Fight for the Internet 1!

Sunday, February 21, 2010

Firefox plugin support under Ubuntu

So for some of you, this will be old news, but it was new to me.

In times (not so long) past, a major complaint concerning Linux was its plugin support for browsers. Namely, if you went to a website that needed, for example, QuickTime... Firefox would inform you that a certain plugin was missing and that's about as far as it would help. Installing the plugin (and anything else needed) would fall to the user, and sometimes that task was not easy.

Ubuntu continues to make the user experience better in their distribution, since they apparently have a solution to this problem. Ubuntu provides a package program called Ubufox which will assist users in automatically install plugins as necessary. It's a simple "Enter your password" and click Next solution, and doesn't get much smoother than that. I used this for the first time today and I didn't even have to restart Firefox. It just worked.

I haven't found something this nice since they automated Nvidia driver installation with the (KDE/Gnome)-Jockey program. Nicely done once again Ubuntu.

Friday, February 19, 2010

Firefox add-on/extension woes -- Corrupt profile

UPDATE: I apologize for any strong language in the original post (listed below for history's sake). I was very frustrated at the time this was happening. The short version of this story is that I had serious Firefox profile and add-on corruption issues when I updated to a particular version of Firefox 3.6, and it drove me crazy.

I found a solution. Use the bleeding edge versions of Firefox in Linux. It is shockingly stable and works great 97% of the time, seriously. Plus it's sound-barrier-shatteringly fast compared to the current stable Firefox.


OLDER POST:

So I have literally done 3 and 1/2 hours of debugging Firefox 3.6 lately and all I have to show for it is certain knowledge which plugins are causing my profile to CONTINUALLY become corrupted.

Ever since Firefox reached 3.6, I have had corrupt profile problems. This is pretty annoying, I must say, since this only very rarely happened under 3.5. Now, it should be noted I use quite a few extensions/add-ons/plugins. About 20 currently. I used to utilize more in the past.

Now, I only know the profile is somehow corrupt because Firefox 3.6 simply REFUSES to start occasionally. I have rebuilt my profile probably literally 30 times by now.

So far, any single one of these following extensions (as of today) are corrupting my Firefox 3.6 profile:
  • Autopager
  • Download Helper
  • DownThemAll!
  • FireFTP
  • FireGestures
  • Xmarks
I'm currently looking into what I can do, since these are probably some of my favorite add-ons, especially Xmarks, FireGestures and Autopager. At this point, I'm going to start using the Firefox debugger more in depth and also doing code comparisons between these add-ons to determine if they have any similarities between them.

UPDATE/EDIT v1:

Well, I have good news and bad news. The bad news: I could not figure out how to use the firefox-dbg package (the firefox debugger). Also, the source code to comb through with the above listed add-ons is huge, and seeing as how I am not a Firefox add-on programmer, it would be quite a lot of work.

The good news: I pulled down the Mozilla Daily Builds of Firefox and the corruption bugs seem to be gone for now. (WAIT, no it is not. See update v2.) It is possible this profile corruption bug has been aggravated in the currently point release which just came down the Ubuntu apt-pipe this morning, because the latest build is version 3.6.2 and the problems seem to be gone. Let's hope this is pushed out to official quickly.

UPDATE/EDIT v2:

I spoke to soon. The bug remains even in the latest daily Mozilla. Fuck this shit. I'm moving to Chrome for the time being. I am still a mozilla Firefox fan, but I can't use this right now.

As it is, even though Chrome only supports about 70% of all the add-ons I use, that is more than I can current use in Firefox. This is embarrassing and infuriating.

UPDATE/EDIT v3:

Chrome is not the answer to my problems, though it has been an interesting experiment. I have switching back to Firefox 3.5 for the time being until I can confirm where the problem lies.

UPDATE/EDIT v4:
Use the bleeding edge versions of Firefox in Linux. It is shockingly stable and works great 97% of the time, seriously. Plus it's sound-barrier-shatteringly fast compared to the current stable Firefox. The bugs are gone.

Thursday, February 18, 2010

Windows plagued by 17-year old escalation bug

Back in June of last year, a vulnerability was discovered in the Windows Kernel which that allows untrusted users to take complete control of systems running most versions of Microsoft Windows.

