Andrew Breese

Infrequent thoughts of a professional geek

Category Archives: Web Culture

New Firefox and Handy Chrome Extensions, bloat & Security.

Even after reading that my old favouraite browser Firefox is making a comeback, I think it will be a while before I try to abandon Chrome; and the reason is the integrations and extensions are great for security and quality of life. I also think it is best to keep the number of extensions limited, because that in-turn might keep memory bloat down and should limit unknown future vulnerabilities.

  • Fair AdBlocker – a browser ad blocking widget, which is mandatory to me; especially as there are websites where I am very happy to see their ads and you can choose what to see.
  • uMatrix – javascript controller, which lets me block/allow scripts specifically by page and domain. Javascript is a nightmare for good security as it is so easy to exploit, and I’m hoping this widget will make that less likely.
  • a few GoogleDoc related plugins, but not all of them, as each adds bloat. I do love GoogleDocs, sure they lack a few features, but they are pretty amazing.
  • a password manager, I’m not goiung to say which (because while everyone should be using one, I don’t think I should give a hacker an easy start), but its one of the big ones and is excellent in terms of features and ease of use UI.
  • HTTPS Everywhere – which tries to force your browser session to always use the https protocol; in plain terms that means your should be a little safer.

Thats it.

Understand too that enabling widgets and extensions also introduces risks too. Who created it, are they seeing your traffic in real time (like many of the spell-checkers)? What information of yours do they store externally? What if they are hacked? Recommend being smart and using as few as possible.

Back on browser choice – Chrome is plenty fast as is, has a linked ID to my home PC and phone so my bookmarks will sync between devices, and does not crash. The ad blocking and password manager are tools I cannot live without. And although I’ve ony be using uMatrix for a very short time it has already impressed.

One key feature I read about recently was having FireFox tell you if the site you are visiting is also listed on HaveIbeenPwned (via Lifehacker) – such a great widget idea, and one that has been written as a plug-in for Chrome and others for a long while.

I really recommend registering for HIBP too; in fact I registered my families accounts for them.

Happy & safe browsing folks.


xkcd’s ContextBot comic

xkcd: ContextBot. I love this cartoon, but get chills when I think about what it might do if used on blogs such as my own.


via xkcd’s ContextBot commic.

Is the real fallout from the Sony attacks yet to come?

A cancelled film, a company worth of hacked and destroyed computers, stolen personal data, stolen company records, and fear mongering is the first phase of the attacks on Sony. Whoever coordinated this series of attacks has played a very good game so far, and continues to use FUD (fear, uncertainty, and doubt) to channel almost everyone’s thinking. In the face of real violence most people will prefer to play it safe.

I know that I’m certainly not going to do anything to endanger my family; which is where this first phase of the story ends. I’m a little fearful, and I’m watching the news and paying attention. I’m aprehensive about writing a blog post. Good game. You’ve won phase one.

Are changes needed? Perhaps the extreme withdrawal and kowtowing  by Sony is a move by the mega-corp against another of Sony’s dark foes – internet piracy.

The next phase worries me far more because it won’t be about this attack, it will be about the changes that our governments and companies try to introduce to protect us. I’ll be very surprised if governments and corporations don’t wish to further change laws based upon the fallout from these events. Perhaps on the first thought they might be right; some changes are probably needed – Sony was hacked wide open and they have a huge amount of things to fix and recover from. The financial and reputation cost is non-trivial. Geek-types such as myself might have a love-hate relationship with them due to various opinionated view on consoles and games, but the general public think of them as a big movie studio. And that studio just got slapped very hard.

I think we are about to experience in a wider context is these events used as a further strengthening of the arguments for a regulated internet. In my own view the severity of the attacks were escalated when the hackers threatened to do something to the people who when to see The Interview, and then Sony gave permission to withdraw the movie from cinemas. I think this changed the way the public viewed the events, from a company being attacked to limit their profits, to a threat to joe-average-punter.

It is a conflict targeting the balance between our fears and our freedoms. And when the laws are changed to protect against the phase one events it could be at the detriment of our wider freedoms. It is a delicate balance with no perfect solution, but many bad ones.

A superficial rationale is: hackers and their nefarious tools did all this, then (insert country, company, mother’s name) needs to be protected.

