Firefox Security Hole Is Why You Need An Adblocker And An Update

Windows:

  • When I clicked “Help” then “About Firefox” it immediately downloaded the patch.  
  • Click on the “Restart Firefox To Update Button”

Linux (Debian)

Assuming you have “real” Firefox installed and the sources in place.

  • Open Terminal as Root.
  • Smile because you have Root.
  • apt-get update
  • apt-get upgrade
  • Restart Firefox when you click on the button that appears.

Other Linux Distros will vary, of course.

Mac apparently does not have the problem.

What happened?  Hackers.  Simply put, a Hacker exploited a hole in Firefox so that advertisements could push some code onto your machine to take it over.

Now, this business about ad blockers.

I run one and I use it very aggressively. It is for this reason.  It is also that I truly hate being pandered to and watched.

The latest trend is to watch what you are doing via “tags”.  A 1 pixel “dot” of a picture will be pushed to your browser as an anchor for them to watch what you are doing.

The best thing for you to do is to run an ad blocker.  You tell it what to block, and yes, it gets very technical because you have to take responsibility to block these things.  For the most part, an ad blocker with (free) subscriptions will block most, but never all, of these nasties.

When you run an ad blocker you will also notice that your browser runs much faster since it isn’t trying to paint all those ads for all those products that you will never use.

Lets be honest, have you ever actually clicked on an ad intentionally?

Me neither.

Heck, I don’t even see youtube commercials because I run an ad blocker.

The easier one to use is Ad Block Plus.  It is controversial because they allow certain advertisers to pay *them* to be allowed past the blocker.  I would recommend this for basic users because unless you want to learn how to use it, it’s pretty simple.

The one I am using is called uBlock.  I’m still learning how to use it.  It removes the ads, but I haven’t figured out how to make it remove the blank space the ad created.

It’s up to you.  Ads and Hackers, or a better browsing experience.  I know what I chose.

Now, if you will excuse me, I have a browser to restart.

Advertisements

Firefox Now Blocks Flash As Default Until Next Version Of Flash

If you are using Firefox, I have a question:  Is your browser acting up on you?

What happened is that Mozilla pushed through a well intentioned update.  It now blocks Flash as a default, and while you can turn it on if you like through the settings, I’m thinking I got into a chain of weirdness here that ended up with my having to do some tweaks.

Flash is that piece of software who has its origins back before the dawn of time, or rather 1999 or so that serves up videos, games, and the worst of all features of the modern web, advertisements.

You’ve got it on your computer unless you took steps to avoid having it.  I’d be willing to bet on it.  If I lost that particular bet go outside and enjoy the great outdoors since you Win One Internetz you 733t D00D!

For the rest of us, Flash is a bit of an annoyance.  Use is something you may not have thought about, an it’s starting to fade away.  Personally, I won’t miss it but I do keep it up to date and protect myself by only allowing it to run when I tell it to.

Back to that Flash thing.  I am now getting a black stripe at the top of my browser when Flash wants to be activated on any specific website.  In my case, that is exactly how I want it to act.  I want it to nag me when I hit a webpage that wants to use Flash so I know if I’m about to get a virus.

The reality is that when Facebook’s head of security, that time sink of a website that mines what you are doing to serve it back to the advertisers that are paying for the site, says that it is Time For Flash To Die, you are witnessing the beginning of the end of an era.

In my own specific case, it locked my Firefox into “Safe Mode” and refused to let me out.  I had to “Refresh” the browser which meant I lost all my configurations and settings.  It took me the better part of an hour to get them back.  I also lost “Adblock Edge” and am having to retrain myself on something called uBlock Origin which is nowhere near as user friendly as the one I was using.

In order to re-enable Flash, and I do not recommend you turn it on for everyone but leave it nag you when it wants to be on:

Go to your Plug In Check Page
Click the scary “Update Now” button

The midsized scary red button will open a webpage for you to download the latest version of Flash, Manually.  Make certain that you clear the check box for their latest crapware download of McAfee Security software.

