Archive for the ‘Browser’ Category

jsNoSpam – make it harder for bots to find your email address

March 6, 2016

If you want to put an email address on a web page, and have it human readable and easy to click on to open up in a mail client you run the risk of exposing yourself to one of the sleazier sides of the internet. Spam email. There are bots out there which relentlessly hunt down email addresses so their masters can deluge you with unsolicited commercial email (or worse, virus infections).

The best solution is to never show the email address – get your users to use a “Contact Us” form or similar so that there’s nothing for the bots to find. But sometimes you can’t do that, either because of how the pages are hosted or your client simply doesn’t want you to.

So… jsNoSpam was born. 100% javascript, so all client side and easy to insert anywhere that allows you to edit raw HTML and include javascript.

The script works by doing a number of things…

  • Requires you to encode the email addresses so they never appear in a recognizable form in the script or HTML source.
  • Supports decoding the email address back to a usable format
  • Allows you to display the de-coded address on the page, or to require a user action (mouse over, click, keyboard navigation etc) before revealing the address.

Because the email address which is inserted into the page via the script is clickable and usable like any regular mailto: link would be user inconvenience is reduced to a minimum, but the effort for a bot to scrape the address is increased and hopefully as there are enough potential variants in how the script can be applied it will keep it ahead of the game.

Here is a live demo of the code in action.

The code is hosted on GitHub, and is open source and unrestricted license (though it would be great if you find it useful if you comment here). It’s been tested in as many browsers as I can and also with assistive technologies (eg NVDA) but if you do find an issue please comment (or better yet fire off a pull request for me to incorporate your fix).

On their own, the techniques used (encoding the address, requiring user intervention etc) are not new, but hopefully combined they will produce a robust enough solution for people who need this workaround.

Browser Profiles – an excuse to play with Chrome Extensions

December 27, 2013

Like many people I use a laptop that I carry from home to work and back again. That coupled with browser preferences syncing to my other machines means all my bookmarks and extensions travel everywhere with me.

At work (or on our VPN) there are certain intranet sites I can access that are not public, so I’d prefer not to see them if i can’t click on them. There are also some browser extensions that I don’t want to run at work because they are not on our IT departments approved list. This means that either I have to stop syncing settings, or use a different browser for work… or come up with a smarter solution. (more…)

Building a safe and portable way to get online

May 19, 2011

Over the last few months I’ve had a couple of friends go through some rather unfortunate domestic situations which have involved partners spying on their computer activities, intercepting and even sending emails from what they thought was a private account. They’ve used a variety of means ranging from simply accessing a machine that’s not been locked through to using a keylogger or network sniffer to steal passwords and read email.

There are weaknesses with any operating system, especially if you do not have sole access to the machine or a way to secure the local area network to avoid eavesdroppers, so to try and solve the problem I looked at ways to eliminate the risks of both physical access and software spying.

The solution I came up with is a little technical, but works pretty well and provides a good balance of security and ease of use


The first part of the solution is unobtrusive USB Flash Drives. These can take many forms but for convenience I’ve been using LaCie USB Keys that look like keys. They come in various sizes (though I consider 8GB the minimum for what I’m doing) and are easy to hide in plain sight, and you’re not likely to misplace it if it’s with your house or car keys.

The second part of the solution is a stand-alone installation of Ubuntu. While it’s not as user friendly or as familiar as Windows or OSX for a lot of people its fairly simple to set up a totally self-contained installation that runs entirely from the USB Key – it leaves no trace on the host machine, it never starts the host machine (so software key-loggers and other spyware are useless) and it’s fairly light-weight so you can start up or shut down in less than 30 seconds.