I was never going to see The Interview so selfishly I wasn’t fussed that a studio yanked it’s release, or that Sony got hacked in the first place as I wasn’t affected. I am going to be on the internet over the next 40 years, so I am concerned about how much leverage this type of event gives governments to make sweeping changes. Australia (my home) has made changes in law to the powers of police in reaction to both terrorist threats and cyber-threats, and certainly already has some very powerful and uncompromising anti-hacker and anti-terrorism laws.

Yes, I’m possibly wrong too.

Perhaps Sony won’t apply it’s huge financial loss and damaged reputation as a stick to beat the American government with. Perhaps they won’t use FUD to push an anti-hacking (bit torrent, dark-net, etc) agenda any more than they already have. And it’s unlikely that America will be able to directly change Australian internet freedoms soon, … except that most laws past in the US also impact big sections of the internet, and Australia is well known to mimic and support American interests.

(aside – don’t misunderstand that point please – on principal countries working with a unified policy is interesting and can be valuable).

Read the backlog of anti-piracy material from film studios, an the fear around one govt attacking corporations in another.

And then please read widely on the freedom vs security as it relates to both the internet and your rights as a civilian.

And make up your own mind. I’m uncertain, but the FUD is working on me  today. The Sony Hack story is far from over.

Well folks seem to like (bad) PM haiku

I tweeted* a project management haiku recently and my twitter traffic went through the roof – well as through the roof as a change from zero tweets to one tweet can create. I think this is part of the reason why social media carries so much weight – it pays into the stimulation response we get from having something seen and quasi-appreciated.

Like a good doggie, I’ll do it again shortly and see if I get another biscuit**.

Lets not plan for giving up the project manager day job, as it would mean no more snarky tweets about being a PM and I’m under no illusion as to the amount of banter and wind already through into the digital wind

* I really dislike that word as a verb relating to posting content online. Birds should keep this word to themselves, and rise up in feathery rebellion against the human’s technology. Like a Planet of the Apes spoof where all they do is poop on our tablets and eat the phone lines. Rebellion! It is what it is, and the word won’t be changed till twitter dies.

** Yup, it’s Friday down here and I’m feeling tired and strange. Back to the geeky blog posts shortly.

ebay is my curious $2 shop

Over the holidays I wasn’t regularly walking to and from work, and I noticed how it changed my approach to small casual purchases. Previously I’d pop in and out of various stores during lunch breaks and end of day to grab those small widget-things that geeks need to feed their hobbies. Small bags, catches, hooks, cables, connectors, etc. The opportunity to get a small widget straight away was my normal expectation.

Being at home and almost house-bound for the holidays meant that I went looking on the internet. Invariably for each widget I used ebay as a way to see what else is around in a similar vein, and to price the widget.

e.g. The price of importing a bag of 50x Cat5 network cable ends to my house is so much less than what is charged at the tech-chop-shops in the city. It seems at least half, sometimes 5x times less in cost. I now have far more cat5 ends than I think I’ll ever. Thankfully they are really small.

It works exceedingly well for low value items and small things that can be easily posted. For me this is mainly because buying anything unseen is a risk, and buying it from Hong Kong, China, Taiwan, etc are especially risky because there is basically no capacity from Australia to return an item or hold the vendor accountable. It might cost $1 to get a small widget into Australia, but it costs a lot more to get it back to China. That is assuming a refund policy is present and that it would be honored.

It works poorly though for high value items, or items which will incur a large amount of postage. This is two very real crunch points of the distance a large item needs to be shipped and how expensive that is, plus the fact of how much more risk adverse I am when larger amounts of money are involved.

e.g. I’d never buy a high end computer item from ebay. As a purchaser I want a point of local representation for warranty and issue resolution. Or another example of buying power tools, where holding the item is part of the evaluation process. Some tools feel “right” when they are in your hands, and others feel like absolute junk. I can tell by look and feel that something is ok, and nobody can tell from a picture.

The items delivered are sometimes poor versions of what I thought I was getting too. One example was some hair-clips for my daughter, which looked fine in the picture, but were really cheap, nasty, and poorly constructed when I saw them. For a few dollars it was not worth the complaints process.

