Bloglines Is Broken (for me, at least)
UPDTE: but they are working on it! See my comment below
Dear Bloglines people. I have a problem with this sentence:
"You might have noticed a few fancy little changes we’ve made to your feed tree on the left pane today."
My problem is that the ‘little’ change I’ve noticed is that it no longer works for me at my place of work.
My browser (Firefox 1.5) has JavaScript enabled and most of the time it works just fine. However, there are circumstances where it will not work. It’s the same kind of scenario that broke access to Blogger for me a while back (please do read through the comments there). But to summarise:
- For my company, and many others who use off-the-shelf 3rd party firewall products, certain JavaScripts do not get executed
- I see this an awful lot with AJAX apps that fail to work and many sites that use JavaScript libraries (e.g. a site using lightbox.js works fine, but since they upgraded to lightbox.js v2, which uses the scriptaculous library, it fails)
- If the page contains a
noscriptalternative, it doesn’t get used - because I do have JavaScript, just some of it is getting filtered
In this instance, it’s a reliance on the dojo framework that is the problem:
Specifically, here’s the problem:
<script type="text/javascript"
src="/js/r73/dojo/dojo.js"></script> <- BLOCKED
<script type="text/javascript">
dojo.setModulePrefix("bl", "../bl");
//"WHAT’S DOJO?" BROWSER THINKS
</script>
<script type="text/javascript"
src="/js/r73/bl/dnd.js"></script> <- ALLOWED
<script type="text/javascript"
src="/js/r73/bl/tree.js"></script> <- BLOCKED
<script type="text/javascript"
src="/js/r73/bl/myblogs_subs.js"></script> <- ALLOWED
I highly doubt that after these upgrades my lone dissenting voice will make any difference, but I can but try. This is increasingly happening and it amazes me that developers are unaware that their web apps can be fundamentally broken by some firewall security policies (I was speaking to PPK at this year’s @media about this very topic and how so many JavaScript developers don’t know of this). They need to test these JavaScript-dependant pages/apps against more scenarios, and that includes instances like this where firewalls stop what they believe might be harmful pieces of code.
My only option now is to ditch Bloglines completely and move to another web-based service that I can use at work and at home. Bloglines has been my lifeline to news updates that I’ve come to rely on, but these updates have killed the service completely for me. So, if you have a recommendation for a service that does a similar thing, please add it to comments. At least I have the option to export my Bloglines subscription data to use in another web-based service rather than start from scratch, but I’ve gotten so used to the way Bloglines works that it’s not what I really want. Bloglines just worked. But now it doesn’t :-(
[Apparantly if I add the phrase bloglines freedbacking you’ll see this. And when you do, I’d appreciate your comments].
on September 29th, 2006 at 1:49 am [link]
Hello,
To help reproduce this, do you have any more information on what firewall product your company is using to block javascript files? Do you have any information on what is triggering blockage?
Thanks,
Paul Querna
Bloglines Engineer
on September 29th, 2006 at 1:58 am [link]
same hre, it no longer works in firefox, IE only here
on September 29th, 2006 at 5:05 am [link]
I switched a while ago [1], although for non-firewall reasons.
[1] http://www.thewatchmakerproject.com/journal/345/review-newsgator-online
on September 29th, 2006 at 5:26 am [link]
Matthew, quick question - do you need to login via https to view feeds? You have to to register via https but, predictably, that’s also blocked to me (and for a lot of corporate environments). After all, if it’s encrypted, the sysadmins can’t monitor if someone’s doing something they shouldn’t be.
on September 29th, 2006 at 7:26 am [link]
No - I’m using newsgator now and it’s not https.
on September 29th, 2006 at 2:29 pm [link]
I’m having the same problem, with Firefox 1.5.0.7, and I’m not behind a firewall.
on September 29th, 2006 at 2:50 pm [link]
Are you using greasemonkey and the blogleft.user.js script by any chance? If so, try fetching a new version from http://sniggle.net/dave/blogleft.user.js - that might help.
on September 30th, 2006 at 10:15 am [link]
I’m surprised there isn’t a non-AJAX way to do things. You know, like Gmail have — so you can still get your mail in some internet cafe still running IE5 in Outer Mongolia or something.
on October 5th, 2006 at 1:08 am [link]
@David Gross, no I’m not using anything like that - I do have other extensions on it, but it’s not a Firefox problem, it’s a firewall stripping suspect code problem, so I get the same result whether I use Firefox, IE, Netscape etc.
UDATE: The tech support people at ask.com (who own Bloglines) are looking into it and have kept me updated, which is a refreshing thing to learn:
This is encouraging, but I must say that I wonder about the logic of using frameworks at times like this. What Bloglines does is really quite simple and if they had hand-rolled their own code to do the job it would make dealing with issues like this so much simpler (because they’d know exactly what they cshould or should not touch). I realise that it is a free service and so I can’t stamp my foot too much, but it’s more of a grumble about developers in general reaching for a framework to achieve a certain aim when 95% of the code is not used or needed (and there’s a *lot* of code that the client needs to download).
