MJR's slef-reflections

  1. RSS feed
  2. By Date
  3. By Topic

  4. End of this blog!

  5. End of LugRadio!
  6. Firefox 3, day 10: security flaw 2, more banks, looking for a new browser
  7. Firefox 3, day 6: security flaw and banks
  8. Firefox 3, day 3: first impressions
  9. 7 Reasons Why Firefox 3 Download Day Sucks
  10. Forthcoming (and past) Events News: LUGoG, BikeWeek, HacktionLab, SPI
  11. Warning for Webmasters: Friday 13th ahoy!
  12. More driving and cycling
  13. Online shopping

photo Mostly news about cooperative work, free software projects, business, satellite TV and cycling around Weston-super-Mare. I'm also writing on CyclingFans and WsMForum.

End of this blog!

Mon, 14 Jul 2008 11:02:09 +0100

This blog has moved on to software cooperative news - please click through to continue reading.

Be the first to comment.

Tags: life, software, web.

End of LugRadio!

Thu, 03 Jul 2008 12:57:21 +0100

Just read on Farewell LUGRadio? [theangryangel] and Ashes to ashes, dust to dust... Lugradio is at an end [sungate] that the most famous UK Free Software podcast is ending at the end of this year. I don't know the reasons yet, but it seems a shame.

I've been listening again since they proved me wrong and sorted out the dumb licensing terms so it's clearly legal to cut the shows up and only copy the bits that interest me, and Season 5 seems more interesting than previous ones. Then again, I enjoyed Red Dwarf VIII, so what do I know? (but VI and VII did drag a lot)

Maybe I will go to Lugradio Live 2008 in Wolverhampton on 19-20 July now I know when it is! (Why is the date only as a large slow graphic on the event page? D'oh! (Yeah I know I should have emailed them, but I had [an unfun experience with the show, so I'd rather shout this in public. Wow. I guess I'm still unhappy about them regressing to school playground name-calling.))

There are some suggested alternatives on theangryangel, but most are more Ubuntu-centric (which wasn't a good thing about LR), non-Ogg and/or non- European, so it looks like I'll give LinuxOutlaws a try. Any other recommendations?

1 comment.

Tags: software, web.

[Firefox 3, day 10: security flaw 2, more banks, looking for a new

browser](Firefox_3__day_10__security_flaw_2__more_banks__looking_for_a_new_browser.html)

Fri, 27 Jun 2008 20:45:44 +0100

Well, I was hoping to get Yet Another Blog Reorg done before posting this, but it just hasn't happened, so here are a few more thoughts on Firefox 3 on this ol' blog. In fact, I'll probably finish the FF3 series here before I switch over.

I was in central London on Tuesday and suffered both the rudeness and the black snot (which no-one else I know seems to suffer) so maybe that's why I've been underachieving this week. I've had London lethargy.

I had a report about online banking that doesn't work with FF3. NPBS will move into the hall of shame, sadly. I'm almost certain I warned them months ago that their online banking was doing Javascript stunts that aren't going to work forever. I emailed them and haven't heard back since.

Back to the browser: I share the contempt for the Firefox 3 and SSL problems and I like the new URL bar too. However, I am finding the FF3 seems to use more CPU (and so power) than FF1.5 and there seems to be some frustrating delays in FF-clipboard communications, so I'm looking at other browsers. Conkeror looks interesting. Still Gecko (useful for work) but stripped down.

I spotted another post about microformats, which I mentioned in my last post, about the BBC dropping support for microformats [John Resig] and I also noticed just how good SVG and Minimalist Markup looks in FF3 [Sam Ruby] - I'd love to try it, but my IE-using clients probably wouldn't understand and I hate making single-browser special editions.

2 comments.

Tags: banking, life, software, web.

[Firefox 3, day 6: security flaw and

banks](Firefox_3__day_6__security_flaw_and_banks.html)

Mon, 23 Jun 2008 11:23:01 +0100

I didn't spot this when I wrote my last post, but it seems there's a security alert for FF3 already - hackademix.net: Firefox 3 Untimely Security Advisory - but it also affects FF2 and probably my cautious Javascript settings are enough to stop it anyway, looking at that report.