Lastly and probably most importantly of all is the difference in delivery time for an ebay item. Being in Australia means that most international orders take a very long time to arrive. That means planning or being patient. I guess that is part of the cost of a timely delivery, and something which the old $2 shops do provide. They take the overhead of importing some of the crazy, silly, and junky things that ebay provide and I can get them right when I want to.

A few recently items were purchased from Aussie sellers and that was great – a cabin hook arrived to me for $4 and it saved me walking though a Bunnings or Masters store for 30 minutes plus petrol. Easy communications and fast delivery. The postage might have been a little steep, but we pay a premium here for postage because the post generally always arrives.

For now I have 5x items arriving into Australia from various parts of the world, and I’m looking forward to each little present. Ebay is my $2 shop, and also my own little secret santa as well.

Happy shopping.

Spammers are not quick learners

Across the three blogs that I write, there is a steady stream of spam comments. Anything from 5 to 200 comments a week which are never published, as they go straight to the spam bin. That is entirely normal for blogs. What I find odd is that it seems the same set of spammers are using automated systems to write clearly junk messages, and despite the fact that none of those messages ever get approved as comments they continue to send them.

For years I’ve seen the same junk arrive in the spam queue, and none has ever been published. I don’t even regularly view the spam comments as (a) it is filled so full of junk that finding a false positive is hard, and (b) I’ve never found a comment that was a false positive in all my years of blogging. A cynic might suggest that the real comments are too low; heh.

For me the spam queue is a funny odd place I visit periodically (once or twice a year) to have a laugh about how poor their systems are, and how good the WordPress spam filter is. It is regularly automatically emptied after a month, so it has a zero maintenance effort.

Why do they bother? Why can’t they learn?

I guess it is due to the fact that sending a spam message to a blog costs almost nothing. Principally once the scripts and URLs are loaded a spam engine could sent garbage through-out the internet with no real cost except the outbound data cost. Piggy-back that cost onto some other bulk subscription and its the same argument as spam email: if you “fool” one person in 100 million, then the cost is justified.

What a shitty system, and what an equally terrible model to try and make money.

If the system is more about trying to get back-links to create some sort of page rank then they’re really barking up the wrong tree trying to leverage from my blogs. Heck, I’d guess my blogs would be amongst the most obscure corners of the Internet.

  • Why don’t they upgrade and actually make a more intelligent system which spends more energy/time targeting the soft targets, and strays clear of the harder ones?
  • Include a check for the comment key phrase on the page where it is made. If after 100 attempts and zero positive links, then stop creating the spam to that server for a while.
  • Why is the content so obviously junk when you quickly cast your eyes over it. If the goal was eyeball exposure or to try and fool somebody into clicking then almost all the messages need a grammar and spell check. This junk must be coming from an engine, so have some pride and spell check your work a little.

I could see a system which trolls the internet looking for regular content updates as valuable to them. If the same system also did a verification check for a useful back-link then you’ve found a great little site where the admin is asleep at the wheel, or thinks any traffic is good traffic. The basic logic of how to run a good exploit is not even being used, and that is a good thing, but it also kind of frustrates me.

Heck, if the spammers could click the right links then some of the pay-per-click fee systems might self-implode in a huge waste of money. The scammers get spammed and create self referential pits of useless comments and content.

Perhaps this is an opportunity for a better comment spam system. I’d not ever want to create that software as ethically I think that is worse than putting gambling ads on pension slips. How in hell do you even market software to spam people? …

In an ideal world the rest of the Internet could get on with what we’re up to, and only have to concern ourselves with the background hiss of the wasted bandwidth from all the re-posts and never-read-comments  buzzing through the routers.

Not a bad thing at all I guess.

Goodbye Google Reader

google-reader-cancelledGoogle Reader told me today that it is being turned off on July 1st 2013.  Well fark, that is less than fantastic.

The change affects a few other Google products which are also getting shutdown (techcrunch article src).  The list of also ending was a range of API type tools and some apps that I’d never heard of, and certainly not even close to the size and presence of Google’s RSS viewer.  I’ll be sorry to see Google Reader go because it is essentially what I looked for in an RSS app – simple interface, no overt plugs/ads, integrated to my other info, single login, with a few techie bells and whistles. A slashdotter said, and I agree:

I realize that Google Reader probably did not make enough money, and/or drive enough traffic, to justify its continued existence. But I spend more time on Google Reader than any other website, by a considerable margin, and I’ll miss it.

