Monday, June 22, 2009

Firefox 3.5 and memory usage.

I came across an article while searching for news regarding firefox 3.5. I've been very excited about the new mozilla release so its been on my watch list. I stumbled upon an article from an author who decided to test each of the new browser's memory consumption. Well, i'll tell you what: I made a very bold claim in my last post that memory usage in firefox has been poor. This goes to show the world that when you make statements like these, you need to have facts to back them up with... So here are the facts:



Chrome is Yellow/orange
Opera is Green
Safari is Blue
Firefox is Red

...In a single word: huh?!

This image was publish thanks to what seems to be a very standardized test that a fellow at dotnetperls.com did. What the author did was open up the top 150 URLs (as of 19 Jun reported by alexa) into tabs of each browser using a hand made CLI. He took memory tabulations every 3 seconds for each browser, and after opening 30 tabs, closed them down to 1 tab and repeated the process with 30 new URLs. Each new URL was opened after a short random time frame (not sure why, maybe to to let pages load?).

IE8 was excluded from the test because the author couldn't open URLs in a tab directly (they appeared in a new windows instead) which is a bummer... It would be nice to see how IE8 played out to see what it brings to the table.

This test method mimics some seriously intense browsing, and its kinda realistic too... we might not open 30 tabs at once, but the concept is the same: We start with one URL, and branch from it, usually to another tab... we gather a set of tabs, and then close them down and start over. The only things that different is the time frame and the sites we look at. But this is inaccurate, becuase he uses the top 150 sites. The time thing is probably not important. I can't see memory leaking after each passing second. Another thing that different is add-ons... and this is why I'm starting to think firefox has become such a memory hog: the Add-on developers are writing bad code... But Suprisingly:

Firefox 3.5 RC2 had the lowest memory use all together.

It had the lowest max consumed, Lowest average consumed and the lowest tally at the end. Chrome ended using 3 more megs than firefox in the final tally, but peaked at 1216 megs (the system was winxp 32 with 4 gigs). Im guessing thats why chrome appears so fast as it looks to cache anything/everything... that fact that its javascript speed is a third of firefox 3.5 probably doesn't hold up so much now. The way i see it, nothing is faster than reading from ram. So if firefox is caching to the HDD, and not to memory, and chrome is caching to memory... chrome will always be quicker, at the expense of memory consumption. We can also see that firefox and chome don't "leak' over time, and both do a fantasitic job of cleaning up the memory mess.

I ended this post using firefox 3.0.11 using 80464K (78.6 megs) of memory. Im also using 15 add-ons.
Posted by at No comments:
Tags: , , , , ,

Saturday, June 20, 2009

Firefox 3.5 -- Faster? Slower?

If there is one application I truly am a fanboy of, it’s Firefox. Firefox is an open source success that is changing the way people use the web. Its sole purpose is a browser that is built by people, for the people. According to GlobalStatCounter.com, almost 1 out of 3 people use Firefox, whilst 58% use IE. What’s funny is when you look at their graph, you can tell which days were work days, and which ones weren’t as people left the office browser and used the home browser. Clearly, the fox is here to stay and show the world what a browser should be.

As a former nightly [build] tester, the improvements behind the browser are monstrous. But the average Joe user is still left in the dark in my opinion, and here’s why I think so.

It’s hard for me not to form a biased opinion, because I absolutely am disgusted with Microsoft, and the entire IE line (Include IE8, which is a great improvement). I would like nothing more than the very browser Microsoft ‘shutdown’ (Netscape) come back and destroy them. Oh… Im supposed to be talking about why Firefox 3.5 sucks… ok, here I go.

One thing that really makes me angry is the slowness behind Mozilla. It’s one thing to be delayed on every single beta release, but its another when you hold up simple enhancements. Here’s one pet peeve: Auto completing Tags.