I've also been sent another update to the page on Online Banking with GNU/Linux, Firefox-based browsers or Free Software (first direct plus using ActiveX) - I wonder if any bankers will be noticeably slow to allow FF3 and will any of them cite this security flaw? I hope not - UK online banking security is hardly in a good place to throw stones.

I was mildly surprised that the list was linked from Ashley Highfield's BBC blog on Testing Linux Ubuntu but I've no idea why he doubts the list's accuracy! It's as accurate as its contributors - most of whom I name - and I'm willing to put my name to it too. That's better than Wikipedia, which the BBC uses far too much IMO. Would he trust the list more if it was anonymously-edited on a public site? Anyway, I guess I should move that list to a more permanent location soon.

Previous FF3 parts: Firefox 3, day 3: first impressions and 7 Reasons Why Firefox 3 Download Day Sucks

Be the first to comment.

Tags: banking, software, web.

[Firefox 3, day 3: first

impressions](Firefox_3__day_3__first_impressions.html)

Fri, 20 Jun 2008 14:24:30 +0100

Previously, I wrote:

Seriously: the browser looks like a big improvement from Firefox 2, but there are so many niggles with this download day idea...

In reply to Open Sesame » Did you download Firefox 3?, I answer "Yes". It was a major upgrade for me, requiring new versions of Cairo and GTK+2, and installation of DBus-GLib on my GoboLinux computer, which brought in new versions of Xorg and so required a recompile of my GNUstep desktop applications.

Once that was done, Firefox compiled unattended. As noted by Adam Sampson in the comments on my last post, even after building from source, you still get all the obnoxious click-through EULA and when you type about:config into the address bar, you get a "no user- servicable parts" sort of notice, which really sucks. I notice that MozCorp don't call it "100% Open Source", preferring instead Firefox: 100% Organic Software (because we need another marketing campaign for free software, right?), so I expect I need to winkle out the restrictively-licensed parts again - GNUzilla, there's still demand for your good work!

After day 3 with Firefox 3, what do I think of it? Well, it seems a lot faster and a lot less RAM-hungry, and I'm quite impressed that all of the fancier bits of Koha and Wordpress seem to be working nicely but while I'm not annoyed enough to switch browsers yet (unlike FF3 and Safari - DrBacchus' Journal), there are still a hell of a lot of niggles and interface bugs. Some of the problems may have been introduced in Firefox 2, but I didn't actually use that enough to notice. My day-to-day browsing for the last year or so has been on a customised Firefox 1.5.

The FF3 user interface has some big steps backwards from FF1.5: in particular, I've lost the "force pages that try to open new windows into the same window" option (or whatever it was called... I can't find the FF1.5 manual online anymore); some keyboard shortcuts have changed - for no good reason that I can see (JavaScript has switched from Alt-E n Alt-S to Alt-E n Alt-J, for example); what on earth is the history drop down doing next to the "Go Forward" arrow?; and the button to close a tab is on each tab, so I need to be careful to miss it when trying to switch to a tab and my pointer makes a pointless detour to the top-right when I want to close a tab.

It's not all bad on the interface. The new RSS feed and bookmark links in the location bar are much better than in previous versions. The bookmark tagging and auto-generated folders could be a great idea once I've used it for a while.

I'm pretty annoyed that Firefox 3 seems to come with some spyware enabled as default. I usually have cookies either switched off or set to "ask me every time" so I was surprised to be offered a cookie from safebrowsing.google.com! I know it's for a noble goal, but what's this doing enabled without asking first? Untick the "tell me if the site I'm visiting is ..." options in Edit: Preferences: Security if you don't want details of your browsing to be sent to the USA. Another thing which really annoys me is that the Firefox support site requires javascript and seems unhappy with my cookie settings. Not cool.

