Rubénerd!

Just involuntarily updated my Firefox to 8.0. So far so good, though I may need to update my update regiment. Update my update... it's not good English to repeat the same word in the same sentence. Wait, just did it again.

The losing update battle

One of the many cronjobs I have running on my headless super duper Swiss Army Knife FreeBSD server is a script to check software updates on Mozilla's servers. Whenever a new version of Firefox or Thunderbird is released, the script downloads the latest en_gb dmg. I can then go around to all the Macs in the house and install the update.

In Singapore I didn't bother, but with download quotas here and on an ISP that doesn't have unmetered content, it saves a small bundle of transfer which I can then blow on an anime episode. Don't worry, I didn't mean that. True story.

With the latest rapid-release cycle adopted by Mozilla, it seems this "solution" will become increasingly unworkable, and I'll just have the applications themselves download the updates.

The actual update!

As for the update itself, I'm liking the more native-looking widgets on Mac, and it still fits in just fine on my KDE Fedora machines despite being a GTK import. Which reminds me, Fedora 16 needs to be downloaded and installed as well.

I'd also read the horror stories about how Firefox was going to be "hostile" to plugins, but my laundry list of mostly security and privacy related whatsits are running just fine. The only change was the add-on selection screen, which allowed me to disable ones I don't need when Firefox relaunched. Unsurprisingly, I didn't uncheck anything.

A trip down memory lane

For some fun, here are a small sample of posts dealing with Firefox over the years. With this new rapid-release cycle, I think the gap between 4.0 and 7.0 you can see below will become the norm not the exception!

• Thursday 30th March 2006: Universal Binaries for Mozilla Software
• Wednesday 20th May 2009: Testing Mozilla Firefox 3.5 Beta 4
• Tuesday 30th June 2009: Mozilla Firefox 3.5 is out
• Monday 14th September 2009: Firefox 3.0.14 and 3.5.3 announced
• Thursday 21st January 2010: Firefox 3.6 golden brown and delicious
• Tuesday 23rd March 2010: Firefox 3.6.2 fixes that zero day exploit thing
• Thursday 24th March 2011: Mozilla Firefox 4.0!
• Wednesday 28th September 2011: Firefox 7.0

If you've been reading my blog for a while you'd know I'm a huge fan of Taco for Firefox, the Targeted Advertising Cookie Opt-out extension. Running an update yesterday I noticed there are now two different versions: the classic Taco and a new Beef Taco fork. Ugh, too many food puns.

What the heck is a taco?

One of the most perfect foods in the universe. In this context though, it's an extension that does some cool stuff:

Sets permanent opt-out cookies to stop behavioral advertising by 102 different advertising networks, including Google, Yahoo, Microsoft, all members of the Network Advertising Initiative, and many other companies.

The controversy, I think

From what I can ascertain (I hate that word, but it fits) the classic Taco extension developers decided to take their extension commercial and add a lot more features with the 3.x series. The 2.x series which was F/OSS licenced has been forked as Beef Taco for those who find the new terms unacceptable.

I thought the new developer of BEEF TACO was quite the gentleman and civil about the whole thing:

Also, please do not be too harsh on Abine in the reviews. They are trying to start a commercial company and made some (IMHO) bad decisions. That doesn't mean they are malicious or evil, TACO 3.0 is actually a decent product when you take time to understand it. You can read more of my feelings on this ,a href="http://www.velvetcache.org/2010/06/17/forking-taco-2-0">here.

In the meantime, let's keep this a positive, happy place, shall we :-)

Fair enough :).

Features are often scary

Personally I'll be sticking with Beef Taco now, not because of the licencing issue (which I'm fairly indifferent to, that's why I use ZFS on FreeBSD!) but because I'm generally a feature-phobe. In general I feel more features generally degrade the usability of existing ones, introduce bloat, slow software down and most critically they introduce new vectors for exploits. For something as relatively simply as an extension that just sets cookies to opt me out of targeted advertising I prefer keeping things simple

As far as I can tell, the old Taco and Beef Taco don't even have a UI, they just work in the background doing their thing like a studious worker who... eats tacos.

And now if you'd excuse me, I'm off to pack more boxes. I took a break from packing and cleaning to talk about a browser extension I love. Is there a sign of something there?

Related posts

• TACO, Master Password Timeout for Firefox
• My updated list of useful Firefox Extensions

For those of you as addicted to Tree Style Tab for Firefox as I am, there's been a flurry of updates over the last week that address some appearance and functionality bugs as well as improved compatibility with other extensions. Get it!

