The race is on

There’s an interesting race that started yesterday which will most likely make for an excellent case for the value of open source software. Secunia has identified a fairly nasty security issue in almost every web browser. You can read up on the details of it on secunia if you want. The gist of it is a vulnerability in popup windows and the ability of other open browser windows that did NOT originate the popup to take over the popup. That sounds relatively benign, but imagine a site where when you go to login, a popup window comes up asking for your authentication information. Unbeknownst to you, joe script kiddie owns this popup and you just gave him your login info. Or, say, you go to your bank and they popup a window ‘0% interest rates on transferred balances!’ Except you’ve been pwned and it’s Joe Script Kiddie again, and he has your account info now.

Anyway, the point of this post is this: my guess is mozilla/firefox will have this patched in relatively short order. Want to lay odds on how long it takes microsoft? I’m not guaranteeing MS will lose – there have been occasions where too much bad press manages to light a fire under their ass and they get patches out relatively quickly. But their track record is pretty bad, generally. I’m laying my money on Firefox, and if I’m right this episode gets added to my ‘why open source is superior to closed source’ file.

Meanwhile, make sure your popup blocker is set to kill, and for sites where you have to allow the popups, make sure you don’t have any other browser windows open that might be a source of malicious scripts. You could also turn javascript off to deal with this, the same caveats apply.

Killer extension for firefox

Everyone reading this is running firefox, right? If not, click the link and install it.

Anyway, evangelism aside, I happened across a most excellent extension to firefox yesterday. Regular readers know I’m a huge fan of wikis these days, and over the past year or so mediawiki, the engine that powers wikipedia has evolved into one of the best wiki engines. Now someone has put together a firefox extension that enhances the process of authoring wiki content. It’s geared specifically towards wikipedia authoring, but some testing at work has shown it is helpful in other wiki engines, or at least with oddmuse, which we’re using at Skidmore. If you’re authoring wikipedia content, definitely give this a look, and even if you’re using another wiki engine it might be worth your time to check it out.

Free, classic old Avalon Hill game for the computer

An early lunch today and so, a fun link. Do you like the classic boardgame Risk? OK, so it’s a dicefest that favors luck over skill and tactics, but chances are you played it growing up and might even have loved it. If you’d like to tinker with something along those lines but with slightly more meat on its bones, check out the the computer version of the old Avalon Hill boardgame Wizard’s Quest. Free, fun little boardgame that you can play in under 15 minutes. Win32 only I’m afraid, but the system requirements are so modest I’m sure it would run smoothly under emulation on a Mac.

I blogged this several years ago, figured it was worth mentioning again since it’s fun and free.

Let it be recorded that winter has arrived

This is for my own uses as I try and acclimate to the climate here in upstate NY. This week was the first real storm of the season – about 3 inches of snow followed by sleet and freezing rain, then thankfully extended rains to wash it all away. The roads were terrible one night, otherwise this was a minor storm.

In roughly 12 years in Maine I never really got used to the fact that Spring doesn’t show up until May. It was April when I was a kid. We’ll see where it is here in the Adirondacks. So far the winter here has been really mild. I was hiking up above 1500′ in the tongue mountain range on sunday in ~50 degree temperatures. I think this is national but it’s definitely at odds with the average winter in Maine, where by this time of year the temperatures were routinely below freezing.

Anyway to close this off I’ll also observe that my new car is terrible in the snow. I intentionally took the roughest back road home to test how things went. The impending arrival of my new dog and the expenses related to same have left me dead broke, which means no snow tires for me. My conclusion? I will be creeping along at 5MPH a lot this winter, and the chances of me getting stuck are very high. Ugh.

What’s a gravatar?

No, not that Gravitar (notice the spelling) – this gravatar – a modestly clever idea for making a universally available graphic (an avatar) for web forums, weblogs, and the attendant comment systems. Register yourself, and any system that supports this will begin to show your avatar when you use it. This is much simpler than the normal process of registering your avatar at every site you register for, and their rating system makes sure your r-rated avatar doesn’t show itself in all its glory at, say, disney.com. This is already supported by a lot of the big publishing tools (blogger, movabletype, wordpress, livejournal), and there are implementations out for drupal and phpbb, presumably the other big message board toolsets will have implementations shortly.

More free Civilizations

It’s Friday, which means it’s time for a Friday fun link. Today it’s another mention of the most excellent c-evo. This is an excellent, lightweight riff on the original PC game civilization. PC only unfortunately, and mind that you have to download a graphical tile set as well as the binary in order to play, but this is an excellent little turn based strategy game and it has evolved nicely since the last time I linked to it. Get playing!

(Non PC users can go grab the equally excellent freeciv, which runs on most platforms. And note how they have changed their site website over to a mediawiki instance, very cool).

More googly goodness

I’ve waxed enthusiastic about usenet here over the years, without too much success as far as I can tell. Most folks remain largely unaware of how useful it is. Google has just made some changes to their web interface into usenet that may help in terms of raising public awareness. Basically they seem to have stolen a page from Yahoo’s Groups function – the interface is similar. Subscribe to a group, you can post to it freely, and it keeps track of what you’ve seen and not seen. The difference is google is tying directly into usenet whereas with Yahoo they’re using their own (unfortunately ad heavy) system. It would be awesome if Google would stitch in some improvements, especially RSS feeds (I wish anyone would do this, I’ve craved it for ages) and ‘watches’ similar to what I can do in feeddemon – what I mean by this is…for example, imagine I am subscribed to comp.sys.lang.perl and I have a watch on ‘libxml’ – the system would alert me to any posts that come through mentioning libxml. On the surface this doesn’t seem hard to do, and as you can imagine it’s enormously useful in terms of reducing the amount of chaff you have to sort through to get to the wheat. But anyway, regardless of my own needs, google’s just made it easier for anyone to play around with usenet and get a feel for how useful it is. Check it out.

What the heck is an .asf file again?

I needed to figure that out today, the third day in a row I had bizarre file format questions. And no, I don’t mean .asf the windows streaming media format. In this case it turned out to be a binary file type from a dos-based statistics package. An emeritus faculty member had brought it in and wanted to print. I figured out how to manage this after stumbling across filext, a website devoted to cataloging all known file extensions. It’s got a pretty impressive database of filetype, including my unknown ~15 year old dos file. I wonder how long it will be until digital forensics becomes part of the curriculum in archaeology courses, clearly the need for the skillset will be there. Anyway stash a bookmark to filext away, it’s definitely a very handy site.

Microsoft gets into the blogging game

Microsoft launched their free weblogging system today, joining the likes of typepad (from the movabletype folks), livejournal, the original blogger (now owned by google) and others with a commercial blogging service. This will undoubtable further raise public awareness of the whole blogging phenomenon. Their system’s not half bad on first look either – it seems like it has a decent feature set, including photo galleries, mobile phone integration, buddy lists, music lists and more. It’s hard to say how well it all works though since it requires an MS passport which I dont have and dont want, and since it seems to be overwhelmed with traffic on its first day. Worth keeping an eye on as each of the big players adjust their offerings.

Illustrator/Freehand cost how much again?

The latest release of inkscape is out. I’ve linked to this in the past. While it can’t yet actually replace Illustrator or Freehand on the professional graphic artist’s desktop, it’s more than competent enough for the average piker like me. There are windows and linux binaries and mac users can grab it if they have fink up and running. Well worth grabbing even if you do use Illustrator regularly.