Setting Ubuntu up in this way doesn’t follow the usual path to build a LiveCD that most people use to try out Linux – with that style of setup you can’t store data on the drive or perform in-place upgrades (patching the build, adding new drivers or even migrating to a new version)

The final part of the solution is installing anti-virus scanners that you can use to examine the host machine, and a VPN client to secure your communications with the outside world…

Preparing the Bootable Ubuntu key

These instructions do assume you have a clue what you’re doing, and that you can deal with the consequences of doing something wrong along the way. If you follow the recommendations you should be okay but, as with anything of this nature, there may be dragons ahead…

Safely selecting the right drive.

You may omit this step if after partitioning you choose to install grub to the root of the usb drive you are installing Ubuntu to, (ie sdb not sdb1). Unless you do this correctly though you can overwrite the HDD MBR which can be a pain to deal with so it’s not recommended. If you don’t know what grub is… proceed with caution!

·         Turn off and unplug the computer.

·         Remove the side from the case.

·         Unplug the power cable from the hard drive.

·         Plug the computer back in.

Installing Ubuntu

·         Insert the flash drive.

·         Insert the Live CD.

·         Start the computer, the CD should boot.

·         Select language

·         Select “Install Ubuntu”.

·         Select Download updates while installing and Select Install third-party software.
If you have an active network connection (wired recommended) this will save time later on.

·         Forward

·         At “Allocate drive space” select “Specify partitions manually (advanced)”.

·         Forward

·         Confirm Device is correct.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = 4 to 6 GB, Beginning, Ext4, and Mount point = “/” then OK.

Optionally configure a Home partition

If you’re only planning to have a single user and primarily store data in desktop folders then this isn’t required.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = 4 to 8 GB, Beginning, Ext2, and Mount point = “/home” then OK.

Optionally configure swap space

This allows hibernation but from experience with this configuration it’s quicker and easier to shut down and start than hibernate.

·         Click “free space” and then “Add”.

·         Select “Primary”, “New partition size …” = remaining space, (1 to 2 GB, same size as RAM), Beginning and “Use as” = “swap area” then OK.

Finish installation

·         Confirm “Device for boot loader installation” points to the USB drive. Default should be ok if HDD was unplugged.

·         Click “Install Now”.

·         Select your location.

·         Forward.

·         Select Keyboard layout.

·         Forward.

·         Insert your name, username, password, computer name and select if you want to log in automatically or require a password.

·         Select “Encrypt my home folder” for added security (especially if there is a risk of losing the drive)

·         Select forward.

·         Wait until install is complete.

·         Turn off computer and reconnect the HDD.

·         Reboot computer and select the flash drive to start

·         Log in and complete installation, upgrading packages and adding options like Chrome browser or Evolution email client

Securing your connection

While having a stand-alone machine image that allows you to keep local content secure you want to make sure no one is sniffing communications on wired or wireless networks. At the very least you need to ensure people are not stealing passwords so in Chrome you want  to install something like the KB SSL Enforcer which will try to redirect any connection to a secure channel to make snooping a lot harder.

If you want to ensure none of your online communications are overheard then you want to install and configure a Virtual Private Network (VPN) connection with someone like StrongVPN – this has the added advantage for some that you can even choose which country you want to appear to be surfing from 🙂

There are a number of Linux based anti-virus solutions (such as ClamAV) that can be used to scan the host machine but I’d recommend if you want to clean a Windows machine that you get a bootable version of Spybot S&D (that you can also run from a Flash Drive and keep up-to-date) as that’s a more robust solution.

Email and Documents

Depending on your situation you may want to keep as much as possible on the USB Key and as little as possible on the web, vice versa or somewhere in between. Personally I recommend setting up a new webmail (Hotmail or Gmail) account only once you are securely connected (so the password is never visible on an unsecured connection) and using Evolution to keep that in sync with the local drive so you can work either from the disk in off-line mode, or log in from a web browser in an internet café or somewhere away from prying eyes. For documents a service like Ubuntu One (probably a good bet as it’s integrated with the OS), DropBox or SkyDrive gives you the flexibility of working locally or “in the cloud”.

