27 June 2008

AT&T's Pogo Browser Beta Test

A New Competitor

A little while ago, you may remember my quick review on the upcoming AT&T-funded browser, Pogo. I couldn't test it at the time since their release process seems to be overly strict -- you couldn't even download the beta unless you sign up and then are approved. I signed up just for the hell of it back in April, and about a week ago, I was actually approved. :P

Back in April, when Ars Technica did their review on Pogo, they revealed that the hardware specs necessary for its operation were just utterly ridiculous. They tried it on several computers of increasing size and power, and the only computer that would run it at a passable speed was a "dual-processor Opteron 256 with two 3GHz CPUs, 4GB of RAM, and an NVIDIA 8800 GT video card with 512MB of VRAM" -- a lesser computer with only one Opteron and a Quadro FX 560 video card was apparently too slow.

Little to say, these specs made absolutely no sense. Pogo was described as having tons of 3D effects, but how badly were these coded as to only run on hardware of that magnitude? The fanciest feature that I saw in Ars' review was the Coverflow-like history browser, but then Apple uses this type of 3D on their iPod, and an iPod isn't exactly a supercomputer, now is it?

So, when I downloaded the beta installer to my computer (3.2GHz Pentium 4, 2GB RAM, Intel Integrated Video GMA900), I wasn't hoping for much. Hell, from what I gathered from Ars' article, if the damn thing opened on my computer, I'd count myself lucky.

Well, it installed... and opened... and actually ran just fine. Imagine that! Maybe all the negative reviews from the earlier beta (including mine) made the developers really rewrite the project, because Pogo ran just fine on my computer. The code isn't optimized yet, of course -- there's a little lag between going between pages, loading a new page, etc., but it's forgivable in a beta product.

Future Browser "DRM"?

Upon the first time opening Pogo, however, I was prompted to "register" the browser (I'm cringing already) using my beta password and username -- I assume this is just because of the beta process, since you're informed that you're only allowed to install this software three times. No joke. I seriously don't know if this is because they're trying to keep beta copies of this software from being used in the wild (this I can kinda understand), or if this is some retarded attempt by AT&T to protect their "intellectual property." (If that's the case, why have a pseudo-public beta at all?) Either way, the prompt box is programmatic, not just a web page -- there's no way around it.

Luckily, there's not too much to talk about when it comes to the actual workings of the AT&T Pogo browser -- it's a browser; it goes to websites. Not to mention the fact that it's based upon the Mozilla engine -- if you've used Firefox, it'll all seem very familiar.

There's a few changes, of course -- instead of "tabs" in a "tabbar" at the top of the page, you have "cells" in a "pogodock" at the bottom (little thumbnails of the websites you've got open). You can make "collections" of bookmarks (I guess they're like "folders?") that you can pan through using the coverflow-like interface, as well. Okay, I'll admit the default skin is rather nice, as well -- I like blue.

Other than that, it's a web browser -- anything new and inventive in web browsing was already likely thought up by the Opera team years ago, anyway. :P I have a feeling the whole "cells" instead of tabs thing had something to do with the recent moronic "tab based interface" lawsuit brought against Apple a while back. Makes sense that a large company like AT&T would want to avoid anything like that.

However, some of the underlying features (or lack thereof) in the web browser have given me a bit of concern.

The Case of the Missing Features

Take this, for example:

On the left, you have Pogo's content preference window, and on the right you have Firefox's. Notice anything missing?

Yeah, the Pogo team have apparently removed the JavaScript controls. I can't for the life of me figure out why, unless they're somehow wanting to make absolute sure that you don't block tracking scripts and ad-rotators. That I can see AT&T wanting and telling the Pogo team to do. This is a really, really bad idea, though -- with the increasing prevelance of JavaScript XSS attacks these days, not allowing your users to disable JavaScript if they want to is a bad idea, especially if you're not going to support Mozilla browser extensions like NoScript.

Oh yeah, that too -- Pogo has no support for browser extensions. Of any sort. Not even cruddy little ones like in IE7 and later versions of IE6.