In my own opinion, there really isn’t any reason to download anything from McAfee but that’s my opinion.

Once you have done the install, it will force you to restart your browser.

Bad form, Adobe, Bad form.  Then again, it’s always been this bad form so we are used to it by now.

So after you restart the browser, Windows Update had a fix for Flash as well.  After applying that update, and a final reboot, the resulting “about:addons” page that allows you to activate or disable your addons was no longer scary red.

The Plugin Status page still had the scary red big button, but the update now button was green and happy.

Lather, Rinse, and Repeat as necessary for all your computers.  Every IT person will be going through this sort of thought process for a bit, or have someone do it for them.

New Firefox and Other Browser Update Weirdness

I’m settling in to get some things done and notice a blurb.

There’s going to be a rollout of the next Firefox over the next few weeks.  I pay close attention to that because I use Firefox extensively.  I’d be lost without it. 

I’m so tightly trained to use Firefox that I have to step back and actually “think” how to use any other browser.  Since I use Windows 8.1, Windows 7, Mac OSX Mavericks, and Debian Linux on a daily basis as well as Android and an occasional toe dipped into Apple’s iOS, I have to remain as flexible as possible and Firefox is on all of those computers. 

Except the iPhone but I hardly ever use them.

I will eventually install Firefox on the Windows machines when it tells me that it is available.  I’m not in a rush.  The last time they changed the way it looks, the User Interface or UI, it borked it for me.  I ended up installing things to make it look the way it did before I updated the browser while growling at Firefox in general.  Keystrokes and mouse clicks and all that moved.  They removed the status bar. The bookmark strip got lost, or rather hid, and that stores some of your bookmarks.  They removed the title bar.

Why?  Never heard a reason, but I installed Classic Theme Restorer and it brought it all back.  Immediately after that I installed Adblock Edge to get rid of the blasted adverts and other nasties that hitch a ride onto your computer as a result.  More Privacy means for a faster experience as well as fewer viruses and spyware pushed onto your local computer.  Nobody actually “Likes” ads anyway, we accept their presence and usually are annoyed or distracted by them, but “Like”?  I doubt it.

Rule Number One of Software User Experience (UX) is if you change the way something looks, you will break the way people work.  I learned that back in the days of the Mainframe and College. 

Rule Number Two of Software User Experience is that if you do change it there will be unintended consequences.

In My Case:

I have a computer that has what they call a “Clickpad“.  It’s also running Debian Linux.  I know Linux in general fairly well, but Debian Linux doesn’t manage Clickpads well.  Clickpads are those weird trackpads that are flush with the case.  You click on the pad instead of having normal buttons like every other Synaptic trackpad. 

I do know that is fixed in the next version of Debian, and I do know how to fix it now, but it is an annoyance that I have to deal with.  It basically forgets that it has a physical button in Debian Stable/Wheezy, and you’re stuck with whatever you touch on the trackpad.  I only get a Right Click when I tap.  I have since configured a two fingered tap to be a Left Click.

What that all did change did is to break the way Firefox works.  You see, on that particular computer, I can’t Right Click.  I can’t get the pop up context menu.  They changed the UI right away from it. 

Since that machine is Debian Linux, I have to wait for the next version anyway.  It isn’t even using Firefox, but something rebranded as “IceWeasel“.  To put it short, and sarcastic, Debian had a spat with Firefox over the branding.  Since Firefox/Mozilla doesn’t want anything proprietary at all on their default install, someone in the Debian Project grabbed the source code, recompiled it, created the graphics, and renamed everything to IceWeasel.  It works like Firefox but is Older.  About a version back. 

If you’re running Stable, or Wheezy, you could be quite a few versions back.  Jessie has a more current Firefox, but it also has a lot more annoying bugs in it because it is “Testing”.

But Windows?  Yeah, you’ll get it soon.  Just remember Classic Theme Restorer and Adblock Edge, and you’ll be fine.

