July 21, 2004
@ 04:45 PM
Comments [41]
Changing the Web Browser Used by RSS Bandit

During the most recent Download.Ject Internet Explorer incident [which was significant enough I saw newspaper headlines and TV news reports advicing people to switch browsers] I got some requests from RSS Bandit users to switch the browser used by RSS Bandit since they'd switched from using Internet Explorer due to security concerns.

Torsten and I looked around to see how feasible this would be and found the Mozilla ActiveX control which enables one to embed the Mozilla browser engine (Gecko) into any ActiveX application. The control implements the same APIs as the Internet Explorer control so it may be straightforward to make this change. 

I have some concerns about doing this.

  1. We've had weird interactions with COM interop between RSS Bandit and IE which result in weird bugs like dozens of IE windows being spawned and most recently memory corruption errors. I am wary of moving to an unknown quantity like Gecko and facing similar issues without the benefit of having a background of working with the component.

  2. There's a question of whether we replace our dependency on IE or ship an option to use Gecko instead of IE. Or whether we just ship a Gecko version and an IE version. The installer for the Mozilla ActiveX control is currently larger than the RSS Bandit download so we'd more than double the size of our download if we tied ourselves to Gecko.

I'm curious as to what RSS Bandit users think. Currently I don't think I'm going to add making such a switch to our plans but I am always interested in feedback from our users on what they think the right thing to do should be.


 

Categories: RSS Bandit
Tracked by:
"make money online" (make money online) [Trackback]
« The RSS Traffic and DDoS Meme | Home | What is Google Building? »
Wednesday, 21 July 2004 17:35:56 (GMT Daylight Time, UTC+01:00)
Let's write our own browser.
;)
nospamplease75@yahoo.com (Haacked)
Wednesday, 21 July 2004 17:38:04 (GMT Daylight Time, UTC+01:00)
I've heard bad things (http://nick.typepad.com/blog/2003/11/feeddemon_and_m.html) about doing this involving support problems. I think you could probably implement it as an option in the program without too much hassle and then just warn users that they may face problems getting it to work.

Is the embedding of IE the reason that mouse scrolling doesn't work? If so, then a switch to gecko couldn't happen fast enough!
Simon Steele
Wednesday, 21 July 2004 17:49:21 (GMT Daylight Time, UTC+01:00)
If you discount ActiveX bugs, IE hasn't been much worse security-wise than the other browsers. Now, that's a pretty big thing to discount: there were tons of very bad security bugs caused by ActiveX, so shame on Microsoft and all that (see http://slashdot.org for more on this).

But from a practical point of view, simply disabling ActiveX in the built-in browser is enough to make RSSBandit pretty secure, and it's a lot less work than switching browsers. In fact, you're already doing that so it's no work at all :).
Stéphane Lajoie
Wednesday, 21 July 2004 17:54:00 (GMT Daylight Time, UTC+01:00)
Some of us just plain prefer the many benefits and enhancements of Mozilla/Gecko over IE. I wish I could get Visual Studio to use Mozilla, but that's another story. +1 on a separate Gecko version for those who want it and leaving the default to take advantage of IE <strike>tied to</strike> shipping with Windows for smaller downloads.
Christian Romney
Wednesday, 21 July 2004 18:14:29 (GMT Daylight Time, UTC+01:00)
Its the biggest issue I have using RSS Bandit. The first reader on the block with Mozilla support has got my vote.
Neil Cawse
Wednesday, 21 July 2004 18:20:51 (GMT Daylight Time, UTC+01:00)
Please, please, please get rid of IE.
Jim Stanton
Wednesday, 21 July 2004 18:34:37 (GMT Daylight Time, UTC+01:00)
I think 2 versions would be cool and if you can, modularize the code so that it's easy to maintain either. That way you can go back to being married to IE if your marriage with Mozilla craps out.

I wouldn't suggest switching it outright or eliminating the IE version. Why? IE comes bundled with Windows. If you're having a product that FORCES users to download another web browser (one they may or may not use) then people may ditch it altogether. The only people who will benefit from this are those of us who have switched from IE altogether and to be honest, that is only a small number of people.