There's also no support for blocking third party cookies, as you can see in the pictures below (Pogo on the left, Firefox on the right):

Blocking third-party cookies (cookies created not by the site you're going to, but by a script on that page), which are almost always involved in tracking your behaviour online in some way, is the first thing I turn on when I now install Firefox. Now, understandibly, this feature could be missing from Pogo because it's based upon Firefox 2 instead of Firefox 3, but it's still an important security feature to have, and I'm surprised that the Pogo team haven't tried to include it.

Something that did surprise me a bit:

Click on that while you're on a web page, and the Venkman JavaScript Debugger pops up! Hell, Firefox doesn't even have a built-in debugger -- I'm assuming this is only here because it's a beta version of Pogo, however. I couldn't imagine them leaving this in here for the final release. However, it proves that they've thought about integrating some extensions, so why not leave the door open for more?

Also, there's the seemingly useless "second" minimize/maximize controls below the main window ones:

Yeah, I suppose they're going to remove those in the next version -- just in case you wanted to know; no, the "maximize cell (tab)" button doesn't do anything. From what I can see, there's no way to have a cell anything less than maximized -- oh, you can use that minimize button to hide it, but after that there's no way to hit the maximize button again, is there?


The conclusion is, believe it or not... get ready to start seeing this browser. "But wait," you might say, "hasn't this been tried before?" Yeah, but companies making custom browsers before didn't have the clout that AT&T has behind it -- we're talking about what's probably the largest single ISP in the US right now. So, you can guarantee that this thing is going to be installed on every average user's computer (and set as their default browser) during the "AT&T DSL Internet Installation" that they have at their house when they get DSL for the first time. I can even see AT&T claiming they're doing it to "promote security across their networks" due to its more secure code-base -- which wouldn't exactly be a lie, you know.

Luckily for we web programmers, at least it's based off of a "real" browser, right?

26 June 2008

Quick Article Roundup -- Easy and Adblock, and Google Defines Obscenity

One Man, One Long List, No More Web Ads - washingtonpost.com

A quick story about "Rick752," the guy behind the AdBlock Plus filterset EasyList. I don't really depend upon AdBlock Plus to block ads for me (I depend upon the NoScript extension to block ad servers -- much easier and quicker -- I stopped using AdBlock Plus due to the enormous memory leaks it had in Firefox version 2), but I support people who do.

Once again, this whole issue stems from a misunderstanding of how the internet works -- when you go to a website, you're not really going to a place where someone else's computer is running little noisy flash ads and pictures and music and explosions. You're downloading framework information (HTML, JavaScript, Flash binaries) to your computer, and then these things are being run on your computer. And if I don't want these things running on my computer, I won't let them. Especially when they're lag-inducing Flash ads that cause my poor old computer to chug chug away for 10 seconds before I'm even able to render the rest of the site I'm going to.

I'm not "depriving" any company of anything -- if their business model depends upon me letting them have access to run bits of code (no matter how small) on my computer, they're in for a surprise, because I don't open my doors for just anyone.

But enough of that -- I'm really curious about the detection methods used by the sites they mention (the Daily Kos, among others). They've got to be some sort of funky client-side code -- I notice the DailyKos' "please subscribe if you use AdBlock" message is downloaded to the browser whether you're using AdBlock or not, and apparently just displayed afterwards...

Oh, bloody clever... just figured it out. The message is apparently displayed by default as "display: block", and then if your browser has access to "blogads.com" (which if you're using AdBlock Plus, you more than likely don't), your browser downloads a little css file with a "display: none" in it for the "Please Subscribe" text block.

Clever -- wonder if this could be fixed by making AdBlock Plus not block css files, only images? I thought JavaScript would be used for this situation, but then JavaScript is still supposed to be optional for all websites, right? ;) (It's the reason why NoScript users are practically untouchable.)

What’s Obscene? Google Could Have an Answer - nytimes.com

Just a quick read -- I thought this was funny as hell. A lawyer, defending somebody for something (who cares), tries to strike down legal definitions of "obscenity" (which are often worded quite silly in local lawbooks, with definitions like "that which the community finds obscene" -- wonderful circular logic there), by showing that more people in that area search for "orgies" than search for "apple pie." Brilliant!

Edited 06/27/08: Changed several instaces of "Adblock" to "Adblock Plus" because there's actually a good bit of difference between the two.