As for the Mac?  When it is available, you’ll get a blip on the bottom of the screen telling you you’re ready for an upgrade.  You can also go back to the old theme if you want, but I do recommend Adblock Edge as well.

Why the harping on the ads?  It’s a much faster browsing experience when you surf a page without the ads.  No blinky pictures, crawling things, or text ads.  If you don’t download them, you use less data.  Things pop faster.

Trust me on that one.  You can always turn it off later.

So how DO you know when your phone is obsolete?

I have a friend who visits about once a year.  I have a standing request that he brings his “Daily Driver” computer with him when he comes.

He calls it a tune up.  What I generally do is go through the machine, run a virus scan, uninstall spyware, and send him on his way.  It runs much faster because I’ve cleaned out the junk.

He’s also been using that machine for longer than even I have expected.  He’s gotten newer machines, but he keeps coming back to that beast of a 17 inch “laptop” because I’m able to keep it going.

Eventually, he’ll have to stop using it, and then it will have a second life as either a table leveler, something to hold a shelf down in the linen closet, or I’ll put Linux on it and it will be good for another 5 years of use.

I’m leaning toward Linux, but that is because I actually do like using the environment.

Computers have a longer life than the manufacturers want you to believe because they exist to make money by selling you new.  It’s Planned Obsolescence.

With a phone, it appears much more clear cut.  Especially with a smartphone, things have a shelf life.  The vendor puts out a new model, it can do more, but does it really warrant you getting a new one?

Again like with my friends beast of a laptop, to me, it appears that it is software driving the decision.

There are two schools here.  Apple and Android.  Not looking at this as a fanboy of either set up, I have a preference for Android because I can do things with it like use the phone as a multimedia computer much easier than I can with iOS.  I look at it as a use case to form a decision as to which works best for me.

Your Mileage May Vary.

With Apple, there is a clear end of life with their phones.  When you can no longer run their current operating system, it is time to consider moving on.  Apple has always done this with their computers as well.  For a while their PowerPC computers were supposed to be the best thing out there.  Then they came out with Intel based computers that made their old computers look horrible and they stopped supporting them after one more upgrade.

My iPhone is an old 3GS.  It will still make calls, but as a computer, Apple is actively pushing it away.  I have software that ran on it until I updated it, then all the sudden the older software is gone, and the newer one doesn’t work because I don’t have the current operating system.  One after another app is going away and eventually that will be the end of it.

Of course if you have the latest iPhone 6, it’s obsolete when you drop it on the ground on the first day it’s out because you just broke the screen.


Android is a different animal.

Android support varies with the company that made the phone or tablet.  Typically, an Android phone will get updates within the operating system version that it was bought with.  After that you are on your own.

My tablet, a Samsung Galaxy Tab 2, got updates until the current OS came out.  That doesn’t mean that the tablet is unusable, it merely means that it will get more behind the times as I run into the same problem that my old iPhone had.  Software won’t be written for it.

There is another problem with the older versions of Android.  The browser that shipped with every version of Android except the current one has a rather nasty bug in it.  The short of it is that if you have an older Android device, do not use the default browser.  Disable that browser, and install another.  I did that at the start and I use Firefox which is the suggestion that is made by most security groups.

Why is that a problem?  Because if you don’t have a current device that runs the current Operating System, you aren’t going to get an update and you are on your own.  That means you have just hit the wall with using that phone, it’s now obsolete – if you want to be secure.

It all seems a bit alarmist, but considering how many people use their phones and tablets as their main computing devices these days, it really does pay to be aware of what that device is capable of doing.  It is a computer and they do need to be kept up to date.  But when you can’t do that any more, you have to be aware what not being up to date can mean.

Raspbian Gets a New Browser – Epiphany

I saw an posting on Raspberry Pi‘s Blog announcing that the team behind the default browser on many Linux distributions called “Web” was being brought to the Pi the other day.

