Archive for the ‘browser’ Category

1 Comment

Breaking the bad, pushing a worse internet (part II)

Sunday, June 21st, 2015

In an earlier post we lamented the behavior of multinationals by dropping noble classic Internet principles like Graceful degradation and progressive enhancement to strengthen their business model at a high security and privacy cost for users.

Go to a site with JS disabled and you see Nada. Zilch. On Google, on Twitter, Facebook tells us it can do much without JS. Nonsense, that is their policy, it’s not your fault.


No Comments

Fixing Tracking Contact Form 7 with Google Analytics in WordPress

Wednesday, October 1st, 2014

Contact Form 7 advices to add this code to the Additional Settings field at the bottom of the contact form management page

on_sent_ok: "_gaq.push(['_trackEvent', 'Contact Form', 'Submit']);"

Actually that is a bad idea. Be tracked by Google is not every one’s favourite idea of a free internet, so people block Google Analytics either by any tracker blocker, like Ghostery or Disconnect, by Googles official `opt out extension` or by simple blocking the script in a firewall.

Yes, Internet is the only one place on earth you have to `opt-out` to live quiet and peaceful.

When a user has blocked the Analytics script and visits your contact form, he can’t submit it. It will not submit nor show any error-message. It will do nothing, except show an obscure JS error in the console.

`Uncaught exception: ReferenceError: Undefined variable: _gaq`

To fix this, wrap your code up in a try and catch, so it won’t stop on the error and submitting will not halt:

on_sent_ok: "try{_gaq.push(['_trackEvent', 'Contact Form', 'Submit']);} catch(e){}"

Integrating Contact Form 7 and Google Universal Analytics this way is more robust.

No Comments

Breaking the bad, pushing a worse internet

Tuesday, June 3rd, 2014

Some (and not all are alchemy wizards) are claiming that users break the internet by disabling JavaScript.

What is JavaScript? It is one of the three (technical) pillars of websites. The other two are HTML and CSS.

All have a different function:

  1. HTML = content
  2. CSS = style
  3. JavaScript = functionality

The content consists of all the text and images (and officially video and sound), the things you want on informational webpages. Style adds colours, margin, font-sizes and things like that, it makes the content more readable. JavaScript adds functionality and interactivity to webpages. Or can turn websites from informational documents into applications.

So how can users break the internet?

Of course they can’t.

Users can disable images, so browsers don’t download them. Don’ t forget to re-enable them before starting shouting on Twitter…

Users can disable CSS or override CSS which is nice for colour-blind or other visually impaired people.

JavaScript is needed for applications, like like games,  navigation or photo-editing,  and it can make informational documents more dynamic. On informational websites JavaScript is not viable, but needed to serve advertisements.

Users can disable CSS and JavaScript historically. At first because it was new and not widely supported, later because you don’t always need  it. All three types, HTML, CSS and JavaScript are served in different resources/files.  That means webpages will load faster with just HTML, instead of HTML, CSS and Javascript, because less resources have to be downloaded, and HTTP-requests are quite expensive.

CSS is nice too, but JavaScript can be an annoyance. It is a script language that executes by forehand unknown scripts (from probably different sources) on a user computer.

JavaScript impacts severely:

  • speed
  • security
  • privacy
  • costs (on  paid/metered connections)
  • battery usage on mobile devices
  • memory usage, especially on devices with less memory

If you have been infected by a virus, it must have been while visiting websites with JavaScript enabled.

So there are very good reasons  to disable JavaScript for users on at least a lot of unknown websites. You can always reload/refresh with JavaScript enabled, if you need it.

Cooking meth(ods) in business cuisines

Internet-companies read a different story: JavaScript is the fuel for their money machine. Tracking users and serving advertisements is an indispensable part of their business model, with JavaScript they can collect major users statistics. They can follow users over the internet, measure where you hover with you mouse, how long you read, how much you scroll, see what’s in your clipboard, operate your microphone or webcam, where you are, what your friends read, collect images, tracking what and how fast you type.  Yes, every script has access to that.

So companies need JavaScript much more then users. A little lie that `users are breaking the internet by disabling JavaScript` can help their business enormously, especially if you design a few sites that actually break the internet, because the sites do not work without JavaScript. Or they mix-up style with functionality. Push JavaScript and make users hooked to JavaScript. Especially target the mobile platform, because phones are a more valuable source for private information than desktops.

And if a users wants some privacy, blame the user! To disable JavaScript is a crime. You break the internet! What fear can do for you.

Smart-phones are stupid-phones and worse

A phone isn’t something you control, a smart-phone is controlled by major multinationals that run programs on your phone and collect information 24 hours a day and that info is continuously send to the cloud owned by the multinationals.

How much does a smart-phone phone home compared to real user initiated telephone calls. I would say a 100 times. Disconnect your phone from the internet, it can’t do anything any more. Stupid isn’t it? Smart means in control of some major company.

