Mozilla Open Source Software

GeoLocateFox 0.2 Released

Last night I pushed the bits for GeoLocateFox 0.2. The changes aren’t very many but it’s pretty cool.

  • Add HostIP look up (disabled by default)
  • Add support for newer Flock, and Firefox through 3.0 alpha

Go to the options window (open up the extension manager, right click on GeoLocateFox, and select options) and check the HostIP box. This will send the IP address of the website you visit to the website, and get coordinates if available. This is only used if the site provides no GeoLocation data on it’s own. It’s off by default for privacy reasons. It’s pretty cool.

Next up is a bug fix release for mozPod, no date on that just yet. It’s overdue.

Open Source Programming Security Web Development

Enhancing Security With Nonce

A little while back I read about how WordPress was implementing Nonce to help enhance security. What I like about this technique is that it doesn’t rely on referrer checking (which is faulty at best).

Today I implemented that on a project I’m working on, rather similar in style to WordPress. I think overall it’s a better approach to referrer checking. It seems the nonce approach is actually quite popular on the web looking at commercial sites, but not a technique often talked about.

Well done by the WordPress team. My implementation is pretty similar to theirs (my variables and salting is a little different based on the app) since it was pretty hard to improve upon. Not sure how long to make the Nonce, so I stuck with 10, which is what I believe they did as well. Not sure if I should go with something longer.

One of the great things about open source is the discussion of best practices and techniques. It also benefits closed source projects who can gain influence and knowledge from those discussions.

Mozilla Open Source

The Road To Firefox 2

John Carey and Matt Shichtman have started putting some video up as part of their efforts to document the “Mozilla experience”. Definitely something to check out. and keep an eye on. The first is Mike Connor EXPOSED! (odd title, but likely a better choice than “Mike Connor Gone Wild”).

Hopefully at some point they will adopt the Conan O’Brien “Celebrity Secrets” style and format. That’s right, I want the dirt ;-).

Make sure to check out The Road to Firefox 2, and keep an eye on it (RSS feed).

Mozilla Open Source

Filtering out the Channel Noise

Ben wrote a must read post about public discussion that I think any Open Source developer needs to read. If you’re a Mozilla contributor, read it extra close. It really makes only 1 point (make more discussion open). But it doesn’t really address all the problems that prevent that goal from becoming a reality. I mentioned it briefly in a comment, but thought I’d make a post on the topic of channel noise.

Open Source Personal

Notepad Killer

I’m a pretty pathetic note taker. I’m not great at it, my note management skills aren’t that great, and I take a lot of notes during the day. My computer’s desktop is littered with notepad files all the time. Just ordered and unordered lists of things to do, snippets of code, URLs and other details. It’s a giant mess. I’ve tried various products to organize it, and nothing has worked. It doesn’t really hurt me, but it does drive me nuts. There’s got to be a cleaner way to do this.

Since I have a webserver on my computer at all times, I decided to just install media wiki (the software that powers among other sites) as my new notepad. So far this idea is working rather well. Everything is in one place, off my desktop, and pretty organized. Thanks to being in a wiki, I can link things all over the place rather easy.

I’ve never been fond of the wiki syntax, personally I find it a bit awkward, but I guess I’ll get used to it in time.

I wouldn’t recommend this to anyone but a handful of people. For me at least, it seems to be working rather well. Much nicer than a bunch of notepad files littering my desktop… now if only I can manage to get rid of all that other junk.

I’ll try and post in a few weeks how I feel this serves as a solution to my problem. I have a feeling this will work very well. It’s organized, and in the web format I’m most comfortable with.

Mozilla Open Source Security

DHS helping to secure open-source software

CNet News is reporting that Homeland Security is sponsoring an effort to secure open source software. According to the article:

In the effort, which the government agency calls the “Vulnerability Discovery and Remediation, Open Source Hardening Project,” Stanford and Coverity will build and maintain a system that does daily scans of code contributed to popular open-source projects. The automated system should be running by March, and the resulting database of bugs will be accessible to developers, they said.