The vulnerability resides in a feature known as the Virtual DOS Machine, which Microsoft introduced in 1993 with Windows NT, according to this writeup penned by Tavis Ormandy of Google. Using code written for the VDM, an unprivileged user can inject code of his choosing directly into the system's kernel, making it possible to make changes to highly sensitive parts of the operating system.

"You can in theory write to memory segments that are otherwise considered highly trusted and sensitive," said Tom Parker, a director in the security consulting services group at Securicon, a Washington, DC-based security practice. "So for example, malware could possibly use it to install a key logger."

The vulnerability exists in all 32-bit versions of Microsoft OSes released since 1993, and proof-of-concept code works on the XP, Server 2003, Vista, Server 2008, and 7 versions of Windows, Ormandy reported.

Ormandy said the security hole can easily be closed by turning off the MSDOS and WOWEXEC subsystems. The changes generally don't interfere with most tasks since they disable rarely-used 16-bit applications. He said he informed Microsoft security employees of the vulnerability in June.

"Regrettably, no official patch is currently available (then late January 2010)," he wrote. "As an effective and easy to deploy workaround is available, I have concluded that it is in the best interest of users to go ahead with the publication of this document without an official patch."

Microsoft security officials - who are already working double-duty responding to a potent Internet Explorer bug used to attack Google - said they are looking in to Ormandy's advisory and are not aware of attacks that target the reported vulnerability.

Early this month, Microsoft did finally put out a security update patch to this bug, more than 6 month after it was reported. Laughably in standard Microsoft quality and style, this update promptly crippled some systems with the notorious Blue Screen of Death. The systems thus falls into a reboot loop. The only way to solve the reboot looping or BSOD is by removing the patch... or such was the conclusion of thread pertaining to the issue on the MS support forums.

And people wonder why I still claim Windows isn't a very secure OS.

Sunday, February 7, 2010

Microsoft Windows bugs that could be fixed, but won't be

This is just a list of the bugs I observe in Microsoft Windows that are still popping up, more than 10 years after viable solutions having been discovered. (In the case of some bugs, the time is even longer). The list is short right now but I will update it as I find more, which shall doubtless occur in time.

The follow Microsoft Windows bugs that still exist because they don't care enough about you as customers to fix them. Instead they'd rather kowtow to the RIAA and MPAA with useful system performance leeching software you never wanted and will ONLY inconvenience you. Yeah, way to go guys. Give the people stuff they'd riot about if most people knew or understood it, but never fix real problems for them.
  • Virtual Memory running low / running out. [Confirmed since Windows XP, until currently today (2010-02-06) with Windows 7]. It should be noted this still occurs on machines equipped with tons of memory.
  • File System Fragmentation (with NTFS and/or FAT32). [Confirmed since Windows 2000 until Windows 7]. Let's not even start on the abysmal performance of Microsoft File Systems.
  • Rebooting (still too frequently). Need I say more? Every single update that is security related requires an update, and not just those. Too much I tell you, especially for a system that is so horribly insecure.
This List is not necessarily Bugs, though they are still problems that COULD and SHOULD have been fixed decade(s) ago.
  • Slow Windows Update Downloads. There is no excuse for this. Honestly, none. Not anymore anyway.
  • Slow Windows Update Execution. I really forget how long these can take sometimes and just accept this as normal. It's pretty ridiculous when I take a moment to notice it.

Friday, February 5, 2010

Modify / Disable Logitech Mouse Search Button

Overview
On some computer mice with extra buttons, some buttons will trigger a search commend. In Ubuntu, clicking this button will just open your browser to your default search engine. Here are details on how to make sure you have control of your mouse button, so it does not bug the hell out of you.

Background Details
Until recently, I was never plagued by this truly abysmal feature. I had remapped this little button my Logitech MX to be "go up a directory" which I frequently used in my file manager and image viewer. It was very handy.

But on a fresh install of Ubuntu 9.10 Karmic, suddenly my wonderful mouse was cursed with this abysmal feature. The source is your Desktop environment.

Disabling The Feature
In KDE 4.4.2, go to System Settings -> Keyboard & Mouse -> Global Keyboard Settings -> khotkeys.

Find the option for Search and disable whatever key is set.

I hope that helps all of you.

Finding the Button Key Code (Optional)
Sometimes it useful to determine what your mouse-button's keycode is. For this, we use the program 'xev.' ('xev' is part of the X-Windows system under Linux, so chances are you probably already have it on your Linux machine and do not need to install it).

