Peregrine

You might have heard of the new Browzar web browser. Their website claims: “With Browzar you can search and surf the web without leaving any visible trace on the computer you are using.”

Well, it’s just not true.

It’s only a thin wrapper around Microsoft’s Internet Explorer version 5.5 (or later). Since IE stores all sorts of stuff in places on your system without telling you, Browzar can’t deal with all of it. Scott Hanselman has actually shown that Browzar misses the mark on this point.

There are other problems with this, too. For example, this program will not affect any servers that you visit, or any caching proxy servers in between (like at work or a university).

Anonymity on the web is not just about the stuff that’s on your computer, though it’s an important part; it’s also about the things those servers you connect to keep track of and tell each other.

Web browsers such as KDE’s Konqueror, Mozilla’s Firefox, Apple’s Safari (built on/from Konqueror, BTW) and others already support local privacy features. These include Konqueror’s excellent cookie management capabilities and Firefox’s support for auto deletion of cached data. All of these browsers sport these privacy enhancing features, though they have differing approaches and levels of control.

Today, I decided to take a look at a couple of the links that blog spammers have been trying to put up in my blogs’ comments. Most of it actually led to “anti-spam” websites that are actually spam list phishers. This is, of course, very clever of the spammers.

First, they put spam up that includes links to their phishing sites on blogs they troll the net for. This part is very easy, thanks to services like Technorati and Blogger.

Next, “young” bloggers (i.e., those who are still fairly new to the “sport” of blogging), see comments. Either they naively authorize the spam comment, don’t moderate at all or decide to follow the links and check it out before authorizing the comment. If the comment gets posted to the blog, then others who read the blog can fall into the trap. If the blogger decides to visit the pages, they could get sucked in to all kinds of things.

But as I looked at a few of the links, they turned out to cause redirects to either www.abusepost.com or www.spamcop.net (I didn’t make those into links on purpose; DISCLAIMER: GO TO THOSE SITES AT YOUR OWN RISK, I’M NOT RESPONSIBLE FOR YOUR CHOICES). Of course, the vast majority of bloggers, both experienced and just getting started might think that those sites are providing a pretty good service. Looking a little more closely at the form and at the HTML itself reveals that these sites look suspicious. They require your name, email address and website address (which will be the blog that they hooked you at in the first place, for most people).

Were you paying close attention? They require you to provide the exact information spammers want in order to “report” a site that they are already “about to shut down”? Doesn’t make much sense to me.

Do you smell phish or am I the only one?

A word to the wise: Just Say No.

Here are some simple rules for Internet safety, though, they apply (with proper contextual edits) to any online communication:

1. Moderate — Whether it’s comments on your blog(s), forums (which I hate, BTW) or mailing lists. Moderation is currently the most consistently effective way to defeat all forms of SPAM.
2. Never give out your information if you don’t have to — Just because a particular website’s “form” says that it requires your information, doesn’t mean they should be given any. We all know not to publish our credit card numbers online, but it’s amazing how many people don’t understand that your name, email address, street address, phone numbers, websites, employer’s name, favorite color, mother’s maiden name, etc. are not needed by most websites. When in doubt, don’t give it out.
3. The only stupid questions are the ones you do not ask — In other words, ask someone you know who has lots of experience with the Internet, email, spam, security, etc., any questions about specific websites or other items in general. Keeping yourself safe is hard enough to do, but keep trying to do it without the right information and you just might make things much worse.
4. Don’t open HTML emails — If someone sends me an HTML email (and I think it’s worth this effort), I send it back to them with a simple, polite note explaining that for security reasons, I do not accept nor read emails that are not in plain text. Too many people are using stupid email programs like Microsoft Outlook and Outlook Express that have hundreds of severe security flaws when it comes to processing HTML email, alone.
5. Don’t Panic — It can be easy to let fear take over at this point and abandon your dreams of blogging and the “Internet lifestyle”. Don’t worry, it’s not that hard to keep yourself safe. Once you know how to recognize the dangers, it’s easy to avoid them.
6. Think — (OK, this one could sound kinda mean, but it’s not; it’s just a sad truth, so don’t take it too personally) The spammers and the Phishers keep doing what they do because it works. There are just too many people on the Internet who do not think for themselves. You have a brain and I’m sure it functions at least well enough to read this far. I’m sure you have a lot more capacity to figure things out than you might be giving yourself credit for. Being able to think is not enough on it’s own, but with a little bit of knowledge, your brain can be used to help keep yourself, and your loved ones, safe on the Internet.
7. If in doubt, bail out — You don’t have to go any further than you already have when visiting any website or continuing a discussion on IM in a chat room or on a mailing list. You can pull the rip-cord at any time.

I’m sure there are other things that we could put in that list. Perhaps some commenters will try to help me out in that regard. But I think these basics should be enough to get you started.

This is one of my favorite Turkish proverbs:

No matter how far you have gone down the wrong road, turn back.

Four days ago, a new release of WordPress, the blogging software that runs OpenBrainstem blogs was made available. It’s now up to version 2.0.4, which all OpenBrainstem blogs are now using.

There were several security fixes and over 50 bug fixes, according to the announcement on the WordPress website. However, I’ve also noticed a couple of irritating regressions. For example, when managing pending comments, it’s always been possible to click on the text next to the radio buttons at the bottom of each comment you are moderating. This makes it easy to select the action you wish to take for each comment, as you have a larger target for your mouse pointer. Unfortunately, this broke with 2.0.4 and clicking the text no longer selects the bullet.

