Recovery.gov—Access Problems For The Government's New Website?

The Obama administration has finally pushed its stimulus bill through Congress and has a website for it up and running. Hooray for government transparency and change you can believe in. I was pretty eager to read the bill. Actually, I probably would have just skimmed it for a few minutes and gotten bored the way I did with the House version of the bill. But I was definitely interested in looking at it if for no reason than because it was available online. While Congress has been making the text of bills available in excruciating detail for years, as far as I know this was the first time that the president went to such pains to actually publicize and build websites for a single law. The website was actually live (empty but live) for at least a week before the stimulus bill passed.

So I eagerly went to the website today and was excited to see a polished, professional, and good looking website along with a link to full text of the stimulus bill. Awesome! Then I actually clicked on the link. Nothing. Apparently, JavaScript coders are also getting a stimulus package. I use NoScript to disable scripting on websites by default in Firefox. Most websites work just fine with Javascript turned off and given how common it is these days for malicious websites to download malware onto your computer, it just makes sense for me. But I guess I can trust the government right? It's not like a politician has ever lied to me.

So I enabled JavaScript for recovery.gov and it popped up a message telling me that I was leaving the recovery.gov server displaying the full text of the link which it is sending me to. Is this really necessary? After all, the full text of any link is displayed on a browser's status bar anyway—or at least it would be if somebody hadn't decided to hide the link behind a JavaScript pop up. Still I clicked through and was taken to a the white house website where the bill conveniently divided into five parts and available in available in either PDF or ASCII formats. Excellent! Then I actually clicked on something. Another pop up. So I enable JavaScript for whitehouse.gov and click again and nothing. Aaargh! So I try one more time. Taking note of URL and enable JavaScript gpo.gov (the Government Printing Office?) and click again and nothing.

I tried to access the website again with Google Chrome and Internet Explorer. I used a brand new computer where IE had JavaScript turned on and Chrome always has JavaScript enabled but I still got the same results. Maybe the government's servers are just overwhelmed by people trying to look at the stimulus bill but if that's not the case....Between these three browsers, I probably have at least 95% of all Internet users covered and I'm a bit worried. Sure, the Bush administration screwed up Afghanistan, Iraq, and Hurricane Katrina but I've just received some very disturbing evidence that the Obama administration can't even get a simple website right.

I really hope I missed something....

Update: Checking in on the website again, it looks like they changed things around a bit. You can now download the full stimulus bill, as signed by the president, in PDF format and actually looks pretty good. Yet another document for me to download and not read. You still have to go through the annoying pop ups but at least you can download it and look at it now. My faith in democracy is restored....

Chrome: Is This Your Father's Web Browser?

A couple of months ago I set up a computer for an older couple who had never used a computer before. It was an old laptop with busted hinge but it was in otherwise good condition and it was an easy matter of setting it up with an external monitor and wireless keyboard and mouse. Neither of them knew much about computers and they just wanted it for e-mail and web browsing—the same as most computer users these days.

When it came time to choose a web browser for the computer I wanted to steer them away from Internet Explorer. Besides being slow and bloated, IE is a magnet for hackers if for no other reason than the fact that it is installed on the vast majority of computers. So I installed Opera on the computer.

It seemed like a good choice at the time, Opera is small and fast—perfect for an old computer with only 512MB of RAM. Unfortunately, Yahoo! Mail didn't cooperate. Several days after setting up the computer, I began receiving calls about the a problem between Yahoo Mail and Opera. For some reason it kept redirecting Opera from its Inbox to the log-on page. I never figured out exactly why this was happening. So I installed Chrome—Google's then new browser—on the computer and the older couple has been happily using it for e-mail and web browsing ever since.

Chrome hasn't made much noise since the week when it was launched. A lot of geeks (myself included) downloaded it, complained about a lack of features and possible privacy problems, and quickly went back to Firefox. But from my perspective setting up computers for people—many of them older—who really know nothing about computers and don't care about cookie handling or security.