This was a feature that was added in Firefox 3.5, which started development back in September 2008? It took them that long to make these user set tags -- auto complete? Are you kidding me?! This is a massive failure on Mozilla’s part to ‘keep up’ with the stiff competition. There is absolutely NO WAY – you can say they couldn’t have made a Firefox 3.1.0 with that feature in a reasonable timeframe while they worked on other issues. It should have taken them 2 weeks to 1 month to build, test and integrate that feature and make it available. Producing software with these huge long waiting periods is not smart now. Browsers are released regularly these days almost monthly...Competition among browsers these days is at an apex. I know mozilla's tagline with brower releases is: "when its ready, we'll release it" but thats very different than: "when everything else is ready". Simply put, releasing a Firefox 3.1.0 with auto-completing seems like a very easy and quick way to 1) improve user experience immediately 2) Respond to community feedback quickly.

Another thing that really irritates me is it seems Mozilla is not listening hard enough to its users, and now it’s finally starting to bite them I think. Some of the most common complaints that users are quick to point out with Firefox is:

1) Memory usage
2) Start-up Time
3) Add-ons decrease the performance of the browser.


It just angers me that Mozilla has started to slip on things. We shouldn’t be waiting so long for quick easy enhancements. The good news is that It’s now scheduled to improve start-up time (and other internal events) on Firefox 3.6 by atleaset (greater than) 50ms, which is really a whole lot considering Safari 4 starts up in .54 secs now. Firefox 3.5 starts in 2.82 secs… If Mozilla gets smart about things (they usually do) they’ll focus on performance with add-ons… that is, adding a bunch of add-ons won’t degrade performance as much. If they can set that in motion, firefox 3.6 will be more in line of browser's like chrome 2 – easy, robust, and compatible/compliant.

I really am excited about Firefox 3.5 thou... But i think 3.6 is really going to get the users going with lightweight add-ons, themes, and an overall better browser (not browsing) experience.
Posted by at No comments:
Tags: , , , ,

Monday, June 15, 2009

DRM is another way to spell DUMB

I recently bought a new TV, a Samsung one. I’ve never owned a Samsung TV until now, and I can understand what all the hype is about. It truly was a great find, and an awesome buy. I've been burned By LG twice on a DVR and a fridge, So it was either someone that i don't know too much about, or Samsung, which I've heard good things about.

In fact, the TV is soo awesome... (How awesome is it?)... It shows the world how dumb, DRM can really be. Like most devices that are media intensive, the TV allows me to play MP3s, but WAIT! That’s not all... I can play AVIs, MKVs, MP4, Divx, Xvid, H.264, even WMV files! Oh yea, and Images like JPEG can be viewed too (whoopee!). I didn’t exactly know for sure that this TV had these specific capabilities... I knew something was up with the Ethernet interface and a lot of options on the menu... I really got lucky in picking a TV with these features in it and more. Dumb luck is great isn’t it!

According to the manual, I quote on page 32, (with my emphasis in bold) ”MP3 Files with DRM that have been downloaded from a non-free site cannot played. Digital Rights Management (DRM) is a technology that supports the creation of content, the distribution and management of the content in an integrated and comprehensive way, including the protection of the rights and interests of the content providers, the prevention of illegal copying of contents, as well as managing billings and settlements.“

Basically: Interchangeability

In one short response: LOL! According to this statement, if you actually PAID MONEY for an MP3 (or WMV?), you would NOT be able to play this music on the TV. However, if you owned the music CD and ripped the MP3, you would. Same goes for the DVDs and WMV.

Whoa, break lights, brake lights – Is this really implying what it says: If I DOWNLOADED this music from say a torrent and my MP3 is not DRM locked... does that mean it plays on my TV? Yup... the ones I paid for that have DRM? Nope. What about the video files...? I hate those MPAA companies and I download movies all the time from axxo... do those play? Yup. What about the WMV that I paid for with DRM? Nope. Can you buy movies in WMV format with DRM? I’m not sure, but anything file with DRM in them, simply won’t play.

...Oh shit son! Are you serious! You can play Blu-ray rips and H264 HD encodings on your TV... even the 1080p ones? Thats right... but your telling me if you actually bought a Blu-ray disc would you be able to copy it into MP4 or H264 format for easy playback on the TV...

Has anyone ever tried to copy a Blu-ray disc?

They’ve really severed the consumer’s wrists in this.