There were a couple of other patches I had to reapply to the code. For example, if you look at the calendars at my blog, you’ll see that dates with a post are displayed very nicely. This is thanks to a small change I made to the template-functions-general.php file. You can download the patch file and apply it to your own WordPress installation, if you like. Then, I added the posted-day class to the style.css file for the theme that I am using.

There are also a few other tweaks I have made to that theme, and I’m planning a couple more. One thing is that when you view a dated page, the sidebars don’t get their background colors set. A minor bug, but I’ll fix it sometime.

Anyway, there were some other code patches I had to reapply, but it only took about 10 minutes to do. I’m going to get some of these patches packaged up and submitted for inclusion in future versions of WordPress.

Richard K. Miller wrote about the new .mobi top level domain (a.k.a. TLD). Here’s a quote from the post:

Here are my 9 reasons why .mobi is a bad idea:

1. You can already serve mobile content from any subdomain or folder, like mobi.example.com or example.com/mobi
2. You can already use content negotiation. If the browser says “Accept: text/vnd.wap.wml”, then return mobile content.
3. You can already use the “handheld” media type in your CSS.
4. You can already create light-weight, semantic HTML that can be viewed on multiple devices.
5. Since “mobi” isn’t a word, it’s not likely to be in the predictive text dictionary on most phones. A good domain for phones would employ a real word. (Actually .com works.)
6. Without predictive text, typing “mobi” on a phone means pressing 6, then waiting, then 6-2-4. A good domain for phones would not use two adjacent letters on the same key.
7. Phones with QWERTY keyboards are likely to have full-fledged browsers that can view .com websites anyway.
8. Dot-mobi domains are expensive.
9. Browsers like Opera can rerender existing web sites to make them viewable on movable devices.

If you see value in .mobi that I’m not seeing, let me know, but I think it will be a failure. We should as soon introduce a .BestViewedWithInternetExplorerAt800by600 domain so we can keep track of all those web pages from the 90’s.

Number 8 on Richard’s list is the reason why .mobi is a good idea … from the perspective of the registrars who are the ones who pushed for the new TLD.

But why not just .mobil ? I mean, come one, it would be so much easier for people to pronounce, even in a wide variety of languages.

Anyway, I think the addition of .mobi is just dumb. Basically for all the other reasons you already stated. Especially number 6; how irritating.

Reading this newly issued patent, it sure seems like they are talking about a firewall to me.

I first read about this on Bruce Schneier’s blog.

Try visiting Hilton Hotels‘ website with any browser other than IE, Netscape 7 or Firefox 1.0. Argh! It dumps you on a “Web Standards” page and you can’t leave it unless you use one of the “approved” browsers.

I haven’t tried it with any handheld browsers, so if you do, please, post a comment about the results.

Anyway, sites like that are yet another reason why I love Konqueror. It took just 10 seconds to tell Konqueror to pretend to be Firefox 1.0 (on Linux, of course) whenever it connects to “hilton.com”. Presto! No trouble at all. In fact, the whole site renders perfectly.

Well, it finally happened: This morning, I had a couple of SPAM comments on my blog for the first time.

I love WordPress; it’s just so easy to deal with the SPAM. Still, it will be nice when open-source people finally create software that fully neuters all SPAM.

Tonight, my wife Charlotte and I went to the Utah Bloggers Conference. I recognized a few faces of people that I had not met before, since they have their faces on the Utah Open Source Planet.

As for those of you who don’t have your photos up there, yet: some of us (like Jayce^ and herlo and I) would have come over and taken your photo for you so you could get it up there, but we didn’t know what you looked like, so we couldn’t find you.

Next time we can’t find you like that, we’ll have to refer back to your photo…wait, um…

So, get your hackergnotchi in to Gabe (at gabe at gundy dot org).

In case you haven’t heard, Google recently made available a beta for the next version of Google Earth. The big buzz is because there is now a native Linux version.

I’ve seen people talking about the Linux version of Google Earth on the SLLUG Members mailing list. I found an entry on the Fedora SELinux mailing list titled, “Step-by-Step Guide To Creating SELinux Policy for Google Earth“. I’ve seen several other people talking about it already.

But, I was surprised to see that no one whose feed is picked up by the Utah Open Source Planet had yet posted on any of their blogs. So, here it is.

I heard about the new Linux version of Google Earth from my good friend, Evan McNabb via Jabber, yesterday. I downloaded the new Linux version and waited until later in the evening to try it out. Video was a bit scan like on my notebook, but I soon cleared it up.

I’d like to see people comment on their experiences with it, so far. I’ll write more about the things I hear later on.

Well, as many of you have noticed, my blog started causing those who were viewing the Utah Open Source Planet to get an SSL Certificate Authorization dialog, again.

For the time being, I have turned off the convert smileies to graphics option.

It turned out, that I had to also pull up the offending post(s) and resave them to get that setting to take effect in the db, which is strange, since it was dynamic for the site last time I fixed the bug. Oh, well.

As many of you who use WordPress know, it wasn’t until the 2.0 release that WordPress supported having your admin interface portion of the site encrypted. The way that they implemented this feature in WordPress 2.0 was to have two different URLs that you can configure, the blog URL (where visitors see your blog) and the site URL (where your admin interface lives).

The two URL idea was the right way to do it. I benefit from it, as the admin interface is on a different hostname from the blog. Unfortunately, the WordPress developers made a couple of small mistakes in implementing the use of the two URLs and that’s where the bug that has affected UOSP readers comes from.

But, I know how to fix these bugs.

Read the rest of this entry »