The stability, security, performance, and battery life I am enjoying now were not possible on a Flash-enabled machine.

Flash was an extremely useful extension for many years; it made it possible to view videos on the web without specialized software or downloading the video file and playing it in your own media player. It also allowed some very interactive content (much like Javascript).

Sadly, like many good things, it has been horribly abused. The very same features that improve interactivity also make it extremely vulnerable to exploitation my malicious programmers. The same features that let it play videos in your browser, also means that Flash has to burn a lot of processor cycles, memory, and battery power.

HTML5 makes Flash unnecessary by duplicating it’s video and interactivity features in a standards compliant and open to scrutiny way. HTML5 is also optimized to run in very little memory and require very few resources. Most importantly, HTML5 videos close all needed resources once the video is done (freeing your computer up to do other things).

When I ran across John Gruber’s instructions for how to disable Flash, but have it when I needed it occasionally, I decided to try it out.

Going Flash-Free on Mac OS X, and How to Cheat When You Need It

On Mac OS X, the three main browsers (Firefix, Safari, and Camino) all share the same OS based Flash infrastructure. By simply moving that aside, all three browsers no longer have access to Flash at all (you also have to move aside ClickToFlash extension if you have been using that to filter your Flash; which was my previous recommendation).

I can still watch YouTube videos by using Safari and setting the Develop/User Agent menu to “Mobile Safari 3.2.2 – iPad” (that forces YouTube to send HTML5 video as it makes YouTube think you are on an iPad and cannot even download Flash player to install on your Mac).

For the few work related Flash interactivity needs I have, I also downloaded the Google Chrome browser which has it’s own Flash player functionality not built into the OS (this is important, as whenever Flash starts hogging your computer, you can simply quit Chrome and end all Flash activity).

The benefits have been unbelievable!
My battery life on my laptop is very nearly DOUBLED!!!!

Allow me to repeat that. My laptops now enjoy nearly 10 hours of battery life for normal use by me (previously I was getting 4.5 – 5.5 hours). Yes – DOUBLED!

I am no longer sharing CPU resources and memory with dozens of badly coded Flash objects that would hang around even after I shutdown Firefox or Safari; so my laptop seems faster.

I am no longer vulnerable to Flash cookie tracking, nor a dozen well know Flash security hacks.

I am thrilled to recommend that you all turn off Flash for good and enjoy your laptop focused on what you want it to be focused on from now on.

Synopsis:

• Move Flash, Shockwave, and ClickToFlash out of /Library/Internet Plug-Ins to a new folder called Internet Plug-Ins (disabled) (/Library, ~/Library for each user on each computer).
• Install Google Chrome web browser (just in case you occasionally need Flash again).
• Install YouTube5 Safari Extension 2 (for each user on each computer).
• Enable the Developer features on Safari.
• Reboot to rid yourself of any currently running Flash crap.

As OS X picked up in popularity, replacing for many of us, not only Mac OS 8 and 9, but also MS Windows and sometimes even Irix or Solaris; we no longer needed the App website as the best in breed software solutions for each niche were pretty well known and widely covered on the blogs and in magazines. Apple encroached on the 3rd party space frequently with it’s own apps that were pretty damned good.

I use my various Mac desktop and laptop computers every day, and will not willingly waste my time with other operating systems except on a server basis where Linux and BSD are kings, and Solaris is an also ran. I use and enjoy my iPod, iPhone, and my AppleTV (first generation). My partner enjoys an iPad. We are pretty saturated by Apple products… and we are NOT excited about the coming Mac App Store.

If the Mac App Store is anything like the iPod/iPhone/iPad App store it will SUCK. The App store for these devices is something I grudgingly use because it is the only way. Sadly the iTunes interface is garbage, the indexing and searching are a complete waste of time, and the ratings and reviews are so spammed as to be huge bags of obnoxious noise. Probably many of these things are not Apple’s fault, they are likely just a victim of their own success… like USENET NewsGroups which were once a vast resource of knowledge, but then degenerated into spam collections and noise when the whole world got on USENET; the iPhone/iPod/iPad App store is just noise. Apple could fix the horribly ugly and difficult to use iTunes interface; but I am guessing they will not do so – as they have financial incentives to keep the error rate high so people continue to have to buy three or four applications that do the same thing until they find one that actually works.

The best way to use the iPhone App store is to search 3rd party magazine and blog reviews and talk to friends about the best app in any category and then go through the painful process of searching iTunes App Store to get the app you need.

Mac OS X Software neither needs, nor wants this treatment. Apple already has the best Mac App Store on the planet; it’s called regular old web pages that can be used in any browser and searched easily. If the new Mac App store is more like the wonderful website http://www.apple.com/downloads/macosx/ of past years, then I will applaud it. Sadly I doubt that will be the case, as the website has become less focused on getting things done and more focused on selling more copies of cheap and useless crap no one needs. I think that is a portent.