This is quiet humorous... but it’s also dangerous. Could we see a day (somewhat likely) where all media is encumbered with DRM? Would it be likely that that media cannot be broken/cracked with things like Trusted Computing(Secure IO) running under our tower’s hood? It sure is. My biggest worry is that some day, all media players (from iPods to PC) enforce DRM 100% and anything none DRM can’t be played. But for the mean time, it shows how dumb DRM really is.

A system that rewards media that has been broken, DRM freed, or blatantly pirated, yet punishes those who “do the right thing” and pay for it (In more than one way!). This TV is proof of such a system... and I really should get back to watching Spiderman 3 in 1080p now... You can take that as what you will.

Posted by at No comments:

Wednesday, June 10, 2009

The Exact Same Thing


For a while, i simply did not know what a hash was... or what is meant by a 'hash function'.

A hash is a cryptographic function that takes a string of data, and spits out a unique 'fingerprint' to represent it (called a digest). The best hash functions are able to take a very large amount of data (say... 20 gigs) and produce a different digest even if one single bit changes somewhere in the code.

A hash function is useful for checking the integrity of a file, For example, if your going to send a large file, it might be a good idea to break the file into parts, and include an MD5 or SHA1 with it. This lets your receive know if they get what the think is a corrupted file in the batch they can: 1) know for sure by hashing the files and comparing it to the sent digest, and 2) simply re-download the bad piece.

I found a really nice app that's very useful when it comes to hashes... Its called ExactFile and i highly recommend YOU get it and use it.

And to anyone out there that going to send a large amount of data (Such as someone that's going to post a large torrent -- hint hint) it would be nice of you to archive your files into a set of split files (like 50 meg RAR files) and provide an MD5 (or better yet SHA512) with it.

Exact file can create a digest for a single file, or a folder of files... it can take a file/group of files and check them against a digest as well... it can make a windows association to with hash formats (like an *.MD5 file) so all you have to do is open the digest to start checking the file (it finds it). and even if that .MD5 file really has a SHA1 digests in it, its able to figure out that the MD5 files is not an MD5, and will check the file(s) against SHA1. You can also create multiple Digest types for multiple files and store them in a single digest file... Its also multi-thread so your dual core can do 2 files at once, or 2 functions at once... You can create an Applet for your users, so they don't have to use exact file: They can run the applet and the app will hash and check the files...

God I'm so sick of trying to sell this app... its so damn useful... and its FREE...

And it could have saved me a few days of downloading had you SPLIT THE FILES & USE THE DAMN PROGRAM... it takes 30 seconds, to 10 minutes... to help THOUSANDS of people.

And BTW, the MD5 for the picture is: 4ed71eb4a98becfad2cbc15197aacf78
Posted by at No comments:
Tags: , ,

Monday, June 8, 2009

Logistics Supply Officer

As a former US Navy sonar technician, i used to live and die by acronyms. It seems there were acronyms for acronyms. You could almost approach someone, and make up an acronym OTS and people just knew what your talking about. So when i heard "LSO" I thought of an officer that took care of the logistical operations on my old boat.

So what does the supply officer have to do with this post? Not much. I consider myself a reasonably smart, capable person... so when something new comes along... especial something I know little or nothing about in the IT world, I'm quiet amused. And today was one of those days: Im going to briefly talk about LSO's... and considering I just read some snippets about them... I thought since i don't know much about them... maybe you don't either. So I'll pretend I know everything.

An LSO is an acronym that stands for Locally Shared Object. When you break that down, its pretty clear what it is... Its something that's held locally... and gets shared. It works like this:

You start out with nothing... you go somewhere on the intertubes and someone gives you this LSO... how thoughtful, you put it away... The next day, when the same dude tries to gives you an LSO again, you tell him "No thanks dude, i got one here". This dude wants a peek at it, so you decide to share it with him. Now, i know this was a real dumbed down story, but you should be able to easily relate this with another function on the internets: Cookies. You can think of an LSO as a 'type' of cookie, because it is.

In real life, there are a lot of things messed up with my story:

1) "Some dude" - Not all people are good people.

