Firefox Update

Mozilla Firefox is out with version 0.9.3 for Linux and Windows, so I figured I'd try it out here first. These are notes to remind me where I put all the plugins. Everyone else can turn away. Nothing to see here, really.

% su -
$ cd /home/local
# Move the old file out of the way (delete later)
$ mv firefox firefox_91
# Untar source file in appropriate location:
$ tar xvzf /home/local/src/firefox-0.9.3-i686-linux-gtk2+xft.tar.gz
# Fix plugins:
$ ln -s /usr/lib/flash-plugin/flashplayer.xpt
$ ln -s /usr/lib/flash-plugin/libflashplayer.so
$ ln -s /home/local/share/j2sdk1.4.2/jre/plugin/i386/mozilla/libjavaplugin_oji.so
$ ln -s /usr/local/RealPlayer/mozilla/nphelix.so
$ ln -s /usr/local/RealPlayer/mozilla/nphelix.xpt
$ ln ../../firefox_91/plugins/plugger.so .
$ ^D
# Make sure plugins get updated (they should, but who knows):
% rm ~/.mozilla/pluginreg.dat
% firefox &

So far things work fine, except that I don't know what the difference is between 0.9.1 (or 0.9.2 for Windows) and 0.9.3.

A bit later: Apparently this is a security update to fix several bugs which showed up in 0.9.1/2. "Users are strongly encouraged to upgrade." So sayeth Mozilla.

Crying "Cockles and Mussels, Alive, Alive Oh"

OK, this is really wierd. Apparently there are Scot and Chinese cockle-picking gangs, and occasionally they get into fights. Which start when their boats collide:

Cockle pickers rescued after gangs clash at disaster spot

Making It Never Exist

Part two of that Slashdot article I mentioned before:

For some reason, this happens most frequently when I go to washingtonpost.com, but it happens on other sites, too. I click on an article, and get the message

Waiting for doubleclick.net

and then the web page hangs for awhile.

What's happening is that the Post is going to doubleclick.net and waiting for advertisements to load up. Of course, the net doesn't just go to doubleclick, it goes elsewhere as well. And many of those ``elsewheres'' are nothing but annoying ads.

Wouldn't it be great to get rid of those ads? OK, we can use something like Adblock, and I recommend that, but wouldn't it be wonderful to make your computer believe that places like doubleclick never existed? (And, incidentally, decrease worries about your privacy.) There is a way.

Let's go back to the early days of the Internet. There was nothing like the current Domain Name Service (DNS). Oh, each web site had an IP address, but there were no central directories to tell you which IP address belonged to Google (not that Google existed back then).

So how would you have found Google? In order to find things on the Internet, each computer had a file called /etc/hosts. (OK, each Unix-like computer had such a file. I have no idea what other OS called it.) In the /etc/hosts file was a line like:

216.239.41.104 www.google.com

which told your computer the IP address of Google. Of course, this file had to be upgraded periodically by downloading a new file from somewhere, and eventually it got so big that the whole thing had to be scrapped and DNS was adopted. But, the /etc/hosts file still exists, and it's read before your computer goes out to your chosen name server!

This is really quite useful. If you use Google a lot, for example, adding the line

216.239.41.104 www.google.com

to /etc/hosts saves you from having go to the DNS every time you want to do a search. And there's another use:

Near the top of /etc/hosts is a line like

127.0.0.1      localhost.localdomain localhost

This tells your computer where your local computer lives on your local network (even if you don't have a local network). If you try to go to localhost from your web browser, you'll get a message like

The connection was refused when attempting to contact localhost

(Unless you are running your own web server, in which case you'll get your home page.) In this case, localhost and localhost.localdomain function as aliases for the address 127.0.0.1. Any request to go to localhost takes you to 127.0.0.1, and does whatever you tell it to.

Now suppose the webpages you visit regularly connect you to a scuzzy site we'll call reallystupidads.com. You're tired of these ads and never want to see them again. What to do? Remember that /etc/hosts is read first, before the request goes out to the DNS. So add a line

127.0.0.1  reallystupidads.com

to /etc/hosts. Now, when that page you are interested in asks reallystupidads.com send some advertisements, your computer looks up the address, finds that it is 127.0.0.1, and does whatever you've set it up to do. If you don't run your own web server, it does nothing. It's as if that site never existed.

So, what you need is a list of really annoying sites that should be banned from your computer. Of course, this being the Internet, there are many such lists. The one I'm using is Mike Skallas' Ad Blocking Hosts file. Basically, you add it to /etc/hosts. And, frabjous day, there are instructions for doing the same thing in Windows 2000 and XP.