Open a console, and enter the xev command. It will dump a lot of information to your terminal. Simply click the button you are curious about, and then carefully close the small graphical window that popped up. (Do this by only moving your mouse over the window-manager boards of the window, not the content area of the window, if you can. If you do move your mouse over the content area, you will see a lot more info output to your terminal, which will be slightly more work to comb through.)

Here is some sample output (from my system):
.....
FocusIn event, serial 36, synthetic NO, window 0x1800001,
mode NotifyUngrab, detail NotifyAncestor

KeymapNotify event, serial 36, synthetic NO, window 0x0,
keys: 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0

KeyPress event, serial 36, synthetic NO, window 0x1800001,
root 0x13c, subw 0x0, time 25847246, (258,7), root:(264,28),
state 0x0, keycode 64 (keysym 0xffe9, Alt_L), same_screen YES,
XLookupString gives 0 bytes:
XmbLookupString gives 0 bytes:
XFilterEvent returns: False

KeyPress event, serial 36, synthetic NO, window 0x1800001,
root 0x13c, subw 0x0, time 25847246, (258,7), root:(264,28),
state 0x8, keycode 111 (keysym 0xff52, Up), same_screen YES,
XLookupString gives 0 bytes:
XmbLookupString gives 0 bytes:
XFilterEvent returns: False

MappingNotify event, serial 36, synthetic NO, window 0x0,
request MappingKeyboard, first_keycode 8, count 248

MappingNotify event, serial 36, synthetic NO, window 0x0,
request MappingKeyboard, first_keycode 8, count 247

KeyRelease event, serial 36, synthetic NO, window 0x1800001,
root 0x13c, subw 0x0, time 25847332, (258,7), root:(264,28),
state 0x0, keycode 225 (keysym 0x1008ff1b, XF86Search), same_screen YES,
XLookupString gives 0 bytes:
XFilterEvent returns: False

PropertyNotify event, serial 38, synthetic NO, window 0x1800001,
atom 0x187 (_NET_WM_ICON_GEOMETRY), time 25847344, state PropertyNewValue

PropertyNotify event, serial 38, synthetic NO, window 0x1800001,
atom 0x187 (_NET_WM_ICON_GEOMETRY), time 25847693, state PropertyNewValue

ClientMessage event, serial 38, synthetic YES, window 0x1800001,
message_type 0xfe (WM_PROTOCOLS), format 32, message 0xff (WM_DELETE_WINDOW)
... # This was the end of the output.

In this case, my system was seeing that pressing this small button triggered approximately three key sequences. The two I had program (Alt+Up in this case), and also something called XF86Search. This is the dreaded name for this abysmal feature.

Monday, February 1, 2010

Firefox 3.6 for Ubuntu 9.10 Karmic

This news is a bit old, but Firefox 3.6 is out now. For Ubuntu 9.10 Karmic, this new version is not in the official repositories yet. Here is a way to install it for yourself.

For those who don't like to download and run the files straight from the getfirefox.com website, here is an apt repository for Ubuntu which works well.

The group's website is here: https://launchpad.net/~mozillateam/+archive/firefox-stable

They have instructions there for adding this software repo to your system, but basically you do the follow.

1) Close down Firefox completely. This includes all download and add-on windows.

2) Add these lines to your apt-sources list. You can do this by editing the file /etc/apt/sources.list or adding them through whatever graphical package manager you use (such as KPackageKit or Synaptic).

# Firefox Stable Channel Packages
deb http://ppa.launchpad.net/mozillateam/firefox-stable/ubuntu karmic main
deb-src http://ppa.launchpad.net/mozillateam/firefox-stable/ubuntu karmic main
3) Add the repositories apt-authentication keys to your system, and thus help prevent man-in-the-middle attacks. Running this command on a console will do it for you.
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com CE49EC21
4) Refresh/Update your apt lists. (This downloads the newly listed software). You can install it by using whatever graphical package manager you use (such as KPackageKit or Synaptic) or from a console with this command:
sudo apt-get update
5) Install the program Firefox. Not firefox-3.6 (which won't really give you anything). You can install it by using whatever graphical package manager you use (such as KPackageKit or Synaptic) or from a console with this command:
sudo apt-get install firefox
There. You are done. Under KDE, you should be able to just click the firefox icon in the apps menu and in all Linux system you should be able to just run the command 'firefox' to load the browser. Happy browsing.