2) "Gives you something" - Like being hypnotize, you have no option to reject it.

3) "You store it" - But where did you store it... can you tell me where your LSO's are? I swear they were around here somewhere?!

4) "Wishes to peek" - Just like #1, your wish is my command.

An LSO is infact a cookie, but its not the "text" based ones we're a custom to, instead:

  • They Don't Expire.
  • They can be as large as 100 KB (Normal cookies are only 4 KB).
  • Cross-platform tracking, LSO's work in ANY Flash-enabled application/browser.
  • Flash apps can be invisible BTW.
  • Most browsers are not aware of LSO's since they're flash based and 'usually' cannot be removed.
  • They have the ability to send stored information, without user's permission. (to the appropriate domain)
  • This is via Flash, we can now send very critical personal data or technical data: (system, user name, files,...). Flash is 'executable'.
  • Many domains and tracking companies use these flash-based cookies.
  • I got this list from a Mozilla add-on, but i changed the words around hoping you won't notice.
Check out BetterPrivacy for a good Firefox extension. The location of LSO's on windows systems is %appdata%/Macromedia/Flash Player/#SharedObjects/????????/

You can delete them yourself if you don't use firefox (why?!) and the only thing i have picked up on about them is that some games store high scores in them... among what ever else. And due to 'privacy reason' these cookies act like normal cookies: only the originating domain can access them... (But what if they proxy?).

I had some from my bank... among other sites... and a lot from google... even one from weather.com

I would like some good comments with valuable information about them if possible.
Posted by at 2 comments:

Sunday, June 7, 2009

Open Source & BitTorrent Clients

While the legitimacy of bit torrent can be argued till we're both blue in the face, i would like to put all that aside and write about the clients. Any torrent going individual has a lot to say about organizations that may disrupt their traffic, but I don't want to write about that either -- maybe later. I thought I would get critical on the clients. Its probably just paranoia... alright, it is just paranoia, but I can't help but think this system is marked for destruction.

A few months (years) back, Bit torrent clients were nearly all open sourced -- just like the protocol. But as of late, things certainly have changed. I'm not someone that 'dislikes' or 'fears' change, just the bad kind. Lets start with the clear No. 1 client: uTorrent. uTorrent was a complete Open Source Success. And now... well, much has gone left unchanged, except it has been bought out by BitTorrent Inc. and is now closed sourced -- has any wondered what closed source code has been added in to it? The Bit Torrent (client) from Bit Torrent Inc. (yuck) surprisingly remains open sourced, but has undergone heavy commercialization... and Vuze (once Azureus) has gone from being a Java based, resource hungry client to... oh wait... lol... never mind. We still know Vuze is still a heavy weight, but it has also became Bit Torrent's twin in terms of the commercial aspect (Look closely and you'll see the word "price" and the acronym "DRM" on that page).

My point is that most developers that now produce these clients, are no longer in it for the end users. They have slowly been adding to the protocol, and trying to commercialize/monetize their efforts. And what better way to earn money if you could catch, report, and track piracy through the very program you make, that everyone uses.

While i know this sounds silly, but at least give it some thought. Slowly, these developers have made changes to the bit torrent protocol, usually to our own benefit. And while most of these non-standard additions we either over look, or use without a thought second, what happens when the 'new gen' of clients start having problems with the 'old gen'... A lot of people today use these new clients... easily over 95%. Clearly, It shouldn't be difficult to add some feature that could be monitored traffic, media etc., or take away the anonymity of an individual.

How should i say this... Will we see a point where the new gen pushes the old gen out... to the point where it may not be functional? If were trying to kill torrent sites left and right, then who needs to visit a site for the .torrent then when you could visit your friend? If he is... in deed a trustworthy friend.

I decided today to no longer use uTorrent... I will be finishing up my remaining downloads, and from here on, i will use deluge as my main client. I also looked at Halite, but it needs a lot of work still.
Posted by at No comments:

Saturday, June 6, 2009

Signed Email, Encrypted Email

The Problem:

The other day, I installed the latest nightly of Thunderbird, code named: Shredder. I am not a big email person I guess, and I only receive a couple of emails a week. Most are bills, invoices and junk. To me, there are a lot of things wrong with email, but mainly... i don't receive a lot of email from people i wish would email me.