20 June 2008

A Sad, Sad Day

House Caves, Approves Fake 'Compromise' on Telecom Immunity -- EFF Press Release

I really don't get political on this blog, but this is very, very tech-related. I think someone on Fark.com said it best:

July of 2003 I got a ticket for going 45 in a 35mph zone.

August of 2003 - a week after my ticket - they raised the limit on that road to 45 mph.

September 2003, the judge condescendingly explained to me that just because the law changed AFTER I broke it, it was still illegal when I did it and therefore I was still guilty.

Funny how the same doesn't apply here. Remember, folks, if you've got a business, whether big or small:

For the rest of us, there's Truecrypt. Download it and start using it!

Why It's Okay to 'Steal' Wifi Internet

Why it's OK to "steal" Wi-Fi | Computerworld Blogs

"When you open up your trusty laptop, check for available networks, choose one and click 'Connect,' you're instructing your computer hardware and software to communicate with the hardware and software that's providing the Wi-Fi network and ask permission to use the network.

When you do this, a router either grants permission, and assigns an IP address for you to use, or denies permission. If the connection simply works, it means by definition that the network is set up to automatically grant you permission to use it, and to actively provide the means for you to do so. That's what 'connecting to a Wi-Fi network means.' Your computer works on your behalf to ask permission to use the network, and the router works on the behalf of its owner to grant that permission."

Finally someone has the right idea about this.

There is no such thing as "stealing" WiFi, unless cracking is somehow involved. If there's no cracking involved, then it's not even as simple as the "open door of your house/can anyone come in" analogy, it's even simpler -- having unsecured WiFi is the same as having the curtains open on your windows and having someone outside watching your TV.

Are they stealing anything from you? No, nothing that you weren't already broadcasting outside in the first place.

19 June 2008

Kid Rock boycotts iTunes over pa

BBC NEWS | Entertainment | Kid Rock boycotts iTunes over pay

"The performer - whose real name is Robert Ritchie - said his record company Atlantic had asked him to 'stand up for illegal downloading' a few years ago because it told him 'people are stealing from us and stealing from you'.

'And I go: 'Wait a second, you've been stealing from the artists for years. Now you want me to stand up for you?'

'I was telling kids - download it illegally, I don't care. I want you to hear my music so I can play live.'"

You know, I used to think that Kid Rock was a douche of an absolutely colossal scale, but now my respect for him has been increased nearly 100% (even though I'm not going to start listening to his music).

18 June 2008

The Looming Dotcom Bust 2.0

Techdirt: Google Admits It Still Hasn't Figured Out How To Make Money From YouTube

Instead, the real focus should be on the fact that YouTube videos themselves are advertising -- the question is just: for what?

For what? For ISP's. It's really quite basic.

Videos on Youtube advertise just how fun it is to be on the Internet, and you have to pay somebody to be on the Internet, don't you? Be it your cable provider, your cellphone provider, your local coffee shop for their WiFi -- all the same.

I don't understand why people haven't figured it out yet -- the best way to make money off of the Internet is to sell access to the Internet.

Now, just get rid of that pesky already-government-controlled-monopoly thing, and you've got yourself a business.

Now, wasn't that easy?

Unintentional Poetry: "lilliputian trephination"

I'm probably not the first to ever do this, but have you ever looked at the spam you're getting in your email boxes today? Sometimes I do, just for fun -- the spam that's actually received in a GMail account is always very little (their filters are really, really good), so I sometimes take the time out to read through them.

They're always about viagra (or V1A G RA), or watches, or some other silly thing, and over the past few years or so I guess spammers have been trying to pad their spam emails with enough text to make a spam filter sometimes think it's legitimate.

You should try reading them, sometimes -- seriously, sometimes they read like some weird, fucked-up version of a poem.

So, in this vein, I present to you today's example, the poem "lilliputian trephination." (Seriously, the passage of text actually had a title and everything.)

"lilliputian trephination"

by the Internet
Slaveholders signed it,
lincoln's interpretation wheels sank
into the snow the entire body of the ranscomb's daughter.
i know hera truly charming tone,
and miss marple understood
its meaning perfectly.
The evening seemed,
the noise of the horses' hoofs the mountain.
Should the house be taken,
all hopes the stony path.
But there was no need of a torch.
bones of a gigantic animal somekil.