A smart-phone is a kind of ankle monitor. The new Android wear will undoubtedly have an indestructible variant for individuals under house arrest or parole.

Only the first take is free

Informational webpages that show no content without JavaScript is like delivering a newspaper without ink, well there is an accompanied stickersheet, just put the stickers on the right place. That sounds silly, and it is silly. The only way companies design such pages is that they force the users to enable JavaScript so they can collect and track and serve advertisements in return. Yes, the first browser Google designed had no possibility of turning JavaScript off. Google still blocks all extensions that users can install to block unwanted JavaScripts running on their device. Companies push apps on phones instead of letting users use webpages, because with apps they have better control and get more and easier access to detailed user-profiles.

Yes, it’s all about money. And real money isn’t made with cooking simple food like chicken nuggets or serving simple content. You need something sneaky and hidden, you need something in return.

You can be sure about one thing: bringing internet to the poor for free means multinationals want to run programs on the poor guys phones, watches and glasses too. It’s business, not charity out there.

No Comments

Cheer Presto Prestissimo to the great Opera Singer

Wednesday, February 13th, 2013

I just posted this on the Opera Wishlist forum:

Please keep Opera Classic (=Opera Presto) around for some time(years) with just necessary security patches applied.

In honour of those who shed sweat and tears to design and build it, and for those that used it daily for work or leisure and for those that simply loved it.

Also keep it available because we need it as a testing tool, we need browser engine diversity. Opera Presto is one of the best standard compliant engines.

And most important, because we (developers) need it to test our `graceful degredation` and `progressive enhancement` skills: If our future developed sites aren’t accessible in `Opera Classic` we know we failed.

To all internet artists tweeting their songs: if your work doesn’t sound in the classic Opera, keep practising.

1 Comment

Major Android vulnerability for Samsung Galaxy phones (and others)

Wednesday, September 26th, 2012

There is a major risk to lose all your data when you’re using the internet with your Samsung Galaxy phone. Your phone will reset.

You can test here to see if your vulnerable: USSD-Android-vulnerability.html It will show your IMEI number on the phone, when you’re vulnerable. Just open the page with your mobile phone.

Contrary to what you have read somewhere else, the vulnerability doesn’t need you to click anything, loading a page (with malicious advertisements) can be enough. Some advice say that you should read all links carefully. Nonsense, that won’t help.

This bug is also called the Android Reset bug or Android Wipe bug.

Workaround / Solution

Please install this app to secure yourself ASAP.

`TelStop` will do nothing, just ask you what to do, and prevent the default dangerous handling.


The vulnerability is caused by automatic handling of so called USSD `tel` URI by the dialer system. USSD (Unstructured Supplementary Service Data) can display certain information, like your IMEI number or perform specific special features like a Factory Reset (loss of all your data).

Just adding this code to any website can trigger the bug:

<iframe src="tel:123"></iframe>

It isn’t limited to the `tel` URI, also `callto:123` can be used in some browsers, e.g. Opera browsers.

With JavaScript any link can be infected, so it’s a real danger.

It isn’t a browser or Android bug, it’s a bug in TouchWizz, Samsungs own interface layer. Apparently HTC and Motorola made the same mistake.

On a Samsung Galaxy S 2.3.6 phone all tested browsers were vulnerable, stock browser, Firefox, Dolphin, Opera Mobile, Opera Mini.

In the latest firmware (4.0.4) for the Samsung Galaxy III the bug was patched, apparently Samsung was aware of the bug for some time.

Reported Vulnerable phones

(This list is incomplete, sometimes it depends of firmware version)

  • Samsung Galaxy S (Android 2.3.6)
  • Samsung Galaxy S II
  • Samsung Galaxy S III (any firmware below 4.0.4)
  • Samsung Galaxy Gio
  • Samsung Galaxy Advance
  • HTC One X (HTC Sense 4.0 on Android 4.0.3)
  • HTC Desire
  • Motorola Defy (Android 2.3.5)
  • Sony Xperia Active
  • Sony Xperia Arc S

Please add a comment with your phone model if your experience this bug too, and don’t forget to install the workaround.

updated 27/9  sony phones added


Screens are getting bigger and wider and uberwide: 30720×768

Thursday, April 5th, 2012

While taking a look at the screen-resolution tab of the Technology -> Browsers and OS section of Google analytics for this site, I found  a visitor with a baffling 30720×768 screen-resolution.

I know I have geeky visitors, but wow, that’s what you  call a widescreen.

What kind of a device is it?

  • A new Apple super touch-screen for elephants?
  • A Microsoft touchtable?
  • A stretched Limousine laptop?
  • A new Chinese invention for one screen per schoolclass?
  • An interactive bar in the Google Android Cafe?
  •  Or just a browser bug or proxy hacker?

Anyone a clue?