Skip to content

Blog

Cleaning up the IP.Board url4short mess

XDebug to the rescue…

The condensed, I-just-want-to-fix-my-site version:

On your server, try:

grep ‐ri \$mds /wherever/your/website/folder/is

to locate the injected code, and while file it resides in. You can then go into that file and remove it.

Also try re-caching all the skins and languages in the Admin Control Panel. Make sure all IP.Board updates and patches are applied to prevent the compromise happening again.

Reset your passwords and keys. Take measures to detect and continue detecting other infiltrations.

My friend Niall Brady dropped me an email, saying that some of the users of his Windows-Noob forums were reporting getting redirected to a spammy-looking site (url4short dot info) when clicking on search results to the site.

The forums run the Invision Power Board (IP.Board) software. There had been some reports of vBulletin boards being hit with this kind of spammy redirect, but fewer suggestions that this was an IPB problem. There had been a patch for a critical IPB issue released in December, but that had, obviously, been applied to the site as part of normal good practice.

Nevertheless, I was concerned. Clicking on a search engine result should definitely not be redirect somewhere other than the result page!

Without evidence that the issue was not limited to one machine, or one connection, however, it could not be ruled out that it was just malware on that visitor’s machine.

» Read the rest of this post…

Protecting your browsing with Certificate Patrol for Firefox

I read this BBC News story about mistakenly issued security certificates recently, which allowed the people with those certificates to impersonate any Google websites and intercept traffic to them. It struck me as quite significant that this particular story made it to &#8216mainstream’ tech reporting.

There is a more detailed, and perhaps more accurate, commentary on this attack on Freedom to Tinker. It perhaps may not have been ‘cyber criminals’ as the BBC reported it when I first viewed the story!

Anyway, given the attention to this issue, I thought it a good opportunity to review this kind of attack against SSL/TLS — the security system upon which we all now depend. More importantly, I wanted to show Certificate Patrol, an add-on for Firefox that would allow you to notice a suspicious change to an certificate and thwart this kind of attack.

The weaknesses inherent in having too many organisations that are able to issue security certificates for any domain are becoming more clear. While this kind of attack is extremely rare, at the moment, ‘at the moment’ is a very poor security response! Hopefully, more awareness of these limitations of the internet’s authentication infrastructure can help put pressure on browser vendors, website owners and CAs to make everyone more secure.

Raspberry Pi

Raspberry Pi logo

In other 2012 gadget acquisition news, I got my hands on a Raspberry Pi this year, too.

Raspberry Pi in box

Ordered in the summer, and only delivered last month, due to the high demand, it is something I have not yet had an opportunity to play with as much as I would have liked. The advantage of having to wait that long, however, has been a beefier 512 MB version of the device!

In the spirit of my recent iPad mini post, here are some first thoughts on the device:

  • It is amazing how much you can do on such a tiny and inexpensive device. With the Debian wheezy build that is the Pi’s default operating system, you have access to almost the same rich range of software packages on any other Debian system. I was able to install Nginx to serve up web pages at rapid speed, and I am quite sure it would be possible to completely replicate Van Patten Media’s Managed Hosting platform that I have spent much of the year working on, even on such a device!
  • It is unashamedly geeky. This will probably be enough to put off some people who have received a Pi, but perhaps who don᾿t have the support in place to best use it. It isn’t that difficult to get started, but you do need to be able to get the OS onto an SD card. For me, though, I like that opportunity that it gives you.
  • It legitimises the hobbyist again. This pleases me a lot. Many great things were achieved by (originally) hobbyist hackers; re-igniting that spirit has huge potential.

There is some irony in that the Pi is, in a number of ways, the polar opposite of the iPad — it is hobbyist rather than consumerist. The Pi gives you complete control but requires some fiddling, the iPad gives you little control but is so intuitive.

I leave this year much more satisfied about the state of computing because of these two devices.

Why? There is now opportunity for both consumer hardware, and hobbyist hardware, to co-exist and complement each other.

Disable ‘New Tab’ Page in Firefox 13

Today’s release of Firefox 13 brings with it more imposed functionality changes to the only version of the browser that we can use, because it is is the only one kept current with security updates*.

This time, it is a brand new, Google Chrome-style ’New Tab’ page. I’m sure it is great for lots of people, but personally, I prefer a blank home page and a blank page when I open a new tab.

To restore the old behaviour, and have a blank new tab, browse to about:config. Accept the warning, then search for newtab. Do not change newtabpage.enabled.

Instead, double-click browser.newtab.url and set it to about:blank.

Disable 'New Tab' Page in Firefox 13

There, that’s how I prefer it again!

* UPDATE: A slight correction — there is a version of Firefox 10.x called Firefox ESR (Extended Support Release) that is kept up-to-date, so that is also an option!

