Archive for the ‘Browsers’ Category

TapLiberalised top level domains

28 Jun 2008 13:19 by Rick

I wrote a while ago about how there were more top level domains than I was aware of—.aero, .museum etc. Well on Thursday ICANN, the controlling authority, voted to drop most restrictions and allow applications for any string of three or more letters not already allocated.

It is amazing, however, how most of the commenters to the article in The Register seem to have missed the point and/or not read the article. What this ruling does is allow organisations to register a Top Level Domain so that the sub domains (which are the ones actually used) can be allocated either on request or sub-letting. Each organisation will have to both put up a substantial sum of money (where that goes beyond the administration expenses is unclear) and provide an approved registration and regulatory mechanism to conrtol the lower levels. It is not for Tom, Dick, or ASDA to register fancy addresses for their own personal use.

This ruling also allows strings in alphabets other than the current Latin/Roman but it is not clear if digits will be available. An early use of this facility will be local alphabet equivalents for the national codes for Russia and China. This liberalisation was already coming for lower level domain names and some Cyrilic ones can already be seen. There are (supposed to be) rules to stop the use of characters that look like Roman ones to spoof look-alike addresses. The newer browsers have built in safeguards to warn you of this.

TapColour Management

24 Jun 2008 20:37 by Rick

To those who look carefully, photographs on web pages look dull compared to how they look in photo editors. I always thought it was due to the low resolution but apparently it is all about Colour Management Profiles. These are instructions placed in the image file which tell the receiver how to render the colours and are intended to allow matching on different devices—e.g. Screens on different computers, projectors and printers. However, Firefox has always ignored them; until Firefox 3. IE ignores them as well; Safari does read them but in a different way.

In Firefox, if you go to the about:config page and set gfx.color_management.enabled to True then, after a restart, it will be activated. All the photographs will look just a little bit richer, brighter and more sparkling. The photo purists are wondering why it has not been enabled by default?

Well if you have tried it in Windows you will see—everything else will have taken on a different tinge compared to what it was before, mine went pinkish, others have reported a cream bias. The greys are no longer neutral because in the process of doing it to photographs that come with built-in profiles, they have applied a default profile to everything else on the page and it all looks wrong. The official Mozilla page says that it relies on a properly calibrated monitor. Well mine is as close as I can get it without special hardware but that is not the answer. What you also need to do is set the default profile gfx.color_management.display_profile. You would expect this to be the actual values for your monitor, but that is what Firefox is already doing. What you need to do is set it to C:\WINDOWS\system32\spool\drivers\color\sRGB Color Space Profile.icm to stop Firefox altering it and allow the Windows display driver to make the correction for the screen. Brad Carlile has a good test page—if the greys still look grey and his three test pictures all look the same then you have got it right. The Apple Mac doesn’t seem to have a problem, just set the enabled flag to True and it mostly works. Safari (at least on the Mac) does it like this by default.

Secondly, plugins, particularly Flash, do not compensate, so sites that blend from backgrounds to Flash will no longer be seamless—but my fix seems to solve that as well, unless they are trying to blend Flash with JPG which would be unusual. I haven’t got this working for the Mac yet. and, although Flash blending is ok, apparently Safari falls down for a similar reason; the CSS and GIF backgrounds don’t blend seamlessly with JPG and PNG images. This may also affect my fix but I haven’t had a chance to experiment with it yet. What I need is another comprehensive test page. Update: It is a heavy read, but this page by G. Ballard explains it all and has a lot of test pictures or this excelent article by Jeffrey Friedl.

Finally, it also takes 10–15% more processor power to render the pictures so those on older systems will see a noticeable slow down on picture heavy sites.

I first though that I would be switching it off again until they get this sorted out properly, but having found the profile hack I will leave it, I don’t care about Flash anyway.

TapFirefox 3 Extensions

18 Jun 2008 11:12 by Rick

Even after the extended build-up and yesterday’s world-wide launch there are still a few extensions that haven’t been updated for Firefox version 3.

These are a few that I found that could be simply hacked to enable them to load. I haven’t altered the functionality at all, just changed the maximum version number to 3.* and tested them. They work on my system but you use them at your own risk on yours.

CacheViewer 0.4.7 — Update: Hacked version Version now available.

Stop-or-Reload Button 0.2.2 — The page says it works with Firefox 3 but it doesn’t. Hacked version

UK Threat Level 0.15 — Update: Hacked version 0.15.99 Version 0.16 now available.