If only my brain were so easily updated

As of this evening I'm up to the conveniently named 2010.04.02 version and it works great. Curiously I had the Christmas 2009 version of it for months before Firefox told me there was an update, despite the fact there were several intermediary versions and other extensions have been automatically updated dozens of times since then.

Anyway, I used to say NoScript was the only reason I stuck with Firefox, but having all my tabs neatly stacked on the side instead cramming them all under the address bar makes them so much easier to read and navigate. As far as I know Opera is the only other browser that allows you to put tabs on the side, which is weird given I'd think you'd really need it if you're a browser power user.

The screenshot below that I took for this post back in 2009 should give you a pretty good idea as to why I need such an extension!

Some trivia

Wikipedia articles that have trivia sections tend to have template boilerplate stating their existence is discouraged, so I've decided to actively put trivia sections in more of my blog posts from now on.

If you abbreviate "Tree Style Tab", you get TST, which sounds an awful lot like a South Park episode with a dog whisperer, as well as being an acronym for Transition state theory which I learned in high school, and the code for a Hong Kong MTR station. True story.

Macslocum over at O'Reilly Answers is asking people to submit their favourite browser plugins and extensions. No prizes for guessing which one I chose!

First Macslocum's recommendations:

Firebug (Firefox) -- I can't believe this thing is free. It's hands-down the best HTML/CSS testing tool I've ever used. It's also incredibly handy when I can't remember my own CSS naming conventions.

ClickToFlash (Safari) -- This automatically disables any Flash-based elements. But unlike strict ad blockers, ClickToFlash gives you the option of activating Flash on a piece-by-piece basis. So if you want to watch a movie on a web page but you don't want to see the Flash ads, just click the movie element and that Flash-based part of the page will load.

How about you? Which plugins/extensions do you use?

For what it's worth, I also highly recommend ClickToFlash to all my Mac friends using Safari, it improves performance and reliability so much it's as if you've just shoved an extra few gigs of memory into your system for free.

My predicable answer

Without a doubt it'd have to be NoScript for Firefox. The fact no other browser has such simple blocking and whitelisting for dynamic content and Javascript ensures I won't be switching browsers anytime soon.

Frankly, given all the thousands of exploits using Javascript as a vector I'm surprised (and somewhat dismayed) it's such an unusual extension.

[For some reason text fields on the O'Reilly Network always correct JavaScript as Javascript!]

As I've enumerated here many times, I can't use a browser without NoScript anymore, I feel as though I'm in a car without seat bealts, a war zone without a bulletproof vest or a conference without pants when I don't have it. How people think they can be responsible internet users without such software in 2010 baffles me more than... attending a conference without pants. I suppose some people wear business skirts, just not me, surprising though that may sound. Chuck Peddle wears pants, I can tell you that much. And he invented the 6502 for heaven's sake!

If you have an O'Reilly account, go over there now and voice your opinion. Tim O'Reilly, the good O'Reilly, not the sleazy news guy ;).

Relatedness

If you haven't seen my other posts on this subject, I also talk about my other favourite Firefox plugins in these posts: More Firefox extensions and Firefox extensions. I put way too much effort into those pages! Of all the extensions, most are security related.

As well as having heard it from many prominent security experts, from personal experience now I've come to expect there's a trade-off between security and the human need for convenience. Despite there being a slew of faster and more reliable browsers than Firefox I choose to use it for the extensions which make my browsing more secure and private, while accepting that such plugins may break some sites.

I can now add my university email account to the mix: after an interface upgrade whenever I attempt to login to it with the Permit Cookies extensions enabled I can't get past the above screen even if I add the network to my whitelist. It is the first time a site has still refused to play nicely with this plugin even after whitelisting, very weird.

Looks like I'll be setting up my beloved Camino browser to take care of university whatnot. Now there's a slick, fast and lightweight browser!

In the meantime I'll contact the university IT help desk. Given this is the science and engineering campus here I'm sure I'm not the only Firefox and Permit Cookies users here having this problem, at least I hope I'm not!

As you've seen I'm somewhat obsessed with privacy and security plugins for Mozilla Firefox. Since writing my latest list of them, I've installed two more that I'm surprised I didn't discover before.

The first is Targeted Advertising Cookie Opt-Out with the cute acronym of TACO. According to the extension description, it sets permanent opt-out cookies to stop behavioural advertising by 84 different advertising networks including Google, Yahoo, Microsoft, all members of the Network Advertising Initiative, and many other companies. What I love about it is it installs cleanly into Firefox without any configuration required.