Great.  It’s an epiphany.  Ok, enough with that particular pun.

epiphany-browser” is the name of the package itself.  “Web” is what it calls itself when you look at the about screen.  No matter what it’s called, it’s there and it is an improvement on the older Midori browser that was shipped with the version of Raspbian that I installed on my Pi.

Midori is a scaled down browser using the same underpinnings as Safari.  That’s great for a limited memory computer but it was a bit too scaled down.

Epiphany will bring better HTML 5 support, a Javascript JIT “Just In Time” Compiler, as well as and most importantly to me, Hardware-accelerated Video Decoding.  It also will be the default browser in Raspbian in future installs.

It will result in a more robust experience.  Since I have basically “locked up” Midori with four tabs open, I’m looking forward to that.  On the other hand, I went to www.fullscreenweather.com and was able to get a radar map on Epiphany where Midori would have simply been too slow to use.

Just like anything in a Debian derived Linux Distribution, it’s easy to get.  It is available via Synaptic, or you can install it from the command line as usual:

sudo apt-get update
sudo apt-get dist-upgrade
sudo apt-get install epiphany-browser

The whole install took about 15 minutes on my Pi.

The reason why it’s called “epiphany-browser” and not just “epiphany”, by the way, is that there’s a game out there called epiphany which is a “boulderdash” clone.

Outlook.com – How To Block Messenger

Microsoft, please don’t annoy me before 6AM.

I had gotten in after the dog walk, settled in for some iced tea, and wanted to check my email once the computer got started.

Using www.outlook.com has never been a pleasure for me.  I want an email service that stays out of my way with extra “features” that I don’t want.   Having a chat service tied into an email program that is a bloated mess was not my choice.  Even Hotmail.com was better than the steaming pile of garbage that Outlook.com has been bloated into.

At the lower left of the browser screen was a helpful “Messaging” area with little icons of people who I have written in the past.  I found myself immediately looking for a way to turn it off.  After wasting a half hour in the “Byzantine” settings menu in Outlook, I went to do a search for how to do it.  I found this page suggesting that I add an entry into a low level file and restart my computer.   The low level file is a text file called “Hosts” that your computer reads in when it starts.  What Hosts does is to override networking.  

In Windows it is at C:\Windows\System32\drivers\etc and Linux keeps it at /etc/hosts which would be where I would expect to find it on Mac OSX.

Some very basic and oversimplified networking concepts.

If you type in http://www.ramblingmoose.com your computer doesn’t know what that does. It consults your network stack, finds the gateway, and then talks to your internet service provider.  In this case it looks at a giant phone book called your DNS and gets the IP Address of the site.  Since my blog points to a blogger site, that number changes, and it’s hosted by Google anyway. 

But I can change that.

If I bring up Hosts in notepad or any other TEXT editor, I can add in a line saying that a specific IP address is to be used when you go to a specific web address or URL.

For example, if I want to block Google, I add a line to the file:

127.0.0.1  http://www.google.com

Save the file and restart the computer.

This works for some sites that are advertising providers and other nuisance sites.  My own Hosts file is pretty large having gotten one that has most of those malware and advertising sites that were known at the time.

But all this is annoying to maintain.  Fortunately, there is an easier way to do it.

Adblock Edge or Adblock Plus in Firefox and whichever other browsers it supports.  Adblock Edge is always the first thing I add when I install Firefox.  It allows me to block ads, hide pictures, and even block whole websites (domains) if I choose to from a semi-friendly interface.

Simply add a custom “rule” to adblock to block the following URL:

geo.gateway.messenger.live.com

It would be a whole lot simpler if Microsoft had decided that it would give you a way to block that Messaging app within Outlook.com settings, but they chose not to.  Luckily I can turn it off and get some things done.

How to add a custom rule:

  • Ctrl+Shift+F will open a window called “Adblock Edge Filter Preferences”.
  • Click on the “Add Filter” button in the upper right of the window.
  • In the blue box, enter geo.gateway.messenger.live.com and Enter.
  • Close the window by clicking the Close Box.
  • When you refresh Outlook.com in your browser, it will be blocked in that browser only.