And, of course, once you know the trick, you can add your own annoying sites to the list. Parents can add sites that they want to keep their children out of, e.g.

Hopefully no one will add

127.0.0.1 hawknotes.blogspot.com

The Effects of Spyware

One article on Slashdot (Analysis of Spyware) yields two entries here. First, the title article:

I've mentioned the program Ad-Aware, which locates and helps you remove spyware from your system. OK, what happens if you don't use a program like this, and accidentally/on purpose download a program that results in spyware being loaded onto your computer?

The folks at SANS decided to find out, so they intentionally infected a virtual PC with spyware (look for the heading Follow the Bouncing Malware - Part I and then tracked the results. You can read all about it at the link above, but, basically, it rewrote the Windows registry, changed IE's home page, changed the default search engine, and dropped various programs onto the computer. To see what happens, we'll have to wait for Part II.

RealPlayer 10 Setup

Installed the release version of RealPlayer 10 for Linux. This supersedes the beta version I talked about earlier.

When you download, don't let the name RealPlayer10GOLD scare you, they aren't charging for this player, unlike previous Gold versions.

Had some difficulty getting Plugger to let go of the RealPlayer plugins for Firefox. To do that,

1. If you set up the symbolic links to the plugins as in the beta version post then they still point to the right location. If you used hard links, then you'll have to delete them and relink.
2. Edit the file ~/.mozilla/plugins/pluggerrc, removing or commenting out all calls to realplayer (whether all is a good idea remains to be seen).
3. Delete the file ~/.mozilla/pluginreg.dat. Mozilla/Firefox reads this to find plugins. It only consults the plugins themselves if this file is gone
4. Restart Firefox

So far everything works. I can even watch CBS News videos, which I couldn't do before, probably because I didn't have the plugins set up correctly.

More Power to the Shields, Mr. Scott

The Internet Tourbus () has another good article on computer security, this time firewalls. In particular, they mention the site Gibson Research Corporation, which runs a service called SHIELDS UP!. This probes your computer, DSL router, hardware/software firewall, etc., to see how secure your installation is against hackers. I tried it, and it taught me a few things about security -- specifically, I found that my router was replying to pings, and figured out how to shut that off.

A word of warning -- as they say, these people are going to probe your computer. If you don't want them doing that, or if it's your employer's computer, not yours, and you don't have permission, then don't go through with the test. And, even though I've used it, I'm not going to say that this is totally secure, or even a Good Idea. But it's something you should consider if you are worried that your computer could be hacked. (If you run a business and don't know how to do this for yourself, you should probably seek professional help to do the tests.)

Forgot to Mention: The Tourbus guys have a tutorial on running the Shields Up! tests.

And Don't Forget Your Towel

http://hitchhikermovie.free.fr/trailer_hitchhikers.avi

Anonymous Registration

Just an update to the temporary email address article. If all you want to do is anonymously register for a website, you don't have to do all that much work. The site bugmenot.com collects username/passwords for site registration, and will give them to you for free. If they don't have a login for the site you want, they'll create one for you.

Thanks to The Internet Tourbus for this tip. If you don't subscribe, take a look at the site. It's primarily directed towards Windows users (e.g., how to do the impossible -- use IE safely), but they often have sites of general interest.

P.S. Hope spelling hasn't gone completely to heck. With Blogger's new design, spell check doesn't work here anymore, and I'm not going to cut-and-paste everything into emacs just to do a global spell-check.

Essential Googling

Well, maybe not essential, but http://dmiessler.com/study/google/index.html has a lot of useful tricks for using Google.

For example, did you know that the string (fay | scow) thomas will tell you about sites which mention the only professional baseball player born in Holyrood, Kansas, whether they refer to him by his given name or his nickname?

Mail Temps

OK, you want to see some web site's one and only picture of Ann Coulter voting in a Democratic primary. But, the site requires you register. So you give it the relevant information. They want an email address. But, having seen some of what this site offers, you really don't want them to have your email address. So what do you do?

It so happens that there are two (count 'em, two) choices:

1. mailinator: Tell the site that your email address is, say, sample@mailinator.com. Then, after you submit your information, go to http://mailinator.com/ enter sample in the box, and press go. Any message sent to sample@mailinator.com will show up. You can click any confirmation links they have, and then go look at Ann.
   Two warnings:
   • Anyone who knows email is being sent to sample@mailinator.com can read the email. If you want to keep things secret, use a less obvious name. Mailinator will suggest random email addresses, e.g. puyuvnzgeved@mailinator.com.
   • The mail is only kept for a few hours. This is a Good Thing.
   
   For more information about Mailinator, read the FAQ.