Other than that, the main problems with Firefox 3 are omissions rather than bugs. For example, Microformats [Alex Faaborg] support was one of the long-trumpeted new features in Firefox 3, but they're really not obviously included, as noted by others in posts like Firefox 3 is here - where's the microformats?

And finally, searching mozilla.com for firefox returns 0 hits, which is a bit strange... are they ashamed of it?

8 comments.

Tags: cooperatives, koha, software, spi, web.

[7 Reasons Why Firefox 3 Download Day

Sucks](7_Reasons_Why_Firefox_3_Download_Day_Sucks.html)

Wed, 18 Jun 2008 14:06:57 +0100

![Download Day 2008](http://www.spreadfirefox.com/sites/all/themes/spreadfirefox_RCS/images /download-day/buttons/en-US/180x150_02.png)

  1. It's every where on TV and in print, even in Esperanto, which doesn't even have an official translation - only a third-party add-on Esperanto language pack.
  2. It was late even for the US and after most of Europe finished work AFAIK.
  3. There's no official bittorrent.
  4. There's no link to the source code from the main download page as far as I can tell. It may be mostly free software, but it feels like MozCorp don't want pesky users changing things.
  5. It brings more changes for webmasters (which is another reason I code to standards whenever possible, but I bet some of the free software web applications we use will need upgrades).
  6. It might be the "most stupid world record ever" (or at least useless) and comes just as some browsers move away from the Gecko engine.
  7. ...and all this irritation came before I've even built and installed the damn thing!

Seriously: the browser looks like a big improvement from Firefox 2, but there are so many niggles with this download day idea...

10 comments.

Tags: cooperatives, software, spi, web.

[Forthcoming (and past) Events News: LUGoG, BikeWeek, HacktionLab,

SPI](Forthcoming__and_past__Events_News__LUGoG__BikeWeek__HacktionLab__SPI.html)

Mon, 16 Jun 2008 15:05:41 +0100

LUG of Glastonbury meets at Tor Leisure in Glastonbury at 7pm tonight (Monday). It will be a general planning meeting, maybe with some GPG-key-signing and other tasks. If you want the LUG to show you something in particular, this will be a good event to attend.

This week is BikeWeek 2008 and there's a free cyclists breakfast at the Victorian Cafe on the Weston-super-Mare seafront about 8am Wednesday morning. For events in other areas, stick a partial postcode into the BikeWeek event search.

Someone from The Doon Of May was at Hacktionlab 2008 @ Highbury Farm this last weekend, as were Bristol Wireless, who were running the wifi.

I've not seen an official announcement, but SPI's board meeting will be on Wednesday at 8pm UK time (1900 UTC), according to my last meeting report.

I've heard through BBLUG that the notorious Shevek is co-organising an event called "An Adventure in Technology" at Trinity Community Arts in Bristol on 28 June 2008. It's a follow-up event to the 2003 Bristol Linux and will be an all-inclusive event where everybody is encouraged to bring something along, talk about it, swap ideas, and build things on site. It doesn't have to be Linux-based, but a lot of things will be. The event web site is http://www.techadventure.org/ and you should post there if you have an idea or want to run a session. There will also be a list for people who decide on the day that they want to give a talk.

1 comment.

Tags: cooperatives, life, spi, travel, web, wsm.

[Warning for Webmasters: Friday 13th

ahoy!](Warning_for_Webmasters__Friday_13th_ahoy_.html)

Thu, 12 Jun 2008 16:18:11 +0100

Personally, I like Friday 13th. It's usually been pretty good for me. But for this one, I won't be surprised if computer abusers are planning some big attack tomorrow.

I've just spent a big chunk of my day upgrading and securing some of the websites that our free software cooperative supports for a customer. The number of attacks in the access logs is surprising - and I've been fixing other people's cracked servers for over a decade. It makes me wonder if someone is finding and recruiting exploitable systems for tomorrow.

If you have a website, please check that any web applications on it are installed correctly and the latest secure versions. I've been seeing a lot of attack attempts for Joomla and WordPress in particular, even on sites which don't run them. That says something bad about either the success rate of attacks for them, or the stupidity of their attackers.