For these people, Chrome's shortcomings suddenly turn into strengths. Chrome was designed from the ground up to run javascript so temperamental web applications like Yahoo! Mail are more likely to run properly on it. Chrome runs in the background quietly updating itself through Google's Updater application even when it is supposed to be "closed." While more tech-savvy and paranoid people see this as a potential privacy risk, for people who neither know nor care about security or privacy issues, this is an invaluable feature since their web browser always has the latest updates and patches. While there is no way to control how javascript and cookies behave on a site by site basis, people who lack computer savvy won't know how to use these features anyway, so for them relying on Google to handle these potential threats makes sense. It all comes down to how much you trust Google—maybe you and I don't always trust Google but most people don't care one way of they other. For them Google's web browser is just another program that they run on their computer.

So for confused newbies, Chrome's lack of features and minimalist interface are an advantage. Ironically enough, Chrome's name comes from the term used by web developers for the buttons, menus, and other widgets that constitute the browser's interface. But Chrome has very little "chrome" compared to other web browsers; just front, back, and reload buttons, a combination address/search bar, and a couple of hidden menus which are easy to ignore. It even tucks its tabs into its title bar which further reduces clutter. And while Google has talked about producing add-ons for Chrome, there are currently none available. There are no toolbars or extensions for Chrome. But then again, too many extensions can slow Firefox down and toolbars are frequently more trouble than they are worth for Internet Explorer users.

So if you are a tech-savvy nerd who has been wondering what Google was thinking when they put out Chrome, maybe they were thinking about your mom and dad.

You May Already Be Under Attack....

Slashdot has an interesting link to an article about the fact that malware authors have been targeting Blogger (which is the blogging engine that powers this blog along with millions of others) heavily. Since Blogger is owned by Google, this means that about 2% of all malware is hosted by Google. There are three big reasons for this:

1. It is easy to automate setting up a blog on Blogger
2. It is easy to set up Blogger to redirect links to another site
3. Blogger is owned by Google so it's blogs are automatically indexed by Google's search engine

As a result malware authors are drawn to Blogger and set up 16,000 malicious web pages every day—Google simply can't flag and delete these pages fast enough. It's an interesting phenomenon that is repeated over and over again. Call it the "Windows Effect"—a computer product or service becomes so popular that it becomes ubiquituous and it will inevitably be targeted and attacked by hackers. Just like Windows in general and Internet Explorer in particular have been (and still are) popular targets for hackers, now it's Google's turn. And it's not just Google either. MySpace and Facebook are also popular malware targets. Congratulations guys, you've been pulled into the same infamous club that Microsoft has been trying to kick and scream its way out of for years.

Is AVG Bad For Websites?

A new website called AVG Watch claims that a component in AVG's antivirus product can overwhelm web servers by hitting them hard and downloading pages in an attempt to determine if they are hosting malware that can infect your computer. Another website complains that this component also hurts websites financially by skewing their traffic statistics which affects their ad revenue.

The component is called LinkScanner:

"LinkScanner works with both Internet Explorer and Firefox, and consists of two features, AVG Active Surf-Shield and AVG Search-Shield. AVG Active Surf-Shield prevents you from accidentally becoming infected by drive-by downloads and other exploits, ensuring the web pages you visit are safe at the only time that really matters - when you are about to click the link. AVG Search-Shield works with Google, Yahoo and MSN search engines to deliver a real-time safety verdict on all search results, including search ads, displaying an icon to show the safety rating for each site."

That's a direct quote from the documentation of AVG Anti-Virus Free 8.0 describing LinkScanner.

AVG Watch seems pretty steamed about the practice, comparing comparing it to a Denial of Service Attack. They claim that according to their own tests LinkScanner will download a page it encounters during a Google search hundreds of times more than necessary, leading to a lot of stress on webs servers as the number of people using the latest version of AVG Anti-Virus grows.

This seems like a worrisome possibility for me since I've always sworn by AVG for protecting my computers from viruses and other malware. Recently, AVG has been giving me problems with false positives and now this....

There is one ironic post-script to this episode. I have been using Firefox 3 as my main browser since its second Beta version and right now AVG Safe Search, which presumeably allows AVG to run LinkScanner within Firefox, is not compatible with the latest version of my favorite browser. So it seems that none of this applies to me right now. I'm neither "protected" from accidentally clicking on evil websites and I'm not inadvertantly "attacking" good websites either. Still, it's an interesting issue.