And yes Firefox is listed as one of the projects to be scanned. Thunderbird unfortunately isn’t listed, which personally I think would be a good candidate for this project considering mail clients have been used quite a bit as a point of entry. Since it shares common code with Firefox it still gets some benefit. It says the “resulting database” will be accessible, but I don’t know if that means they will file in bugzilla, or host their own database which developers need to visit and harvest from.

Personally I think this is great. Getting open source projects an audit like this will enhance security online, so end users will benefit. Hopefully things work out well, and they expand to cover more projects over time.

A criticism of the project is that this only funds finding bugs, rather than fixing them. This isn’t likely to be as large of a problem for Firefox as there are paid staff working on the project. Perhaps bounties will be put out by third parties? Who knows. Hopefully in the end, these products become better.

Hardware Open Source Software

Ubuntu Live Trial

On Monday, I decided to see if Ubuntu’s Live CD was good enough to work for the week. I put the CD in, rebooted, and said “no Windows until Friday”. Surprisingly, it recognized all the hardware in my Thinkpad T43 (at least all that I cared enough about to notice), and actually did a good job. With 1.5GB of RAM in this monster, it was rather smooth once it loaded. My only gripe is that it didn’t have an easy way to save the session to a USB flash device on shutdown, and allow it to re-init based on that session next restart. If the Live CD was smart enough to do that, it would have been truly perfect.

OpenOffice did the trick, as did Firefox. Really had no issues at all. Printing worked, so did networking.

Live CD’s are definitely useful. Find a computer that doesn’t work in a lab? Just put in the CD, and you can use it without problems.

Really says a lot for Linux. Ubuntu is definitely a great distro, the best I’ve seen so far. Now if I had a bigger hard drive, I’d have a partition for it. Eventually I will… I hope.

Open Source Software

Microsoft Office

Anyone else thing Microsoft Office is way overpriced? Take a look at your options. $149 is Academic (you’d think for that money, you get Professional on an Academic license, but your wrong). The cheapest upgrade is $239.

Wouldn’t mind upgrading to have XML support, but is there anyone who can justify those prices?

Microsoft should be ashamed at their pricing. Thankfully there is OpenOffice.

Open Source Web Development


After seeing Matt’s post that TinyMCE has been integrated into WordPress, I think I’m doing the same to a few things I’m currently developing. I was considering a WYSIWYG tool previously for these projects, but decided against it mainly because of the poor code they often produce. TinyMCE is rather good, but didn’t support Safari. Now that appears to be changing (they are testing and working with Apple). So I really have no reason not to use it right?

It’s a great thing for those who don’t know much (or good) html. Keeps the crud out. Now I need to either find, or write a really good html sanitizing function for php so I can make sure it’s pure safe html. Right now I just delete any tags.

In The News Internet Open Source

Microsoft pushing Sender ID?

Ok, just when I was starting to think that Microsoft may be changing their ways and trying to act in good faith after them fixing their website the other day. Microsoft starts talking about pushing their sender ID stuff on us. Sender ID is Microsoft’s alternative to the other spam prevention techniques such as Yahoo’s DomainKeys. One problem with Sender ID is the licensing, which has caused organizations like Apache Foundation (who oversee the SpamAssassin project), to nix support for Sender ID. AOL has also also dropped support, and looked towards SPF.

I agree one one of these standards is needed to help prevent spam. Personally I think DomainKeys is the most promising of them all. It’s licensing looks like it will be adequate, and it has a fair amount of backing. Google’s Gmail has apparantly implemented SPF and DomainKeys at this time. I think it’s time for everyone to start looking at following their lead. These two technologies look to be the best. And by implementing them, your mail is more likely to get past spam filters. Microsoft is right, it’s time to start acting. But not with their own proprietary stuff.