British English Dictionary 1.19 — The page says it works with Firefox 3 but it doesn’t. Hacked version 1.19.99 supersedes my earlier version. This extension is also suitable for Thunderbird 2.*. It is not entirely clear if this dictionary is needed for Firefox 3 or if there is one built into the English (British) basic download.

View Cookies 1.7 is ok but for some reason won’t update automatically.

Update: Google Pagerank Status 0.9.8 — Although the web site doesn’t say so, the version there is now 0.9.9 and does support Firefox 3.

HTML Validator (Mac OS X Intel) — It says that version is now available but there is nothing on the other end of the link. Mac OS versions are made even though the official Firefox Add-ons page says they are not.

Objection 0.2.2 — Like View Cookies, the automatic updater doesn’t seem to work. Version 0.3.3 supports Firefox 3.

Update: Minimize to Tray (windows) — Hacked version also works with Thunderbird 2.*.

Autohide 1.2 — Most of the features are incorporated into the base build of Firefox 3 so I won’t be using it.

TapAVG 8 Rumpus

17 Jun 2008 12:08 by Rick

There is growing concern among web site owners, their hosts and web marketing experts that AVG 8 is causing increased costs. The issue is LinkScanner and what it does to traffic. I have already commented that, for those users on limited bandwidth such as dial-up, it should be disabled and I have provided instructions on how to do this. But if it is also significantly affecting the other end of the internet—the web hosts—then AVG may be forced to modify it.

The way it works is that if you do a search using the major engines (at least Google, Yahoo and MSN Live) then you get a page of results, generally 10 at a time. AVG LinkScanner then steps in and visits every one of those results and checks the results for malware and sets a flag (Good, Doubtful or Bad) against each one to warn of potential problems.

The issues for users are:

  • The increased bandwidth caused by the requests and results could have an impact on performance and possibly on any quotas you may have. This will be particularly true for dial-up users but could also affect capped broadband. On the other hand, users may judge that the benefit offsets the costs.
  • Your logs and/or cache could show that you have visited sites that you had no intention of going to. This could have embarrassing or legal implications.
  • This could also be reflected in any profiling that your ISP or the sites themselves are doing which could affect the advertising you receive (it could also be regarded as an asset as it may upset statistics gathered by Phorm type systems 🙂 ). A possible impact is that a site may think you have already seen a particular advert and not deliver it again—you never know, it may have been the offer you were waiting for.
  • If the scanner itself were compromised then it is getting a lot of potential data to further infect your system.
  • Because much malware is served via adverts, and adverts are rotated on every visit, the green tick may give you a false sense of security.

The issues for site owners and their friends are:

  • They will see increased traffic, bandwidth which they have to pay for. Larger sites may need to deploy extra servers and connections to cope with the additional load.
  • Sponsored results will also be visited and the agencies will charge the customer for each visit and it increases the apparent Click Through Rate with bogus visits. Update: Apparently AVG 8 goes direct to the raw URL and bypasses the Click Through detector so that the customer will not be charged. They will, however, still see the increased traffic.
  • Ordinary pages that are funded by advertising appearing on them will see an apparent drop in Click Through Rate because the user never sees the ad to visit it.
  • Web statistics become [even more] unreliable due to the increase in “bounces” i.e. visitors that come in from search and don’t go to any other pages.

At present the traffic is detectable for what it is, so concerned web owners can allow for it either in their analyses or even suppress responding to them. However, if that remains the case, then it will also be detectable by any malicious hosts or content to fool the scanner into returning a clean bill of health. It will be interesting watching the news in the next few weeks to see how this is resolved.

TapInstalling/Upgrading to AVG8 Free (Windows)

4 May 2008 18:01 by Rick

Now that it is available, upgrading from AVG 7.5 to AVG 8 is a logical step but there are some decision points to be made along the way so it is best to be prepared for them.

[Note that the Free edition has some quite rigid conditions about home use only.] First you have to find it. The link I gave before is still good but it is a few clicks of Grisoft determinedly trying to get you to buy the full suite. Some of the links on the way are a bit misleading. One says that AVG Anti-Spyware is being discontinued but others that it is now included with the Anti-Virus package. The eventual download location is either their own site or C|Net

When you come to install it there is no need to un-install the previous version. You will need to login to an admin account. Leaving a lot out, the sequence of events is:—