Lets talk about scams. I have at least on one occasion received an email scam -- one spoofed up to be my very own bank. I knew from the start it was a scam, but i decided "why not play along". After all, Firefox (and some others) have a built in filter to try and catch phishing sites, and Thunderbird marked the email as a scam anyway. How far can one go? I visited the site, and it was very easy to tell that this was indeed a scam with the big red warning screen. But I wonder, not everyone uses these products/features and sometimes, they blatantly fail.

How do we create a "safe and secure" email system that lets people know that "what we receive is from who and what they say they are from". What can be done to beef up email Identity when all it takes is 5 minutes to create an email address?

The Answer:

SSL.

Think about it, we should be able to send email (and receive email) that we can trust our confidential data on. I get emails from Bank Of America, telling me i have messages to check on my account... Literally: an email, about an email. Second, if we receive email, Which is unsigned, we can build a case that its junk. If it IS signed, we can reasonably assume its someone we know or, We are getting SIGNED spam... Clearly it will be easier to filter mail that's from a known signed Spammer? And lastly, No one but the people we send mail to should be able to access our mail... Its like that with snail mail, it NEEDS to be like that with email. Piss off admins, this doesn't concern you.

And the ability to do this is already here, and luckily.... its free or pretty cheap at a minimum.

Step 1:
Get a Security Certificate.

Just like banks, brokers and other important institutions have obtained a certificate, you should too. While the better ones cost money, you can get a basic one... Free. Just Google around. I found Comodo offers free ones (at the bottom), and some that cost too much.

Obviously, a degree of trust can be formed by the certificate in use. The new EV certificates are clearly better and go through a more rigorous verification, but for general email, that's not needed.

Using Comodo, I simply provided some personal information, received an email with a verification code/password, and then had to visit a link. After that, the certificate was installed in my browser. Finding/Backing up the cert is as easy as going to (in Firefox) Tools > Options, Advanced Tab, Encryption Tab, "View Certificates" Button. Or you can go to Control Panel > Internet Options, Content Tab, "Certificates".

Too easy... Click "Backup"

Note: If you have the tor button add-on installed, you need to disable it otherwise you won't be able to export properly.

Step 2:
Configure Your Client:

While everyone uses different email providers, and different email clients, they all stem from the same basic concept. I use Thunderbird, and Gmail -- a match made in heaven. The new Thunderbird makes configuring your client with Gmail a snap, and includes the IMAP Protocol, N00b proof. Gmail provides a huge amount of space, is typically pretty reliable, and offers free IMAP, POP, and SMTP access... while other typically cost something (yahoo). I use the Nightly version of Thunderbird 3, and have had no major problems using it as my main client, but this is not for everyone.

Importing your certificate into Thunderbird is just as easy as it was exporting it in Firefox by going to Tools > Account Settings, then the "Security" section on the left -- View Certificates.

This looks familiar:



After clicking "Import", Browse to your certificate and that's it...

Considerations:

I recommend SIGNING all emails by default... Anyone that does NOT have the capacity to view signed emails, will simply get the attachment used for signing a message and wonder what it is... Anyone that does have the capacity, gets a notifications somewhere. However, encrypted messages work a little bit different: The message gets sent AS an attachment. Which means if the receiver does NOT have the capabilities to receive encrypted emails (Using web pages, most clients can handle the protocol) then they get a blank email with a (literally) Unusable/Unreadable attachment and wonder "what did he send me?". In Thunderbird, either a lock appears, and/or a sealed envelop appears depicting that the message is signed, encrypted, or both. Double clicking either one displays this message:


A lot can learn from this signed & encrypted message:

1) The message is "verified" by a third party (although a weak "verification").

2) The message has a hash function built into it, which means it could not have been altered in transit.

3) Its encrypted, which means only the receiver should be able to receive it, since it could not have been modified. [Citation needed]
Posted by at 1 comment:
Subscribe to: Comments (Atom)