2. spamgourmet: I haven't tried this one. It's a little different than Mailinator. You have to register a username and a forwarding email address. Say your username is samiam. Then you set your email for the above example as, e.g., annspicts.4.samiam@spamgourmet.com. The registration bot sends information to this address, and it's forwarded to you. The "4" is means that only 4 emails can come into this account before it's closed. This would seem like a good way to track who's spaming you, then cut if off before the spam gets to heavy.

The Cookie Machine

When surfing the web, cookies are little blips of information that a web site you've visited stores on your computer. Cookies are good in that they let a site you visit often store your preferences, making it easier to work with. For example, many sites which require registration will save your registration information in a cookie. Cookies are bad because they leave traces on your computer of where you've been. E.g., not that this applies to anyone I know, if you search for some steamy books/videos online, any site which can access that cookie knows what you've been looking for.

Firefox, like all Mozilla (and I suppose all other) browsers, lets you manage your cookies. In Ff > 0.8 you do this by going to Edit => Preferences => Cookies. Here you can examine the cookies on you have stored, delete the ones (or all) you don't like, designate sites which can always leave cookies, and forbid certain sites to leave cookies on your machine.

That's all well and good, but I'd like a slightly better option: There are a list of sites with cookies I'd like to keep, e.g., the Double-Click Opt-Out, various newspaper registrations, SABR, etc. Everything else I'd like to delete just by pressing a button.

And so we have the Firefox/Mozilla extension CookieCuller. It loads just like a regular extension. In Firefox, you then right-click on a blank spot of the navigation tool bar and click Customize. In the box with the icons will appear a large cookie. (It's really too large for the Pinball theme I'm currently using, but never mind.) Drag the cookie onto the navigation tool bar. Now, when you click on the cookies, you'll see list of those on your browser. To the left is a column labeled "Protected". You can toggle the status of a cookie from protected to unprotected. And clicking "Remove All Cookies" does just that -- it removes all cookies you haven't protected. Exactly what I wanted.

Getting Back At Scammers

So you get another email saying,

Dear wondrous Soul,

My late husband/wife/father/mother stole about $15 billion from our local government, and they won't let me take it out of the country!!! Can you help? They'll let you take it out. Really!! Just send me all your account information, Social Security number, a few credit cards, and your firstborn child, and I'll deposit the money in your account. Then, if I can get out of here, we'll go halfsies!!

I'm sure no one here believes these things, though such scams still get bites. (Click on the circled "P" to see the whole article at once.) But wouldn't you like to scam the scammers, get back at them?

No problem, others are doing it. Check out Scam-O-Rama, which answers those annoying emails and strings along the scammers.

Let's Return to Those Days of Yesteryear

Let's just pretend. Suppose it's 1994. During a "discussion" on the Senate floor, the Vice President of the United States suggests that a Republican Senator perform an anatomically impossible act. Not in a microphone, not to the public, but it's heard and reported.

WWRD?. Somehow, I doubt that he would have said that it was "Way Overdue".

I guess the not-so-fat man has a higher tolerance level these days.

RealPlayer

Awhile ago, I tried the Helix Player, an open source version of RealPlayer. I didn't have much success with it.

But now, RealPlayer 10 is out for Linux. It's not free, but it's not obnoxious like some versions of yore. So I decided to try it out. There's an RPM and everything, though for some reason the code goes in the /usr/local tree instead of /usr.

So far it works. I did have to tweak the plugins to get them to run in Firefox, though. The Mozilla Realplayer Plugins are in /usr/local/RealPlayer/mozilla. With my non-standard setup, the plugins didn't get into the Firefox plugin directory, so I did
$ cd /usr/local/firefox/plugins
$ ln -s /usr/local/RealPlayer/mozilla/nphelix.so .
$ ln -s /usr/local/RealPlayer/mozilla/nphelix.xpt .
This works pretty well. The CBS News site lets me play some content within the browser window. However, for some content it insists on launching Xine, which I use to play .wmv files, and then not playing the file. Even though I've set my preferences to RealPlayer.

Browser Updates -- Mozilla Firefox 0.9

I played with the upgrade to version 0.9 of the Mozilla Firefox browser, but couldn't get things to work the way I wanted. Then a bugfix version 0.9.1 came out. I still waited, but then I found that, like most browsers, Firefox 0.8 was subject to this Frame Injection Vulnerability. (Try the test. It's impressive.) Firefox 0.9.1 is supposed to have this fixed, so it's time to upgrade.

