Ah, that wonderful Flash installation experience... · 2010-04-22 10:57 by Wladimir Palant
Apparently, I am not the only one who noticed that the Flash installation experience has turned from bad to worse. Paul O’Shannessy uses pretty strong language to describe the procedure but I think it is justified. Until recently you could ignore all the bells and whistles and still download the executable which would then install Flash (and only Flash, regardless of the pre-checked crap that you might have forgotten to uncheck). Now you have to install the Adobe DLM extension (never mind that plug-in installation doesn’t usually require a browser restart) and there doesn’t seem to be a way to avoid it. Still wonder why so many people want to see Flash obsoleted by HTML5?
Why Adblock Plus on download.com isn't being updated · 2010-01-30 01:19 by Wladimir Palant
- Dear CNET, so you own download.com? Very easy to remember, nice for you.
- No, I am not really interested in publishing my software there, addons.mozilla.org suits my needs much better.
- Oh, somebody already uploaded my software and I only need to keep it updated? Ok, I guess this won’t be too much of a problem.
- Why did you subscribe me to this newsletter? I didn’t ask for it!
One way to get outdated plugins on your computer · 2010-01-28 15:45 by Wladimir Palant
Only two days ago I wrote how browser plugins are the biggest security risk today. And yesterday I experienced first-hand how one would get outdated and insecure plugins installed. I installed Lexware Steuer 2009 (for the German readers: yes, that’s the one you get at Aldi and that always gets good marks in software tests). And then Secunia PSI went berserk warning me about various security threats on my computer. Turned out, this application installed without even telling me: Java Runtime Environment 1.6.0 Update 2 (released July 2007, current version is 1.6.0 Update 18), Flash Player ActiveX 22.214.171.124 (released April 2008, current version is 10.0.42.34), MSXML 4.0 SP2 (released June 2003, current version is 4.0 SP3).
The new browser security landscape · 2010-01-26 12:22 by Wladimir Palant
Brian Krebs came across one of those websites throwing a battery of exploits at users and took a close look at its administration page. It lists seven exploits, the two most successful ones being for Adobe Reader and Java, followed by two Internet Explorer exploits. At the far end of the list two Firefox exploits can be found as well. From what I understand, only one Adobe Reader vulnerability was unpatched at that time, all other vulnerabilities have been fixed already. For example, the Java exploit targets a security hole that was closed in December 2008, the exploited Firefox vulnerabilities have been closed in Firefox 1.0.5 and 126.96.36.199 respectively.
Atomic orbital viewer with WebGL · 2009-10-04 17:19 by Wladimir Palant
Recently I found an application that I wrote more than 10 years ago — atomic orbital viewer. Back then I got interested in the pictures of atomic orbitals you get presented in chemistry class, found the special-case formulas for electron distribution and generalized them. And then I wrote an application to visualize these orbitals. Since I didn’t have access to 3D hardware or even literature on 3D graphics I ended up reinventing everything — yes, I used to have that kind of time back then. What came out was a Turbo Pascal (DOS) application where I’ve written almost everything myself, including low-level mouse handling and GUI library.
Downloading Xenocode's "sandboxed" applications · 2009-08-28 18:29 by Wladimir Palant
A while ago there was an announcement that the company Xenocode was providing virtualized versions of applications, particularly browsers. While what they provide isn’t real sandboxes (the applications that you run there can still write files to the disk, e.g. if you download something from the web) it is still an easy way of running browsers without having to install them — Xenocode makes sure that from application’s point of view everything that should be there after installation is there. In particular, you can run Internet Explorer 6 and Internet Explorer 7 on the same machine at the same time — no need for complicated registry hacks. Of course, this should only be used for testing websites that are safe, you won’t get security updates for these Internet Explorer instances.
Selecting countries on a map in Firefox 3.5 · 2009-06-20 12:18 by Wladimir Palant
Since everybody is talking about Firefox 3.5 demos these days I though that I would dig up one that I created myself in November. It allows selecting areas of complex shape on an image — e.g. countries on a map. This idea didn’t end up being used for anything but somebody else might find it useful.
Ten years ago I already had to solve this problem. How do you present the user with a map and let him choose a country? Back then I ended up using Win32 API and two bitmaps — one to display to the user and a second invisible bitmap to let the application translate clicks into actual countries by checking the color corresponding to the click position. The visible bitmap was static meaning that it wasn’t possible to show the selected country on the map. But that wasn’t necessary anyway back then. And now I had to solve the same problem, this time for the Mozilla platform.
Hidden cost of (not) using Venkman · 2009-03-12 19:12 by Wladimir Palant
Getting rid of Flash cookies · 2009-03-02 12:57 by Wladimir Palant
Pretty much every Flash movie on the web today uses Flash Player’s global storage feature to store data on your disk, similar to regular browser cookies. What makes this feature so problematic is the lack of proper control mechanisms. For example, for browser cookies I selected “Keep until I close Firefox” which makes sure that cookies can be set (no site functionality is broken) but won’t survive too long. But this setting won’t apply to Flash data. Same goes for the Private Browsing mode in Firefox 3.1, it has absolutely no effect on Flash. Note also that Flash data is the same for all browsers and all profiles.
More extension puzzles · 2009-02-11 17:42 by Wladimir Palant
Since Haploid solved my previous puzzle way too fast, here is another one: what is that page really trying to load? And why is it that NoScript and Adblock Plus disagree so much on that — none of the dozen domains NoScript is showing show up in Adblock Plus and the one request showing up in Adblock Plus doesn’t show in NoScript.