The second is Master Password Timeout. If you're like me and use Firefox to remember your passwords for sites, it's critically important you assign a master password by going into Preferences > Security otherwise a malicious user accessing your machine could get your passwords in the clear. Master Password Timeout re-locks the master security device after a predefined period of inactivity which is useful if you tend to leave your browser open for long periods of time. Unfortunately it's not currently available for Firefox 3.5 but I'm hoping that will change, it works great in Firefox 3.0.11 on my FreeBSD box.

All these extensions might seem like a symptom of paranoia, but personally given the Wild West nature of the Internet and how much of my life I spend on it, I couldn't think of using anything else at this point.

A few months ago I lampooned WordPress for it's need to have the term "category" appear within every category URL. It appears I'm not the only one who found this irritating.

For me I wanted to merge all my disparate nonsense blogs into one meta nonsense blog (Rubenerd.com) which would be easier to maintain, then use categories with their own CSS to make them still appear separate. A shrewd, devilish cunning plan worthy of Baldric himself, but alas having the term "category" in all the URis spoilt the illusion.

Original blogs	Ideal new sub-URI	WordPress illusion screwup
Rubenerd Show	rubenerd.com/show/	rubenerd.com/category/show/
Fun Facts	rubenerd.com/nonsense/	rubenerd.com/category/nonsense/
Intranet	rubenerd.com/anime/	rubenerd.com/category/anime/
Studies	rubenerd.com/studies/	rubenerd.com/category/studies/

Fortunately having played with and been disappointed by so many plugins in the past, I've finally found one that works so beautifully I'm thinking of sending the writer a grilled cheese sandwich: the adeptly-titled WP No Category Base. Not only does it work right out of the box, but it also redirects your previous category permalinks which means you don't need to mess with .htaccess files. A beautiful, elegant solution!

As the name suggests this plugin will completely remove the mandatory "Category Base" from your category permalinks ( e.g. "myblog.com/category/my-category/" to "myblog.com/my-category/".

The plugin requires no setup or modifying core wordpress files and will not break any links.

Now I can finally start to import all my other posts. Apparently the anime category gets the most hits here anyway despite it having nothing of value in it! Crazy, grilled cheese sandwich stuff.

I've already figured out how to exclude certain categories from certain places so they act like separate sites with their own styles and whatnot, now I just need to work out the feeds. I know WordPress allows you to generate separate RSS and Atom feeds for different categories, but how do I customise them? For example, add iTunes information to the Rubenerd Show category feed, but not any others.

If I spent as much time blogging and talking about interesting topics on my blog and podcast as I did blogging and talking about blogging and talking, I'd get much more blogging and talking done on my blog and podcast. Wait, what?

My post about Michael Franks was the last to use the SimpleTags plugin. Couldn't think of any other picture to put here!

When I started using it for this blog back in 2006, WordPress didn't have native tagging abilities. The Ultimate Tag Warrior was the most popular third party plugin to provide them at the time as evidenced by the importer available for it in more recent WordPress versions. I chose not to use it because I've never been comfortable with plugins altering my blog's database.

The solution I found at the time was Broobles' SimpleTags which allowed tags to be defined within the text of a blog post either inline or in a block. When the post was rendered the plugin would generate a nice list of Technorati tag links with the rel="tag" attribute so they'd be recognised as such. No muss, no fuss.

ASIDE: All posts here that used SimpleTags have since been mass tagged with the simpletagged tag using WordPress's tagging system. That's right, I have an internal tag for posts that have been tagged in another system. I also had a grilled chicken sandwich for lunch, and I don't hear anyone complaining.

When WordPress implemented tagging support I stopped using SimpleTags, meaning most of my posts from 2006 (and very early 2007) still have them. Fortunately SimpleTags still works even with the latest versions of WordPress so I can keep it installed to generate those links. For example, I can define a few right here:

tags, tagging, simpletags, wordpress, php, plugins, grilled cheese sandwiches, jaffles, software, reviews

That was fun, I haven't done inline tags in a long time!

Even though I've moved over, I can see situations where SimpleTags would still be preferable to using WordPress's tagging abilities. Unfortunately (in my opinion) WordPress handles tags very much like categories in your blog database, meaning if you don't want your tables to get ridiculously huge and therefore take longer to backup, you have to be more restrictive in your tagging. With SimpleTags you can tag a post with as many as you want; I remember on many posts I would include several different spellings of the same word, and with posts about software I'd include a generic name tag along with a more specific name and product version tag.

So I did end up reviewing SimpleTags, it just took 4 years to do it ^_^.

That's a lot of filtered spam!

You may recall I recently gave a glowing review of TanTanNoodles Simple Spam Filter plugin for WordPress. Now that a few weeks have past I thought I'd give an update on how it's working out in real world usage.

After several weeks of adding keywords from incoming spam messages every other day, TanTanNoodle's Simple Spam Filter is now taking care of virtually all my spam messages. By virtually I mean it's taking care of thousands, while Akismet is taking care of a couple. This is a staggering ratio that I never dreamed a filter could reach, and a real sign that a simple, clean, no frills plugin can outperform a much bigger, collaborative commercial plugin such as Akismet.

Below is a quick table I drew up that shows the number of spam messages Akismet and the Simple Spam Filter blocked. While Akismet can be reset, the Simple Spam Filter simply shows the cumulative number of blocked messages, so I simply subtracted the previous weeks total from the one reported at the date shown.

Date	Akismet	Simple Spam Filter	Unfiltered
2009.01.20	4291	n/a	29
2009.02.01	2499	1913	12
2009.02.06	44	2070 (=3983-1913)	1
2009.02.10	12	1767 (=5750-3983)	0
2009.02.24	2	6014 (=11764-5750)	0

Now of course there are several caveats to this table: I didn't bother doing checks at predetermined intervals, and given spam is an unpredictable, living beast the fact one filter did a better job than the over when compared just on one day doesn't give an accurate picture. Still, the overall trend is clear: with some adaptation over a period of weeks to the kinds of messages I receive, Simple Spam Filter is now more effective than Akismet, while using a fraction of it's resources.

To appreciate these numbers, you also have to keep in mind how Akismet and the Simple Spam Filters differ in function. Akismet allows all comments into your blog's database then filters what it thinks is spam into a spam folder. The Simple Spam Filter rejects blatant spam messages outright: these messages NEVER alter your database. What this means in practise is the Simple Spam Filter puts much less load on your systems and keeps your database much cleaner.

Spam instead of baked beans?! So you want spam, spam, spam, spam, spam…

Of course we must also remember that no spam filtering system is perfect and that there are bound to be false positives. Again Simple Spam Filter works great for this because it only filters spam messages with obvious strings of keywords; as you can see in the table this takes care of the bulk of the spam. This means the more intelligent but heavier Akismet is left to deal with the rest of the comments that are harder to discern, and any messages it does flag as spam I can more easily skim through for false positive because there are only a few messages a day instead of a few thousand!

If you are using WordPress on your website, you absolutely want to download and install this, right now! I mean it!

Aww shucks :(

While I prefer to use Firefox and Camino on my MacBook Pro and iBook G3, my sister still prefers Safari on her pretty white MacBook because she says its faster and looks better. I'm under the impression Sharon in Singapore uses all three in different capacities too (I think!). Each to their own, right? ^_^

Well this morning I finally got around to installing a new hard drive in her MacBook and installed Mac OS X Leopard fresh for her. While searching for the usual plugins she uses for Safari I came across one that looked so interesting and useful I was about ready to go onto my own Macs and install it myself: GlimmerBlocker.

GlimmerBlocker is an advertisement filtering system that uses a proxy server on your Mac, which means it filters ads on every application you launch (very cool) and as a bonus it doesn't need to hack anything to work (it's not a haxie to use the Mac lingo).

While it seemed like a great idea, upon installing it on Elke's MacBook and my MacBook Pro (my iBook couldn't use it because it has Mac OS X Tiger), the internet connections on each machine failed and we were presented with the cryptic error message shown above upon entering our System Preferences screens.

As it turns out, when the application activated itself it changed the proxy settings on the machines automatically, so when it failed it blocked any internet network requests. By doing so, it seems it also blocked its own attempts to connect to its own server to download the appropriate files. A Catch 22 perhaps? I'm not Bill Kurtis.

The only way to get internet back on our Macs was to uninstall this plugin and restart Mac OS X. Fortunately the GlimmerBlocker folks had good instructions on how to do so on their Trac wiki.

It's a shame, the premise for GlimmerBlocker was intruiging and the features looked promising. Perhaps the next release will work, but I'm somewhat nervous about trying again considering it failed so verbosely on two seperate machines.