Guardian Article on Javascript based XSS Twitter Hack

The article mainly focuses on the recent Twitter exploit, and the dangers of server-side XSS exploits, but we can easily protect against this stuff at the browser level too with NoScript add-on to Firefox. FlashBlock and Click to Flash help with Flash issues, but Javascript is more pervasive and XSS is more commonly implemented in Javascript.

I have been seeing so many of these on Facebook lately and am concerned that people are visiting Facebook with vulnerable web browsers. If you are using any browser other that Firefox with NoScript active, and you think you are secure – please let me know what you did to fix your browser. This is the vulnerability that forced me off Safari and Chrome (both of which seem faster, but less secure than Firefox with NoScript and Flashblock).

http://homepage.mac.com/drewthaler/jsblacklist/

JavaScript Blacklist also blocks those annoying snap.com previews, and the stupid tynt copy & paste blocker (though I have not been running into either of these as much lately).

Thank you Drew Thaler!

Update: First you will have to upgrade to Safari 5 and then enable extensions before you can use Drew Thaler’s excellent annoyance blocking extension.

You can run Software Update to get Safari 5 installed.
I found the following instructions useful for enabling extensions:
http://www.geekosystem.com/safari-5-extensions/

To enable Safari extensions:
1. First, open the ‘Preferences’ panel by dragging down from the ‘Safari’ menu or with the shortcut command+comma.
2. Then, click on the ‘Advanced’ panel at the far right and check the ‘Show Develop menu in menu bar’ box if it’s not already checked.
3. From there, a dropdown menu called ‘Develop’ should appear between the ‘Bookmarks’ and ‘Window’ dropdown menus; check “Enable Extensions,” which will be the third item down on the menu.
4. Go back to Safari’s preferences by hitting command+comma, and you’ll see a brand-new extensions panel. From there, you can manage the Safari extensions you’ve downloaded.

Last, apply JavaScript Blacklist extension by double clicking on it.

Open Safari Preferences, click the Extensions Tab, and add kontera.com and quantserve.com to your JavaScript Blacklist to prevent IntelliTXT style adds at MacNN.com and LowEndMac.com.

Examples of sites with crappy IntelliTXT style ads (look for the double underlined common words):
http://www.electronista.com/articles/10/06/15/mac.mini.rises.in.price.for.speed.expansion/
http://lowendmac.com/pb2/powerbook-g4-400-500-mhz.html
http://www.macnn.com/articles/10/06/15/apple.kicks.callers.from.phone.line/

Firebug is a simple Firefox plugin; download and install can be done inside Firefox; you then restart Firefox and click the little bug icon down in the lower right corner to activate the debugging tool.

Web Inspector is integrated in every recent copy of Safari, you run a command line to enable the tool:

defaults write com.apple.Safari WebKitDeveloperExtras -bool true

Once enabled, you can mouse over any web object in your browser and right click or hover to get a drop down menu, from which you select “Inspect Element” and then dig around in the Inspector for your tools.

I am sure there are similar tools for OmniWeb, Opera, Chrome, and even Internet Explorer; but I have no experience with them yet…

neustar.biz

Western Union: Epic Fail

I ended up sending money the old fashioned way, putting a check in the U.S. Mail. What a waste of my morning, sure wish I could bill Western Union for the wasted time.

By worst web design:
1) requires non-standard crappy browsers, neither Safari nor Firefox worked on the Western Union site
2) captcha is illegible most of the time
3) site frequently causes the session to reset, forcing you to re-enter the same information again and again
4) credit card transaction fails frequently
5) whole site crashed after I’d entered all the information for the 8th time – gave up

Pop-up advertising is annoying as hell, but at least it is honest and ethical.
Pup-under ads hide in the background, behind your main browser window and try to trick you into clicks and options that are less than honest.

The Post stopped being a really reliable source for news some time ago, so it is no great loss, but the pop-unders is a last straw. Axed.

Update: Gah, turns out that the International Herald Tribune (iht.com) has started this same disgusting pop-under activity. Axing the IHT hurts more as they have been an excellent source of news from a European and South Asian perspective. They are affiliated with the New York Times; I wonder how long it will take NYT to go all slimy too? This makes two sources of news cut today… not a good day.

We are all watching the security nightmare Windows users experience every day. Thousands of viruses a year, hundreds of malware programs that illegally rob cycles and memory from unsuspecting user’s computers, and that there is a possibility of one on the Mac is news!? Yes it is possible. Someday it will happen. Trust me, we are watching and learning from the Windows security nightmare. Very smart people are ready to stop the first Mac virus when it appears… some day. Sigh. Guess it must be a quiet news week…

On a lighter side, Apple has a really spiffy and poignant ad campaign about this very issue and about why years ago I switched from Amiga and Irix to OSX and not to Windows XP. Check them out for yourself, they are very funny, even if you prefer those Windows machines: http://www.apple.com/getamac/ads/

Oh yeah, and to engage in “post mortem equine floggery” – once again (and for many years now) Apple’s own website requires no cookies, no Java, no JavaScript, and no ActiveX to work – meaning you do not have to lower the security of your browser to visit their website and conduct meaningful business. Hurrah… I sure wish other merchants would figure that out, perhaps they’d get my business then.