I think RSS Bandit does a very good job with IE at it's current state. You can turn off ActiveX and a bunch of other security features so I really don't see how this problem could affect RSS Bandit users unless they love having to turn on ActiveX every time they use it (as I understand it, the setting never "sticks" to allow ActiveX on the web browser).
Jeremy Brayton
Wednesday, 21 July 2004 18:35:52 (GMT Daylight Time, UTC+01:00)
I really like RSS Bandit, but have to admit that it's dependence on IE is forcing me to consider looking for a different RSS reader. I have switched to Firefox as my primary browser because of the recent vulnerabilities. It would be a nice option to be able to use the gecko engine in RSS Bandit.
Matthew Sherman
Wednesday, 21 July 2004 18:58:11 (GMT Daylight Time, UTC+01:00)
Since switching to Firefox doesn't really involve removing IE from my system, I've been happy enough to change RSS Bandit's behavior to open the default web browser (Firefox) instead of a new tab within RSS Bandit. I assume the Bandit is still using the embedded IE control to display content of feed messages, but since this feed is (relatively) controlled, I'm happy enough with this behavior.

If you use the "Single Window" extension in Firefox, the links from RSS Bandit just open a new tab in Firefox and app switching is fast an easy without numerous windows clogging up my desktop.

Having said that, I would switch to a completely non-IE version of Bandit if one were available -- larger downloads don't bother me that much.
Chris Palmer
Wednesday, 21 July 2004 20:46:47 (GMT Daylight Time, UTC+01:00)

IE or Gecko ? Of course neither if you use ActiveX for that matter. Why not use htmllite.dll instead, that 100kb component (whose API is covered in a CP article) that comes with VisualStudio and is IMHO enough for at least 4/5 RSS entries? Just wondering why you guys don't think the obvious sometimes (just like writing your own lil' renderer, but I digress)...
Stephane Rodriguez
Wednesday, 21 July 2004 20:55:04 (GMT Daylight Time, UTC+01:00)
I would ditch IE. As a matter of fact, ditching ActiveX would be better.
d
Wednesday, 21 July 2004 21:14:02 (GMT Daylight Time, UTC+01:00)
It seems a nice idea to change, but you have to be careful if the object models aren't the same. Integrating IE Browser is really painful, now imagine using a similar but not the same browser. Also, hackers will target any browser, as the latest news have report.
Rogelio Morrell
Wednesday, 21 July 2004 21:25:02 (GMT Daylight Time, UTC+01:00)
One for each, please. Mozilla's ActiveX plugin is a drop-in replacement for the IE activeX component.

Not that I'd use a Mozilla version - the option is nice, though.
A Mystery
Wednesday, 21 July 2004 22:05:17 (GMT Daylight Time, UTC+01:00)
I'd switch in a heartbeat. In fact, I'd been considering switching from RSS Bandit precisely because of its dependence on IE.

Much of the security problems *are* ActiveX, so if you really care about user security, ditch that as well.
Deirdre Saoirse Moen
Wednesday, 21 July 2004 22:19:06 (GMT Daylight Time, UTC+01:00)
i would suggest basing the engine used on the user's preferred browser setting in the OS. You would still need to code for both browser engines - but it would add nothing to your download size since you are still exploiting an already downloaded and installed engine.
Patrick Sweeney
Thursday, 22 July 2004 00:13:03 (GMT Daylight Time, UTC+01:00)
I don't think it is necessary to ship a Gecko version, although it's a good idea. I always launch my default browser (FireFox) as a separate window, and I suspect there are other people who use this workaround to use a non-IE browser.

The default version of RSS Bandit should be the IE version, because of its smaller footprint.