  • Standard or Custom install—you will need custom if you don’t need the email scanner.
  • For the Custom install, Un-tick the email scanner if you don’t want it.
  • Un-tick the AVG Security Toolbar if you don’t want it. Everyone seems to want you to get one of those and if you loaded them all you wouldn’t have enough window left to browse in.
  • Un-tick the “Enable Daily Scanning” box if you don’t want it. I find that it is a long process and very heavy on resources (though they have put in some sort of load-limiter now). I would rather do them when I want to—and certainly not daily.
  • There is a tick box for informing AVG about potentially dangerous web sites that you come across. I haven’t checked the privacy statement for this yet so I would be cautious.
  • Definitely SKIP the updates at the moment as the install is not really ready for them.
  • Skip the registration for the time being.
  • Now you will need to reboot (it prompts you).
  • When it comes back the System Tray icon will probably be red. Right click to open the AVG User Interface.
  • Click Update Now and it should go ahead and do it.

That is the install complete but you need to check one other thing. One of the features of AVG 8 is the AVG Search Shield, sometimes called the Link Scanner. This intercepts results from the search engines (Google etc.) and inspects them for malicious content—try it and see the little green icons after every hit. Quite how it does that I am not sure but it seemed to take a long time and have a lot of internet traffic. I would imagine that on a dial-up connection it would be impossible. The search engines themselves do some quality checking, if this is doing it real time then it would be better but at what cost. The other thing that bothers me about this is that it could be that you are automatically visiting sites that you wouldn’t otherwise touch with a barge pole (porn etc.) and it will leave the evidence of this in your cache even if it never displays it.

If you decide that you don’t want this facility there are two ways to switch it off. You can use the AVG interface, but if you switch it off there it will forever say that AVG is not fully functional. The other way is with the browser controls. It works using a browser plugin (both IE7 and Firefix, I don’t know about Opera or Safari) and these can be disabled. Go to Tools —>Manage Add-ons—>Enable or Disable Add-ons in IE7 or Tools —>Add-ons in Firefox. This will need to be done on EACH ACCOUNT on your computer.

Now you can register at leisure, if you can figure out how. I haven’t yet! It is worth remembering that, despite all my griping, this is still a free service for which we are grateful.

Update: 20 Jun. As far as I can tell, the Firefox plugin which drives LinkScanner is not Firefox 3 compatible. It will be interesting to see how they update it.

TapHTML Validator extension for Firefox

17 Apr 2008 17:22 by Rick

This *is* available for Mac OS X despite the Firefox Add-ons page saying that it is not. Go to the author’s page to find it.

This is an excellent plugin to check web pages that you have written or other sites for conformance to standards.

TapWhy was Clarkson wrong?

7 Jan 2008 16:01 by Rick

I didn’t see it at the time, but apparently Jeremy Clarkson published his own bank account details in a newspaper article to demonstrate that the loss of the Benefits database was not a big deal. Now he finds that someone has diverted £500 of his money to charity.

In principle, I think he was right, but I wouldn’t have done it. If any money is removed from your account without your permission it is the bank’s fault unless (maybe) you were negligent. The account number and sort codes, your name and address are not secret information. You require more information than that to withdraw or transfer money, but a lot of bank transactions still rely on unreliable signatures and I wouldn’t trust their diligence to check all that carefully.

They say that “The bank cannot find out who did this because of the Data Protection Act and they cannot stop it from happening again.” That is utter rubbish They may not be able to find out who because they probably don’t know who, if it was done by a forged signature, but any clues they do have are criminal evidence and not subject to data protection from the relevant authorities. I think they perhaps mean that they can’t tell Jeremy. I suspect that in this case, he will not be pressing for an investigation, but normally you should.

The flaw seems to be that some Direct Debit forms do not require a signature and the banks allow this. That is not banking, that is a welfare agency and they should be liable. I have never trusted the Direct Debit system, but I hadn’t realised that it was that bad.

It would have been even funnier if the donation was made to Friends of the Earth 🙂

TapGoogle, We’re Sorry

4 Jan 2008 13:16 by Rick

In the office today we had a spate of the Google “We’re Sorry” screen. We have no idea why but it was coming up on quite innocent single word searches. I had a search around and found a few pages of explanation but I think they have made a few mistakes with the error page. First of all, it doesn’t look like a Google page—the font for the logo is wrong—all the Google error pages are like this. Secondly, it is directing you to a less than perfect source of anti-virus and anti-spyware software. Although it is C|Net, there are some very dodgy downloads in there. But most of all, there is no clearly explained reason why the message appears. Admittedly it is better than earlier versions when it told you point-blank that you were infected but a list of possible reasons would be useful.

When it comes to the Captcha needed to continue working, I can’t read many of them.