I’d even pay, if they offered it as a subscription service for a nominal fee.

I’d assume that it “failed” because the revenue was not there from the ads, and a business choice was made to stop giving away bandwidth and functionality for free. This closure opens opportunities for other dev shops to pick up the ball and get some new customers – paying customers. I think it will be easier now for another product to have a small fee for an RSS viewer now that G-Reader is ending. The consumer is being taught that obvious but awful lesson of how much we can really get for free.

Alas I will move my rss feeds – using the Google TakeAway tool to export the information, then import into a replacement.

The wise and venerable nerds on SlashDot (for whom I have only respect and true awe) have made a few recommendations for a replacement: The Old Reader and NewsBlur. I also already use a handy app called Feedly to read my google rss list on my mobile, so perhaps I’ll be set there.

As an overview to these apps:

The-Old-Reader The Old Reader – As a tool it looks to function in a very similar manner to Google Reader. Same clicky-paste subscribe, similar display options, and I’m going to continue to evaluate it as time goes on.

TOR also has a nice UI trick where an item is read once you have scrolled through it, which now that I use it make good sense. Clever folks.

I am suss that a product which Google could not fund, or did not want to carry forward could be replaced by another product and does not have a cost. Interesting.

NewsBlurNewsBlur – is a bit more of a clicky & graphical interface, and I had display issues when trialing it, and then import issues as well. But I’m OK with that – especially as their traffic must be going off the charts as all the Google Reader folks spin and smash new services.

They do offer some good ideas in terms of following and assigning your own tags, and also allowing priority or exclusion of keywords within subscriptions. Good idea there folks, but not at all the speed that ToR or G’s Reader.

feedly-logoFeedly had some of the same issues as NewsBlur when I tried to muck around with the Firefox plug-in, but a few refresh-reloads later and I have a single page view of feeds. Frankly I don’t like plug-ins much, and think it is a 3rd best option. Looks good in a long big screen, and very different from the mobile view.

In my initial test it displayed the generic information poorly and hung right, and a such I could not see how/where to get my Google Reader info into it. Fixed itself though.

Not to say that Feedly can be ignored though, as the interface on the iphone is darn good (I already use it), and they certainly have backing enough to be around in a years time.

Big call for this migration is to consider who will still be in business, as that is why I thought I’d try Google first. My mistake.

So which will win?

No bloody idea. They all have issues in performance now, and that will get better for a bit, then probably worse when all the extra users go over to them. I’d hedge that The Old reader is a good way to go first.

If you get any of them working properly, or have a passionate love or dislike for one, then let me know.

Read more of this post

Kings Landing rendered in Minecraft

Holy insane dedication batman! 100 people, 4 months. Stunning Full image gallery.


Incredible. These folks win at Game of Throne Minecraft. You might need to understand what Minecraft is to appreciate the effort, or be a GoT fan to not think it is a little extreme use of time – I’m both. Impressed. Thanks to Ant for the link.

Pizzainacup on Reddit – It took me and about 100 other builders a little over 4 months to build the whole thing. We estimate theres around 3000 unique buildings, all hand made and all fully decorated on the interior.

The insanity level might be moderate, until I found out that they rendered the interior spaces as well.

And because insanity needs a project, they’re also doing all of Westeros.


I’m a fan of Unsubscribe Now

I’m a fan of useful and clear functions, especially in marketing campaign emails. As such here is a quick rant about how to facilitate Unsubscribe in email marketing.

In short – I love it when an email message contains single click Unsubscribe. Even better when it also contains options to change my preferences without remembering passwords, logins, or asking me to jump through hoops.

A single click unsubscribe is fast when you want to use it, makes it clear that the organisation is (likely) thinking about the user when they send the email, and it provokes a reaction in me where I am likely to stay on that mailing list because I know I can quit at any time.

Conversely I have an option in my email program (gmail) that offers me the choice when a company does not – its called the MARK AS SPAM button. Click, and you’re gone. Forever.

Let the email marketeers ponder which they’d prefer. My choice is easy.

ps. thanks to the fine folks at 10collective who do this well in their email communications. Their mesage prompted this mini-post, so they deserve a back-link as credit.

Lego WH40k Bolter

%d bloggers like this: