Luci Sandor’s blog

During the last days, some millions of Internet users had to update their browser, Mozilla Firefox. Now, with a an universal, operating system-independent browser, we got an universal mechanism for extending the browser and an universal pain - it’s not like when Microsoft pushes once a month, during the night the updates, while keeping the support for those who still use older versions of their software. No, now we can have universal exploits, affecting anything with a mouse and a screensaver, and when you don’t have support for anything else but the last version, everyone is in a hurry to update.

I’m glad I haven’t heard about the millions that downloaded Firefox this time. Maybe Asa and his likes started to understand that more downloads does not mean more users, but more, too many more, buggy releases.

Of course, the extension model changed again, in less than a year, which means that everyone has to update the extensions too, at least with the speed the perpetrators update the fore-mentioned exploits. For me bugs are easier to accept than the lack of planning. Lack of planning creates this kind of impatience, “let’s see, maybe Mr. Hack X finally uploaded the new, working, version of MyExtensionWhichMakesTabsFly” or, worse, the Buridanian dilemma between upgrading the browser or loosing extension functionality, which usually gets the wrong answer, keeping the old extensions.

First troubles started when I tried to update AdBlock, the scary extension that hides ads which are made of JPEG picture files, Flash movies and Java class files. The Firefox checking mechanism assures me that everything is OK with the old AB and the new FF, the official website says there’s no newer version, but some of the ads started to reappear. Then if you read the forums and the bug database, you might believe that AdBlock is practically discontinued and a hero is saving the world with a new extension, AdBlock Plus. Then, if you really dig, you can find an updated version of AdBlock. I’m not questioning the fact that some AdBlock developers got bored, but I wonder who is supporting the aggressive, spam-like, campaign behind AdBlock Plus.

Then, there’s Greasemonkey. This is even more aggressive than AdBlock. It cleans up the text-only ads which are provided by GoogleAds. It can add a Delete button to GMail. And, yes, there’s a a catch with Delete in GMail. On the repository where Greasemonkey script are collected, you can see that the main target for Greasemonkey was Google, sometimes adding a link to Google search on other search engine pages, but usually cleaning up Google ads.

I think there are a few days (maybe weeks) since the new Firefox was released and still there’s no definitive solution for Greasemonkey. With the current, temporary, version, lots of strange error are hurting the user experience. Fortunately, Greasemonkey is based on a model which is not changing monthly , so you don’t have to update the scripts too, but, guess what, these days some of those scripts stopped working. Those are the scripts fixing Google annoyances: “Sponsored links” are back on the pages, there’s no Delete button for GMail etc.

Another front seems to be directly opened by Google through their spyware. Some issues seem to be provoked by the Google Toolbar, a very popular extension which reports to Google whatever you’re browsing. You might not know, but the Google Toolbar which is used on Internet Explorer is self-updating and there’s nothing you can do to stop it (well, except uninstalling it). With the changes in Firefox, Google Toolbar got an update too, and it is different: now it breaks Greasemonkey.

Why on Earth would they do that to the only extension which has a book of its own?

It looks to me as if Google, now the biggest media company on the planet and the biggest ads provider on the Internet, is taking active steps in defending their only source of revenue. Internet Explorer users are already a bunch of non-computer savvy people, which will have to see the ads, but there was a 10% leak in the market share, the Firefox users. It’s easy now, when some of the Mozilla software managers are Google employees, to do whatever you want with the browser, calling it an update or a re-thinking etc., breaking extensions on a weekly basis if possible. The handful of people working on the subversive extensions can be kept away. What would happen after one week is what I’ll call see the splendor of the open source: 1000 new feature requests, 100 bug reports in the informal wording “it doesn’t work”, 10 really good bug reports and no code written. The magnificent community is not moving a finger in fixing the extensions, overwhelmed by the complexity (which is just a wrong impression), by the uselessness (because in a few weeks it will stop working again) and by the laziness which makes OpenOffice.org the most talked about software which nobody uses.

It doesn’t matter, I’m so sick of Flash dirt I’m going back to text-mode lynx browsing anyway. Google can keep the internet for themselves.

PS. What’s the catch with GMail? It’s just that when you are on the web interface, you need two clicks to delete a mail (and even three more if you want to removed from Deleted Items folder too), but you are always just one click away from archiving it. And it’s just that Google claims they are respecting the open standards, but you’d have to try their original POP3 to see it is just a facade - if you download the mail, it is either kept on the Inbox (which makes you use the browser now and then to delete the mails and to feed on the Sponsored links), or deleted without any message-specific command (this option might be useful for those who have a single computer connected through a modem, but, anyway, those people don’t count in advertising industry schemes), or kept in the same omnipresent Archive. I’m not going into conspiracy theories about why Google wants us to keep the messages in the Archive, but you’re free to do it.

While watching CNN, I saw the shutdown box so familiar from Blaster over the TV screen. Soon after that, they stopped broadcasting the regular program and started covering the story on a new virus attacking unpatched Windows 2000 boxes.

It was a weak sign from the digital world which, I believe, is still less important then classic content. I am still assessing the impact of the digital failure on the classic media, and I believe is more of a fuss then of a real impact. Life went on, the rebooted PC’s continued their, while looking for new targets for their infection (multitasking was implemented in Windows 2000, wasn’t it?).

The corporations running on unpatched Windows 2000 presented themselves like they were hiring cheap American CEO’s that saved the 100$ for upgrading to Windows XP and like 10 cents hiring network administrators from India who couldn’t push the updates to the workstations. Included are the already mentioned Time Warner and Coca-Cola.

Some people (including myself) using AdBlock observe that in each page they browse there’s a strange IFRAME loading the address given in the title of this post. Instead of uselessly googling after an explanation, you’d better open the HTML source files. You are not hijacked! At the bottom of each HTML file, Kerio Personal Firewall attaches this JavaScript file that is suposed to kill popups.

Of course, its name is misleading, Kerio does a bad job in advertising this feature, and Firefox does not need a supplemental popup killer. So if you’re browsing with Firefox, you might just disable Kerio popup blocker, from the Configuration window, tab "Web", "Ad block", unchecking "Block pop-up and pop-under windows".

A young girl, Arfa Karim Randhawa, only 9 years old, passed Microsoft certification exams and became the youngest Microsoft Certified Professional (although it seems that Bangalorean S. Chandrasekhar did the same thing). They are great kids and I am not going to suppose that every kid could do that.

It means that those little guys could do things that were reserved to professionals twenty years ago and that people like them could become architects or doctors, but, in their spear time, could improve the Linux kernel or even write new software, invent, create. That puts a new light on the software as value. I believe software would become cheaper, if not free.

There are also some side effects.

As Garner studies already show, IT is not the source for new jobs, and CS PhD should not be something a young man today would want. Future for those who already write software might sound as EA spouse describe it, a long march leading the coder to physical exhaustion because of their low-value work.

It also means that software becomes less important when compared with content. If you’re a biochemist and you write software like Reactome, you would never expect to receive money for the thousands of Perl code lines, but you might very well get paid for the data Reactome uses.

It also means that instead of posting on Rent-A-Coder, you’d better search for the job already done on Sourceforge or Freshmeat. And it also means that those guys lying to their wives or parents about how hard is to become a Microsoft-certified-Robby-the-Robot-clicking-Next-on-friendly-wizards, should stop right now and get a real job.

Some might say that new is better and that the force of habit is a symptom of laziness.

Unfortunately, after an useless upgrade of SpeedFan (an application that may watch your CPU temperature and adjust the speed of the fans accordingly), I remembered how the life before SpeedFan was. I live and sleep with the PC always on in the same room, and SpeedFan came to ease the noise. In addition, I have a buggy (Intel genuine) CPU fan and lowering the fan speed may actually reduce the CPU temperature. A registration process is required in order to get the settings for a specific motherboard and the settings may also be wrong, since they are uploaded by the users.

As an irony, at the first start of the newest version, the applications pops up something stupid about improved support for my motherboard, when in fact it does not adjust the speeds anymore.

I have found an older version of the software here. That’s an external link and it is subject to changes. But anyway, HTH.

On websites such as Yahoo!, login forms use a non standard HTML extension. It is AUTOCOMPLETE="OFF". Microsoft came first with this idea, banking websites have embraced it. Finally, Mozilla Foundation was forced to implement it in an effort to stop banking websites from denying access to Firefox users, qualified as an "insecure browser&quot: :).

You may programmatically re-enable autocomplete using this short script:

for(i=0;i<document.forms.length;i++)void(document.forms[i].setAttribute(’autocomplete’,
‘on’));

To make it easier, just drag this link, Autocomplete ON, to your browser’s shortcut bar.

Thanks to Josef Segur on Opera users’ list.

Even better, you may use Jesse’s bookmarklet: remember password. This is a better version, built specifically for Mozilla/Firefox. To install it, drag it to the same shortcut bar.

Problem: You want to open an attachment from a PDF file using a recent version of the Acrobat Reader, but you get a popup saying that your security settings are against you.

Only Google could solve this problem, managing the mess called Adobe online documentation. Adobe’s web site says you must change the security policy. There’s a long talk about how to fix the installer, but I don’t think you want to go that way.

Solution: First log on as an Administrator, because you need access to a protected registry key. That’s HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\7.0\FeatureLockdown\cDefaultLaunchAttachmentPerms. Its default value looks like this:

version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|

.bz:3|.bz2:3|.cer:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|

.cpl:3|.crt:3|.csh:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|

.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|

.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|

.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|

.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|

.mst:3|.ocx:3|.ops:3|.pcd:3|.pif:3|.prf:3|.prg:3|.pst:3|

.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|

.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|

.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|

.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2

The value will be edited in a hex editor provided by Regedit for REG_BINARY values, but you have to pay attention only to the right half of that editor, where the human readable content is placed.

Look for the offending file extension and fix the digit placed after it and after the colon. It should be 2.

PS. Usual disclaimer. Before modifying registry keys (esp. a REG_BINARY value) backup the original values. Be careful, do not open attachments from untrusted sources.

Supposing you want to mark the build number on your JAR files. Java packages are frequently versioned by changing the filename, but this is an unconfortable method for the administrators trying to deploy the applications. The recommended way is to rename the storage (be it the rest of the URL or the folder on the local disk) and to specify the implementation version on the MANIFEST.MF file.

NetBeans uses the Ant automating tool, taking it to a higher level, automating even the building of the Ant script.

MANIFEST.MF is dinamically built, in part by the JAR tool provided by Sun and in part by the Ant script. In the root folder of the Netbeans project there is a YourProjectFile/build.xml file (the usual name for default Ant scripts), but it is pretty small to be the one in charge. Opening it, you may see that it is just a wrapper for another XML Ant script, YourProjectFile/nbproject/project.xml. The latter is not editable, but you may override some tasks formally declared in project.xml with that purpose.

I decided to insert two fields in the YourProjectFile/nbproject/project.properties, that is two lines:

minor.number=1

major.number=1

The file is editable and Netbeans won’t overwrite your custom fields.

Then I edited build.xml, overriding the -pre-jar or -post-compile tasks like this:

<target name="-pre-jar">

  <propertyfile file="./nbproject/project.properties">

    <entry key="minor.number" type="int" operation="+" value="1" pattern="0000"/>

    <entry key="major.number" type="int" default="1"/>

  </propertyfile>

  <manifest file="MANIFEST.MF" mode="update">

    <attribute name="Implementation-Version" value="${major.number}.${minor.number}"/>

  </manifest>

</target>

This script will increment the minor build value stored in YourProjectFile/nbproject/project.properties and also in the MANIFEST.MF file. I decided that major versions may be changed by hand.

You may try to go further and fix the template that generates the project.xml file. This is /org/netbeans/modules/java/j2seproject/resources/build-impl.xsl in the file named YourNetbeansFolder/ide5/modules/org-netbeans-modules-java-j2seproject.jar.

Ever found yourself trapped with a .LIT (Microsoft Reader) file? E.g., the Romanian Culture Minister decided to use LIT files for the writings of Caragiale (a good writer, dead long before copyright laws were created). You need a reader, which is available only for Windows.

Someone broke the secrets of Microsoft Reader and brought us a .LIT convertor, that extracts the original HTML files and the pictures from the locked file. It comes with the source code, it works on Linux, but there’s also a command line version for Windows.

Have fun.

Colin Percival found a bug in Pentium 4 hardware and reported it (PDF file) in conjunction with his activity as a cryptography developer on BSD.

The flaw allows the existence of exploits stealing personal data. Basically, sharing the CPU cache between the two threads running on the same chip is not safe and one thread (or program) can read the data used by the other thread. Experts say the servers are in the greatest danger, their security certificates being exposed to those willing to exploit it.

The flaw has been discovered in October 2004, but (worse news!) Intel decided this is a minor flaw and decided not to fix it at least until today. Of course, gone are the days of Pentium and FDIV bug and the fierce competition with AMD does not allow Intel to replace the millions of chips already sold, but going on selling buggy CPUs is not a way to win the respect of the buyer.

The software vendors are aware of the Pentium 4 bug. Only the BSD community provided a workaround. Microsoft did not took action and Linus Torvalds said that there’s nothing to care about.

Adding this disgusting disrespect for the client to the 64-bit story (Intel adopted a de facto standard imposed by AMD, but a heavy price on the same thing that AMD sells for 100$), with the new heating standards adopted by Intel (which allow you to cook eggs on the cooler), I know I will never buy Intel CPUs again.

In the mean time, those unfortunate HT-enabled P4 owners should disable HyperThreading. I think there will be no noticeable loss of performance (and that’s another blow for Intel).