James McComb
James McComb
Thursday, 22 July 2004 01:16:25 (GMT Daylight Time, UTC+01:00)
I think it would be a far superior program if you used the gecko based browsing system. However, it does sound like a lot of work. It really wouldn't be a bad idea to have two versions, but it would be double the work in upkeeping them, unless you could create a wrapper that would need extremely minimal updating. I do like that gecko is more towards the w3c standards base though, and currently more secure.
Dave
Thursday, 22 July 2004 04:28:12 (GMT Daylight Time, UTC+01:00)
i see no reason to change unless the change is additive.
farquhar
Thursday, 22 July 2004 04:42:30 (GMT Daylight Time, UTC+01:00)
Leave IE - I dont see a reason to change.
Steve
Thursday, 22 July 2004 04:43:19 (GMT Daylight Time, UTC+01:00)
Leave IE - I dont see a reason to change.
Steve
Thursday, 22 July 2004 06:19:36 (GMT Daylight Time, UTC+01:00)
Do it! At _least_ make an option to use it instead of IE.
Matt Spong
Thursday, 22 July 2004 08:15:54 (GMT Daylight Time, UTC+01:00)
Yes it would be great that RSS Reader could use Gecko engine.
Sebastien Nanecou
Thursday, 22 July 2004 11:30:26 (GMT Daylight Time, UTC+01:00)
Why do so many commenters demand to get rid of IE because of ActiveX vulnerability? Haven't they seen the option in RSS Bandit to disallow ActiveX?

Anyway, I second Patrick's proposal to use the system's default browser, because it implies that the appropriate engine is already installed, and RSS Bandit's setup won't be bloat that much.
Thomas Freudenberg
Thursday, 22 July 2004 13:29:39 (GMT Daylight Time, UTC+01:00)
There are two reasons I have stopped using RSSBandit. The first is that I couldn't use Gecko. I'm so used to using Firfox and seeing the Gecko rendering that it pains me to go back to IE. So yes a separate Gecko option would be great.

(BTW the second issue was synchronisation across my mac and pc, Bloglines deals with this at the sacrifice of offline reading.)
James Bloomer
Thursday, 22 July 2004 13:51:31 (GMT Daylight Time, UTC+01:00)
I'd love to see the option to use Gecko; anything that makes the possibility of having Bandit ported to Linux gets my vote :)
todd slater
Thursday, 22 July 2004 14:34:34 (GMT Daylight Time, UTC+01:00)
Dude, ditch IE. FAST. 100% support; every other RSS reader has either crashed my machine completely or killed the app it was linked to (Outlook - fricken' thing!).
k396@nettally.com (Kelvin)
Thursday, 22 July 2004 14:46:52 (GMT Daylight Time, UTC+01:00)
I've got my RSS Bandit configured to open everything in firefox anyway. Having the option to use it built in would be very handy indeed for me. I don't care whether or not it's the default, but if it's readily doable as an option (even if I have to download the gecko activex component myself), I'm all for it!

-Dom
Dominic Mitchell
Thursday, 22 July 2004 15:25:24 (GMT Daylight Time, UTC+01:00)
FYI: htmllite.dll isn't free to distribute with our OS app. And: it also does not support full CSS, nor tables...
torsten.rendelmann@gmx.net (TorstenR)
Thursday, 22 July 2004 20:02:12 (GMT Daylight Time, UTC+01:00)
Why not make the switch to the new Whidbey WebBrowser control. This might not do much for security but it might solve other interop issues that arise from using unmanaged code. Plus the DOM wrapper could prove useful. Of course using a Beta development environment... but at least it's readily available.
Eric
Thursday, 22 July 2004 21:37:15 (GMT Daylight Time, UTC+01:00)
I wouldn't care much for the gecko version. If you go the route of supporting gecko, I wouldn't drop the IE support altogether (so if you do, you'd have to support both to not loose the current IE users). Although Firefox is nice, not everyone thinks that Firefox is the be all end all browser (not that IE is either).
Ryan Farley
Thursday, 22 July 2004 22:13:05 (GMT Daylight Time, UTC+01:00)

"FYI: htmllite.dll isn't free to distribute with our OS app. And: it also does not support full CSS, nor tables...
"

Who's going to see it anyway? Change the name, and you're done.

It doesn't support tables? Yes, and since when RSS feeds have tables? Of course RSS feeds can have tables but statiscally speaking who cares?

