

Opera changed revenue models a couple of times, it became adware for a couple of releases (Opera wrote the code themselves so they didn’t have to rely on spyware), and finally it became freeware for anyone that wanted to download it.

A lot of other things have changed in that time as well, including the fact that Opera now not only has the most thorough standards compliance, but it’s also compatible with most poorly written pages that were created with IE in mind.

Now that we have the history lesson out of the way, what’s going on in Opera 10?

On Windows, Opera 10 is an evolutionary upgrade over Opera 9.x for most desktop users, it’s faster, it’s more reliable, its rendering engine is vastly improved, and there’s even a few new features. In short it’s more, better, faster.

On Linux, users have much more to be excited about. Opera now not only has a native X86-64 version, but also, the Linux version seems to finally use xdg-open by default so that you can open your downloaded files and the folders you saved them to without tweaking the preferences.

Opera 10 on Linux can use either the 32-bit Flash plugin through it’s own internal plugin wrapper (called OperaWrapper) so you don’t have to dick around with a Flash plugin, and my VLC plugin for Firefox worked automatically as well, providing support for most multimedia formats. Also, Opera will now automatically see your IcedTea (open source Java) or Java installation. The Linux version is also now compiled with GCC 4 and QT 4, leading to an insanely large boost in overall application performance from 9.x.

If you browse on a slow connection, you will appreciate Opera Turbo, a feature which uses Opera’s caching servers to heavily compress web pages before being delivered to your system. I tried it on a few different connections and made some notes.

The rest:

Opera Turbo

On slow broadband (~1 Mbps) such as basic DSL service, Opera Turbo can cut the time you wait for a web page in half.

On a 56k modem (I had to use bandwidth capping on my router to simulate this), Opera Turbo cut the time to load the average page by over 2/3rds.

On my connection, (~6 Mbps cable) Opera Turbo actually slowed things down a bit even though it still estimated that it was speeding the connection up. This is likely due to the lag of their server fetching the page and sending it to me since I already have a fast connection.

One thing is clear, this feature is useful for modems, slower broadband, and wireless users (phones and netbooks with 3g cards), but avoid Opera Turbo if your connection is sufficiently fast. It also degrades images by compressing them further using aggressive JPEG compression, so you’ll want to disable Turbo (just click the button to turn it off) before you load any images to be saved to disk.

Bundled extras and Widgets:

Opera still includes the integrated email client which is superb, a serviceable IRC client (which may replace separate IRC clients like Xchat for casual users), a simple bittorrent client included in the download manager (Which I disable in favor of a client which supports bad IP address blocking), and support for Widgets, which extend the browser similarly to Firefox extensions.*

(*Firefox extensions are easier to write and can do more but are also dangerous because they can do anything they want to anything the logged in user has access to, or they can spy on you or do other nasty things, or they may just be poorly written and leak RAM or crash the browser. Opera Widgets can do less, but they are not a potential menace to system security or stability.)

Visual refresh:

Opera 10’s default theme has been reworked to be more aesthetically pleasing. Yes it is just eye candy, but nobody who works with a program for hours on end want the ugly interfaces or Firefox or Internet Explorer.

It still supports all themes that worked in Opera 9.x as well, I’m using IBIS inspire which is a more elegant tweak to the Chinese Opera theme, and I have disabled the menu bar in favor of a Menu button in my tab bar. This leaves me more than enough screen real estate. (About 20% more than Firefox does.) Screenshot here Default skin here

How do I block ads?

I use Fanboy’s ad blocking list and user CSS from here. Opera natively supports ad blocking, and you don’t need any silly extensions, you just tell it what to block, those lists do precisely that. Saves you the annoyance of ads, saves you bandwidth, saves you time spent looking at crappy pages packed full of advertising.

Opera Unite may not make the cut for Opera 10:

One thing that Opera Software is working on (that I’ve played around with in the weekly builds is called Opera Unite which, when finished, will allow even the least computer literate people to set up their own file sharing server and streaming music server running inside the browser, and secure it simply by adding a passkey that you can give to your friends. (Or use to remotely access the files you choose to share at a friends house or perhaps at work.

This feature is NOT in the Release Candidate, and the builds that do have it are marked Opera 10.1, so it will eventually be here and if you want it now then you have to use a desktop team weekly build.

Another favorite feature of mine is Opera Sync:

You can get it in File/Synchronize Opera. This was actually introduced in 9.5, but you can have your bookmarks and other data stored in your My Opera account so that if you use another computer, the two copies of Opera stay “in sync” with each other.

In closing (phew!):

There’s definitely a lot about Opera that should interest any Firefox or Internet Explorer user. While Opera 10 doesn’t have the sheer scripting speed that Chrome and Firefox do, it’s not pokey either. In fact, things like Document Object Model operations blow those both away, so the Javascript War is a bad thing because it encourages developers and users to only focus on one area of browser performance when in fact the speed of the engine as a whole may not be well rounded. (What good is fast script execution if the browser can’t parse CSS and HTML fast enough to keep up with itself?)

I will rate Opera, on my totally opinionated 5 point scale. 1 being the most hideous browser there ever was (Internet Explorer) and 5 being subjectively perfect, Opera gets a 4.8, there’s still a few quirks and things that aren’t as great as they could be (though the new stuff I’m interested in is in their pipeline). User interface is clean, download size is small, performance is great, rendering engine is excellent, and it has a complete suite of tools that Firefox and Internet Explorer lack. Their track record on security is nearly impeccable.

Will Opera 10.1 be *the* browser suite to beat? I’d say 10.0 is already giving the other guys a good run for their money.