Annoyed With The New Firefox Look And Feel? Here Is How To Fix It.

Ok, this isn’t a Hey You Kids Get Off My Lawn thing.

Change is sometimes good.  When someone looks long at how something works, makes a tweak, you will know if it is right.

If it isn’t right for you, then sometimes there is a way to fix it.

When I was presented with the opportunity to give my computer a wholesale upgrade, I thought long and hard about going to Windows 8.1.  I don’t like it, many of us don’t.  So why bother?  I installed Classic Shell, and now my Windows 8.1 looks like Windows 7. 

I did it because the new full-screen Modern or Metro apps are useless to me, the live tiles are worthless to someone who lives on the Desktop, and they are a vector for advertising that I have not found a way to block.  I completely uninstalled most of them and since I work very heavily on the desktop, I feel no loss.

Windows 8.1 is faster, slightly, than Windows 7, so I’m enjoying the minor slight speed bump.  I’m still not liking it any time I have to jump into the ugly block land of the Metro apps, but it is only when I have to fiddle with the system that I have to go there.

Why the Windows nonsense on a Firefox post?  There’s a reason.

Firefox changed the way everything looks on the newest update called “Australis” on Windows 8.1.  The old “shine” is gone.  Everything is flat and mostly “Primary colors”. 

I describe it as simply ugly.  The old shine had a great effect, you could find things at a glance on a very busy screen easier.  Granted, you were trained to recognize that the individual elements were separated by color and separators were very visible as a dark line, the most current tab of a tabbed interface was lighter, the other tabs were darker, but did not blend into the background which was a third color.

There is a good reason for this.  Humans are good at pattern recognition.  This is why the “Big Dipper” is a constellation resembling a dipper.  It LOOKS like SOMETHING.  It isn’t a random pattern, although in actuality it really is since some of the stars in the Big Dipper are much closer than others.

So when Firefox upgraded, they went with a new look and feel.   It looks very Windows 8.1 Metro Modern.  Which is to say “Flat and Blocky”.

I don’t like Flat and Blocky.  I have open dozens of tabs at any given moment, sometimes more than one hundred.  It slows me down.

If you want to fix that and find it ugly and want to go back to the old school way of doing things, thankfully Firefox recognizes that you still can.  It is even in their official documentation how to do so.  This update is all about giving you the power to customize the browser. 

Unfortunately they removed the add on bar at the bottom of the browser completely and that broke my weather app that I depended on heavily for current conditions.  I’ll have to go out and write a webpage to monitor the weather itself.  While I could use the practice in HTML 5, I’d prefer it not to have been forced upon me.

You can follow their instructions here.

Simply put you will be adding an “Add On” to Firefox.  It will change it back to the way it looked “yesterday” before you did the upgrade by default.  Install it and you are done.  Add Ons typically work on all versions of the browser, although I haven’t tried it out on my Mac or my Linux machines, I expect this will not be a problem.

All I wanted was my old square edged tabs back in grey with the current tab bright silver, and it gave me that back.

The steps are simple:

Don’t worry, if you want to turn off Classic Theme Restorer, you can within its own preferences found in the Firefox Tools Menu.

It will install the theme restorer.  With that you can change a lot more of the way Firefox looks.  If you really do like the curvy tabs, you can put them back by selecting the proper theme elements.  My biggest problem is that the visual clues are not at all obvious with this new “Australis” theme.  The break between the inactive tabs is much less obvious and the result is that it slows me down.

With Classic Theme Restorer, I can put that back.  There is a Curved Alternative Theme that looks almost exactly like Google’s Chrome tabs so if you like that, feel free.  I just tweaked it to look that way now, and my browser looks like a file drawer full of old grey Manila folders inside Pendaflex holders.

Skeuomorphism to the rescue!

After all, if customization was the goal, I took advantage of it.  I bent the browser to my will and customized it – back to the way it was. 

Useable.