There simply appears to be a general lack of awareness of some of the issues where corporate users are concerned. Here are some others that affect me (and others in similar circumstances):
- IP address blocked. For security reasons, of course. After all, who knows if the ip address is for a Russian porn site or for something completely innocent (for example Google cached pages)
- Access to sites via https blocked. While the sites that use this are generally going to be legit, access is usually blocked for reasons of ‘big brother being able to watch you’. It’s no secret that the security departments have the ability to snoop on employees if they so desire, and I have no problem with that, but if things are encrypted that makes it difficult for them. So they get blocked. In most cases, I believe, the requirement for a secure login is needless. Amazon allow the option to sign in using a ’standard server’, so why can’t others?
And here’s the weird thing - one of the commentors (Olly) said that Newsgator doesn’t use https. Well, it does. It may pass back to non-secure server after authentication, but in logging in it does go to https, thus making Newsgator a non-starter for me (even though I have signed up at home and imported the OPML file from Bloglines).
So the point of this comment is to remind what few people get to read this that you *do* need to consider these kinds of things - avoid IP addresses, use JavaScript unobtrusively and ensure that your pages work without that behaviour layer and don’t force an https login unless you really have to (or provide an alternative route in). Otherwise you’ll reduce the visitors to your site by the thousands.
on October 17th, 2006 at 3:42 am [link]
[…] Bloglines Listening to its Users? I little while back I posted on my personal site how a recent update to Bloglines had caused it to stop working for me at my place of work. The title was Bloglines Is Broken (for me, at least), but it turns out I wasn’t the only one having issues. In doing the update the ‘wizard behind the curtains’ had also managed to break access to the service for screen reader users, as noted on Blind Access Journal. I wasn’t alone! […]
on October 20th, 2006 at 1:07 am [link]
Ian,
Just a recommendation. If you have Java available on your computer at work, check out BlogBridge. It’s a cross-platform desktop feed reader that syncs its subscriptions (and article read/unread states) through a free online service, giving you the benefits of a web-based solution (synchronized access everywhere) with the solid UI of a deskop app. Free and open source.
on December 4th, 2006 at 1:53 pm [link]
Ian,
Isn’t there a way to save a user script for the site that will give you dojo support?
on December 4th, 2006 at 3:55 pm [link]
Nope - the issue is that the dojo.js file won’t make it through the firewall, so I can’t work around that at all, I’m afraid :-(
on December 4th, 2006 at 4:00 pm [link]
I was thinking along the lines of configuring Firefox so it would have the dojo fw already present when loading the page. I should think that Greasemonkey could do that for you somehow. https://addons.mozilla.org/firefox/748/
on December 6th, 2006 at 1:00 pm [link]
Why would a firewall block certain Javascripts? How does the firewall determine whether to block a script or not? Does it look at the filename of the script or does it parse its contents?
IMHO the firewall is broken and not bloglines…
on December 6th, 2006 at 5:56 pm [link]
Different firewalls do different things, Tom. Some block based on regExp conditions (sometimes falsely) and they usually parse the .js file to see if it’s trying to make certain JavaScript calls. The firewall is configured as per factory settings, so my point is that if it’s happening to me at my place of work, it almost certainly is at others. But, the point that you’ve overlooked really, is that Bloglines does something that is essentially quite simple. A news reader could work without complicated JavaScript. It always used to for Bloglines.
on December 7th, 2006 at 2:03 am [link]
It is a more general issue, not covering just Bloglines, but every Ajax-powered product. In particular, Ajax based feed aggregators (aka Start Pages) doesn’t seem to be awared of degradable and unobtrusive techniques.
I suggest you take a look at the MIX (http://mix.excite.eu), the start page I’m developing for Excite Europe. It is conceived as a degradable product, so users will still be able to navigate it when js is disabled. We’re still in beta, I hope to complete soon this concept. But in a rough way, it is already active.
on December 7th, 2006 at 5:10 am [link]
Thanks for the heads-up… our organization is starting to adopt the dojo framework and this helps me go into it eyes-open.
Also found this blogpost http://brianmriley.com/blog/?p=8 related to dojo and firewalls not playing well together.
on January 12th, 2007 at 5:57 am [link]
[…] - Using a sledgehammer to crack a nut: Ma.gnolia’s case. - Blogger: Can I get in please? - Bloglines is broken! (at least for me) […]
on April 26th, 2007 at 2:28 pm [link]
I am using Firefox 2.0.2 now and sometimes get the same problem. I don’t have that problem with IE. I always thought it was Firefox problem. But thanks Llyodi and others.- I know what is the problem now.
Regards
on July 18th, 2007 at 10:39 am [link]
Actually I had the same problem with Firefox 2.0.0.4 but Opera was fine.
Login via http://www.bloglines.com/login didnt show up the feeds list in the left pane. So I use https://www.bloglines.com/login again and everything is ok again.