Regarding htmllite.dll, I hope you get the idea though : unlike IE or Gecko, which require at the very least TWO YEARS of work to come up with from scratch, a simplified renderer can be done in weeks (a RTF reader could be just as well by the way, but indeed the idea of losing the html links is too much a constraint). Well you get the idea. That is indeed an appealing project to work on.
Stephane Rodriguez
Thursday, 22 July 2004 23:33:33 (GMT Daylight Time, UTC+01:00)
Stephane,
From my perspective working on a HTML renderer from scratch is a fool hardy endeavor. We have enough stuff on our plates to implement in RSS Bandit without trying to right a web browser from scratch. RSS Bandit needs a fully fledged web browser not a toy application for rendering some subset of HTML.
Dare Obasanjo
Friday, 23 July 2004 04:15:00 (GMT Daylight Time, UTC+01:00)
I just love Firefox/gecko and would love to at least have the option in RSS bandit. I used to be an major IE fan and hated Mozilla, but as the Firebird/Firefox browser improved I am just the opposite.
Scott Willeke
Friday, 23 July 2004 22:03:25 (GMT Daylight Time, UTC+01:00)
I've used a table within a blog post once. Forgive me! Mercy on my temporary moment of weakness!

Also, I don't think renaming a dll to get around the fact that it is not redistributable is viable. First of all, there's the integrity issue. Secondly, it's an open source project. It's not too hard to figure out that a chicken by any other name is still a chicken.
nospamplease75@yahoo.com (Haacked)
Sunday, 25 July 2004 00:15:59 (GMT Daylight Time, UTC+01:00)
Dare,

I think that majority of RSSBandit users are completely ignorant of which browser RSSBandit uses and are happy with what they have. Switching browser now will turn that silent majority into unhappy complainers.

My advice would be to stay with IE as the default browser and introduce an extension that switches browser to Gecko. This approach will satisfy everyone IMHO, both the Gecko addicts and the silent majority.
Don Park
Sunday, 25 July 2004 18:38:06 (GMT Daylight Time, UTC+01:00)
I would love to have the option of using Gecko instead of IE, for 2 reasons:-
* Gecko is faster at rendering pages
* Gecko has better w3c support (eg, css 2, xul)
Makenshi
Sunday, 25 July 2004 21:40:00 (GMT Daylight Time, UTC+01:00)

"RSS Bandit needs a fully fledged web browser not a toy application for rendering some subset of HTML"

Disagreed. 90% of the content is so simple that a simple RTF++ renderer is enough to show it and keep the interactivity. In addition to this, promoting raw content is RSS feeds is really what it's all about. I don't see how anyone can promote javascript in RSS feeds, or any of that typical stuff found in web news sites.
Last but not least, if you can put the renderer you worked on on sourceforge, this could benefit people. And much more than you can think. Simpler renderers, unlike full-fledged renderers, are the best balance of html-based UI along with secure-and-less-prone-to-crash apps.

Stephane Rodriguez
Monday, 26 July 2004 17:12:42 (GMT Daylight Time, UTC+01:00)
Leave IE. I agree with the statement made above: " majority of RSSBandit users are completely ignorant of which browser RSSBandit uses and are happy with what they have".

I just read rss in bandit and when I want to surf I use FF from the desktop. I would hate to see bandit get bloat by trying to add something that is not needed.
David
Monday, 26 July 2004 22:07:45 (GMT Daylight Time, UTC+01:00)
I would like to see FF added as an option. I have essentially made the switch away from IE, but I think choices are good.

Vern
Vern Gill
Tuesday, 27 July 2004 23:54:56 (GMT Daylight Time, UTC+01:00)
The mono project has a .Net binding for the HTML renderer used in Mozilla. Maybe that could be of use. It's open source, works with mozilla, no COM binding etc.
j.houwing@rulesemporium.com (Jesse Houwing)
Saturday, 07 August 2004 20:09:42 (GMT Daylight Time, UTC+01:00)
test
test (test)
Comments are closed.