In our case today, the damage seems to have been minimal (touch wood!), with the customer merely being banned from some networks for a while. It could be so much worse, like this BBC News report about Cotton Traders Card details stolen in web hack (which is part of why I suggest small online shops avoid storing credit card details on their site - leave it to the payment gateway).

Finally, there are some new scams like Conmen abuse web address checks on the horizon for online shops, so make sure you've got your 3D-Secure rules set correctly by now and be cautious about sending goods before you're sure you've got the money. I think all web card payment systems are a risk, so please try to limit your risk.

Update: If you do get attacked, try to help track the attackers down so we can get other results like the Jail sentence for botnet creator. I wish our governments would concentrate on toughening up blatent computer misuse law and stop tightening copyright law in secret.

Be the first to comment.

Tags: cooperatives, life, software, web.

More driving and cycling

Wed, 11 Jun 2008 18:17:56 +0100

Jeff Bailey asked:

"Heya Brits! Any of you still driving cars at ~ 1.15 according to the Daily Mail"

Yes, I am. I drove on Monday (at 1.18/l) because it was the least bad option for the journey. I try to avoid it and I felt bad afterwards (literally - it was too damn hot and each part of the journey was too short for the cab to cool down), but the car was available and the other choices involved not attending some events.

On Sunday, I used my bike instead, but I was I wondering if the world is full of Sunday drivers today or whether I was really riding that badly. You name a junction on my route and I seemed to get into a conflict with a car at it.

Today's bike trip went much better, even getting thanks from a coach for pulling aside halfway up an incline, but I had to take avoiding action as I re-entered the village because of a police car. I'm pretty damn sure that wasn't my fault, but I do wonder when it's the police.

I'm still riding without a helmet, without ill effects. Gunnar Wolf was getting a breeze through a different kind of helmet but I think it's telling that cyclists "feel naked" rather than actually being naked (usually, at least). Have we got too used to being cocooned in metal boxes while out on the roads? I've always ridden and walked a lot - is this why I don't miss the hat much? I must remember to drink more in summer without it, though.

I share Criag Sanders's scepticism about the protests and Chrisitan Perrier's enthusiasm for bike- pools. I don't agree with many of Russel Coker's views on oil prices but they are interesting reading, even so.

I'm taking part in JamBustingJune for the West of England region and BikeWeek 14-21 June 2008

3 comments.

Tags: cycling, life, toll road, travel.

Online shopping

Tue, 10 Jun 2008 11:48:38 +0100

I maintain a number of web shops for our webmaster cooperative and one of our main challenges is to encourage people who put things into their basket/cart to actually buy them.

How to avoid shopping cart abandonment by Graham Jones makes some points that I've identified as possible reasons for people not buying in the past: comparisons, robots and not trusting the site enough to give payment details. There's not much we can do about robots or people comparison-shopping at a technical level, but we try to build some trust by publishing the shop owner's geographic address and telephone number (which I think is required by law in England for most web shops now), making sure the SSL certificate and domain registration details are correct, using reputable payment providers and being clear about delivery charges and terms.

The point about the slickness of the checkout process is a good one and one that we've only recently started to work on. We've had pretty good results from making the checkout slicker on one site. It looks like two-thirds of people who click the checkout button now continue to buy, putting it comfortably ahead of current UK averages but I need to tweak our stats calculator to make the report directly comparable. Nevertheless, I think those improvements will be added to our other shops as soon as possible.

I share Graham's low opinion of the oft-quoted Amazon. We've also been looking at other web shop software besides OSCommerce for a new project, so now would be a good time to change to something new if it improves the checkout a lot. We've made OSCommerce's checkout a lot smoother, but it's still essentially OSC. Is there a good checkout which you'd want to use as an example?

The other challenge is getting visitors onto the site in the first place. How To Build Links By Patrick Altoft explains the basics as well as I've seen recently.

1 comment.

Tags: cooperatives, software, statistics, web.

Archive
Tags

This is copyright 2008 MJ Ray. See fuller notice on front page.