Why I Like Ubuntu’s Roadmap

Ubuntu founder Mark Shuttleworth, on user interface and user experience, and looking at desktop user interfaces holistically:

In the open source community, we celebrate having pieces that ‘do one thing well’, with lots of orthogonal tools compounding to give great flexibility. But that same philosophy leads to shortcomings on the GUI / UX front, where we want all the pieces to be aware of each other in a deeper way.

It’s only by looking at the whole, that we can design great experiences. And only by building a community of both system and application developers that care about the whole, that we can make those designs real. So, thank you to all of you who approach things this way, we’ve made huge progress, and hopefully there are some ideas here for low-hanging improvements too 🙂

This approach is why I find myself most aligned with where Ubuntu is taking the Linux desktop. The changes they have introduced to the UI over recent versions have been controversial — sometimes even breaking with revered Unix-y traditions — but I broadly think they are the right decisions to move the platform forward.

With mobile computing taking the lion’s share of industry attention, who is doing the thinking on innovating the traditional desktop? Ubuntu.

I will readily acknowledge that this kind of traditional desktop computing will probably be less important in the future than it has been in the last decade.

I don’t think that means no-one will want to use a desktop. I certainly don’t think it is a reason to stop innovating.

Un-hide the ‘http://’ in Firefox 7

The recent release of Firefox 7 has brought with it several changes. One of these, is that Firefox hides the ‘http://’ prefix in the URL bar by default.

For many people this is fine and probably a positive changes, but geeks like myself may wish to restore the prefix. (I found it especially annoying when I copied a URL from the bar and the text pasted did include the ‘http://’, when the text I copied did not! I don’t like that kind of inconsistency!)

To restore the prefix, browse to about:config. Accept the warning, then search for browser.urlbar.trimURLs. When you find the setting, double-click on it to toggle it to false. The changes should take effect immediately.

Screenshot showing about:config in Firefox, with the browser.urlbar.trimURLs key shown

That’s better!

Thoughts on Ubuntu’s Unity

Just yesterday, the 14th major release of the Ubuntu operating system was released into the world. One of the biggest new things in the Natty Narwhal release is the new Unity interface — which will be the default interface for the OS. I wanted to take a moment to record my initial thoughts on this new interface direction. This is not, then, a particularly in-depth or scientific analysis, but just a few thoughts on the new interface design that I wanted to share.

» Read the rest of this post…

SRWare Iron — A Google Chrome Alternative

SRWare Iron Icon

UPDATE 2010-06-30: At the time of writing, the Mac version of Iron is not up-to-date and is probably insecure. I have stopped using it for now. Hopefully it can be kept up-to-date and patched to a schedule close to the normal Chromium releases in the future.

Google has come a long way since its humble beginnings in 1997 and now offer a huge array of online services. One of the criticisms often aimed at the company is centred around privacy. From searches you make on the search engine, to the contents of your email if you are a Gmail user — they have the ability to build up quite a detailed picture of what you do online.

Apparently, the Google Chrome browser itself also does various things which may impact privacy. The browser creates a unique client ID which is sent to Google when you do things such as type terms into the combined address and search bar, for example, and if the browser crashes, the technical information relating to that crash is sent to Google.

If you are someone concerned by the implications of this and maybe don’t trust Google very much, you may want to give SRWare Iron a try.

Iron is a browser based on the open source Chromium project which also powers Google Chrome, but with many of the potentially unwanted features that may impact privacy disabled.

This is a great example of open source code working well — it allows you to enjoy the benefits of the Chrome browser (the speed, interface and unique tab-as-process architectre) while side-stepping things you don’t want.

Screenshot of SRWare iron running on Mac OS X

Personally, I am not enormously bothered by the privacy issues and at the moment I’m pretty happy with a Safari/Firefox combination for my browsers of choice, but if you are looking for Google Chrome, without so much Google, this is worth a try.

You can download the browser from the SRWare website.

UPDATE: The Mac version can be downloaded from this forum post on the SRWare site.

Fix ‘Blank Window’ Problem in TweetDeck on KDE

If you’re running the excellent Short-Form “Bird” Social Media Site Before It Went Terrible client TweetDeck on Linux, specifically with the KDE desktop (here version 4.1.1), you may run into a problem where when you start the program, the TweetDeck window is just blank. The buttons at the top and bottom appear, but there is nothing in the window.

To solve this problem, first launch the application KWalletManager by pressing Alt-F2 and typing in kwallet. It should be the first result, so press Enter to start the application.

KWalletManager launch

After KWalletManager is running, start TweetDeck again and you everything should work as normal.

Information Management

All the time we get information thrown at us and managing that information so that you are in control of it and not the other way round can be a real challenge.

As you should know, I have recently started university. If there’s anything you can do that suddenly causes loads of information to be thrown at you, then that is it.

And it all adds up. A brand new email account with lots of stuff coming in, timetable information from multiple places, tasks to add to to-do lists and so on.

So I thought I’d take a moment to share how I’m dealing with some of this information and how I am using the technology available to me to have access to that information (hopefully) wherever I need it.

» Read the rest of this post…