Unfortunately, several things have changed going from 0.8 to 0.9.1. In particular, the way Firefox installs extensions has changed, as well as the default theme. The extensions are particularly worrisome. I've been using:

1. mozex, to let me click on mailto: links from the browser,
2. Adblock, to rid pages of annoying graphics, and
3. a fixed version of the RSS Reader Panel, which lets one read newsfeeds from the browser.

Getting all this to work again is going to require a rather careful upgrade, hence this long post.

First, download the new version from Mozilla.org. The default version for Linux comes with an installer, but I want to put the browser in another location, so I clicked on the "other languages" link and found the "no installer" version for Linux. This yields a file called firefox-0.9-i686-linux-gtk2+xft.tar.gz.

I could only get firefox to run from my own account or as root. Since I want to let other people use the code as well, I'll put it in /usr/local as root. So su, cd to /usr/local, and run
tar xvzf firefox-0.9-i686-linux-gtk2+xft.tar.gz

Now set up a link to the firefox executable from something in my path:
ln -s /usr/local/firefox/firefox /usr/local/bin/firefox
(the soft link lets Firefox remember where it really lives)

Launch firefox. OK, problem number 1. I use a script which changes checks to see if firefox is already running. If so, it opens up a new tab on the browser, rather than another instance of the browser. Unfortunately, the new-tab/new-window behavior of firefox has changed. It requires a new script. I modified one from the viewall link on Bugzilla. Modified, it looks like this:

#!/bin/sh
# See http://bugzilla.mozilla.org/show_bug.cgi?id=246168
# and
# http://bugzilla.mozilla.org/show_bug.cgi?id=246168&action=viewall
# If firefox isn't running, launches it.
# If firefox is running, opens requested page in new tab.
URL="$*"
FFOX=/usr/local/bin/firefox
FFOX_REMOTE="${FFOX} -a firefox -remote"
firefox_running()
{
#    $FFOX_REMOTE "openurl($URL,new-window)"
    $FFOX_REMOTE "openurl($URL,new-tab)"
}
firefox_new()
{
    $FFOX $URL
}
if $FFOX_REMOTE "ping()" 2>&1 | grep "Error:" >/dev/null; then
    firefox_new;
else
    firefox_running;
fi

A "now what?" box pops up. Firefox 0.9.1 can import settings from the old 0.8 account, but personal settings have moved from ~/.phoenix/default/wierdstring to ~/.mozilla/firefox/default.something. Since I don't want to move all my extensions and everything, I'm not going to import anything. Click that and go. This gets to the firefox home page. Set my home page where I want it, using
Edit => Preferences > General => Use Current Page.
Note that this changed from previous versions, when it was under Tools => Options.

Resize the window and exit the browser. Copy my bookmarks from ~/.phoenix/... to ~/.mozilla/firefox/....

Restart

Extensions

After getting all the font preferences set (now in Edit => Preferences > General => Fonts & Colors), start adding extensions. To do this, go to
Tools => Extensions => Get More Extensions
The page isn't well organized, IMHO, so click on "All" and scroll through until you find what you want. So far I've installed:

• mozex, primarily so that when I click on a mailto: link I can send mail from evolution. Click on the "preferences" (little check button) by mozex in the extension window. Click the "Intercept mailto: clicks" box. In the Mailer command line, add the string
  

  /usr/bin/evolution mailto:%A?Subject=%S&Cc=%C&body=%B

  This is a slight change from the Mozex FAQ, since we can't seem to find the evolution executable otherwise.
• Adblock. Oddly, this isn't on the extension page. You have to go to the link at the beginning of this bullet, click on Install, the Dev. Builds, and then click on the latest link. Today (3 July 2004) it is Adblock 0.5 d2 nightly 39, but I'm sure that will change. Come back to the Adblock page to update. You can probably ignore the part that says "tested solely on Mozilla..." At least this one works with Firebird.
• The old RSS Reader Panel isn't available, but Sage, based on Reader Panel, is there. Alt-S puts the panel in the sidebar, and options lets you set it up the way you want it.

Note that you have to restart Firefox before an extension starts working.

Plugins

Look at the entrees in the plugin directory of Firefox 0.8. Copy those into /usr/local/firefox/plugins. Note that if a soft link was used in the old directory, you have to set it up here, e.g.,
ln -s /usr/lib/flash-plugin/flashplayer.xpt .

Themes

Firefox comes with a variety of Themes for changing the look of the browser buttons, backgrounds, etc. The current default theme is rather XP like. I kind of liked the old theme, Qute, so for now use that. Go to Tools => Themes, etc., etc.

Hmm. Changing themes seems to wipe out your windows so that you have to restart Firefox. Hope this is fixed by 1.0.

You can create your own themes, but I'm not going to try to figure that out now.

And Done

At least for now. So many browser options to play with ...