TapScreen Size/Page Size

16 Nov 2007 09:02 by Rick

There is a disturbing tendency for web pages to get larger and larger. What seems to be happening is that web designers are believing the statistics that say that most people now are buying larger screens. Yes, that is probably true, but it is not the point.

I haven’t bought a 19″ screen to view your web site full size and hitting me in the face. I multi-task, even if women say that men can’t! I want multiple windows open on my screen. In 19″ I can get two good sized windows open and three or four little ones like IM rostas. I can keep my mail box open while I am browsing. I can make notes from web pages. I can refer to one web page whilst viewing another. If you make your web site so it only works when the screen is full width then you are stopping me doing any of those things.

The rule of thumb should still be: Make sure your web pages work on a window 800 x 600 pixels; and that space must include the browser furniture like scroll-bar, toolbar, status-bar etc. Better still, make it dynamic so that it expands to fill the available space. The width is important to the users because there is nothing worse than horizontal scrolling. It is clumsy and difficult to use and quite often users will not notice that there is content off to the right. The height is important to you, the designer. Users are quite used to vertical scrolling but unless your page makes an impact in the bit that is visible at the top then they may not bother to look any further.

I am not saying that there should be no limits; if your page becomes ugly or just looks daft above or below certain widths then feel free to restrict them but aim for allowing any width between about 600 and 1000 with the optimum at 800 and you won’t go far wrong.

TapLocal Shared Objects

15 Nov 2007 16:23 by Rick

These little things are a well kept secret of the browser world. You all know about Cookies? No, well I’ll first explain about them…Cookies are small pieces of data that are stored by your browser on behalf of the sites that you visit.

The problem discovered in the early days of web browsing is that it is a stateless process. Each request for data on a page is independent of every other. Although you know that your request for page 2 is related to your just having read page 1, the server at the other end sees it as an isolated call. If you are following a sequence, such as a process to purchase a book from Amazon, the server needs to know that the pages are all part of the same transaction. It does this by creating a cookie at your end which contains a unique identifier. This is sent along with each subsequent request so that the server can relate them all together without losing track.

There are two sorts of cookie—transient ones which are deleted as soon as the process is completed and longer term dated ones which carry forward information from one browser session to another. There is some security included which only allows a server to read the cookies that it created; this is done by domain name. A good example of a long term cookie is the one that holds your preferences for Google searches so it remembers which languages you prefer etc.

One use for cookies that have gained them a bad reputation is for advertising. The ad-server will store information about what ads it had sent you so it could ensure that you get different ones next time and perhaps also which ones you have clicked on so it can give you more of the same. These became known as tracking cookies, but it is not really as bad as it sounds; the security is still there and the only information that could be called personal is your network address. There is no suggestion that email addresses, personal names or other such things were disclosed, but by looking at the cookies on a user’s system you could get some idea of what sites they have been browsing. For more information see the Wikipedia article.

Due to their reputation, there is now a problem for companies that need to use them; up to 40% of people delete cookies on a regular basis. There is a built in feature in Firefox (and perhaps IE) to delete all cookies now or every time you shut down. As a result many advertising programs were not working properly.

Enter Macromedia (now Adobe) Flash. This system which operates on top of the standard web protocol is widely used by advertisers (and often disliked by users) because it allows animation and sound. It is also used by sites like YouTube to display short videos on demand and web designers to create really fancy (flashy!) sites. Flash has the capability to read and write cookies but it is cumbersome so they created their own (called Local Shared Objects). This was a good idea when they were used for the same purpose that cookes were designed for. But they are now being used as a backup to standard cookies because most people don’t know about them. If some sites spot that their standard cookie has been deleted, they will read the flash backup copy and immediately recreate the cookie, subverting the intention of the user.

Firefox extensions to the rescue—Objection. It is not very clever but does allow you to see the LSOs that have been created and delete them if needed. I am not suggesting that you get paranoid and delete everything in sight but you deserve to have control over your own browsing experience. Of course you could chose to block Flash altogether! I find animations distracting.

Update 14-Aug-2009: The new Firefox Private Browsing (sometimes know as porn mode) introduced in version 3.5 does nothing to stop the storage of or delete LSOs. Your private habits could easily be revealed by looking at what gets stored there. Also there is now a more comprehensive management. This is the Better Privacy plugin but be careful setting it up as it could affect sites that legitimately use LSOs (read the FAQ at the end). There is a management mechanism provided by Adobe which gives you some limited control over what is allowed. Not surprisingly, the options that you chose are themselves stored in an LSO for later retrieval by Flash.

^ Top