Given the risks of losing the drive, or corruption happening due to an overzealous or early removal I would strongly recommend keeping important data backed up somewhere secure and online just in case. You might want to consider installing Prey on the image just in case you lose it.

Stay safe out there!

A lot of the things you need to do to stay safe is common sense – don’t share logins, don’t re-use password and things like that but sometimes you need to bring more sophisticated tools and techniques to bear… I’d love to see some comments about how to improve this solution or make it simpler. If you like the idea of having this sort of setup but the instructions have put you off I’m happy to build a key for you for a reasonable fee (to cover time and expenses). Support for Ubuntu or any other applications mentioned here should come from the respective suppliers.

jQuery image animations

March 28, 2011

Working on a personal project over the weekend I needed a better way to provide a central image to a site. The image was the major draw card for the site and we wanted to place links and other content on and around the image.

As we wanted to showcase multiple images the easiest solution was to animate the image replacement with jQuery but we realized the problem with that was the links and floating content really needed to move depending on the underlying image.

A combination of jQuery, CSS and old fashioned Javascript produced a fairly simple solution where it’s easy for us to swap the images for new creative content and via javascript mapipulate where the captions need to move to.

Given a bit more time I’ll tweak the scripts to pick up the starting location from the CSS rather than hard coding in two places, and optimze the code and CSS a bit more, but as a proof of concept it was pretty effective.

After playing with the jsErrLog javascript error reporting code (a mixture of javascript and Python for AppEngine) it was nice to do something more front-end oriented.

CR-48: Unstable isotope or something more lasting

December 23, 2010

Hot on the heels of the very successful Android mobile phone operating system from Google comes ChromeOS. The bastard off-spring of an operating system and a browser it’s certainly something different, and given that it’s less than a year old and the hardware it’s running on really is bare bones it’s still quite hard to pin down if it’s going to be just a failed experiment like Wave or something more compelling that makes Apple and Microsoft push their primary operating systems even further.

ChromeOS is essentially the Chromium browser (the fully Open Source version of Google’s Chrome browser) running on a heavily customized and optimized Linux shell – Google hope that very few people will ever see what’s behind the browser windows.

The first most of the world has seen is ChromeOS running on the Pilot program laptop – the CR-48 (an unstable isotope of Chromium, and possible a joke at Apple’s expense – the iPad internal codename was K48). It’s an interesting mix of hardware in a shell that’s reminiscent of a contemporary MacBook. The bad are the VGA connector (rather than DVI or HDMI) and a truly horrible trackpad. The good are the built-in 3G wireless (the pilot program comes with 2 years of free Verizon data, only 100MB/mo but not to be sneezed at)., great battery life and the keyboard.

It’s tough to asses ChromeOS independently of the hardware it’s running on, but the performance of this strange piece of hardware is very good. Startup to usable (eg being able to send an email) is about 10 seconds. Shutdown to sleep is virtually instant. The keyboard is a little strange, with the Caps Lock key replaced with a “search” button, and where you expect to find the function keys some dedicated, browser centric buttons – back, forward, refresh, full screen, next window; and then brightness and volume controls. With the unusual layout the only thing I noticed was no quick key combinations to get to start/end of a line or top/bottom of a document (or page up/down) but I’m sure that could be a simple tweak.

With only a single USB connection it’s a little disappointing that the built in Bluetooth capabilities are not exposed in the OS – no way to pair a headset or a mouse. I was able to use a USB mouse with the laptop, but my USB headset wasn’t recognized. The video camera is what you’d expect on a fairly low-end laptop.

But… we don’t really care about the hardware. Is ChromeOS going to be a game changer, or just an interesting but ultimately doomed experiment?

After a few days with it, I still can’t tell for sure. There are some things it does really well. And there are some things that drive me insane and have me reaching for my Windows 7 powered MacBook Pro.

The good is, quite simply, the web. It’s a great browsing experience, with nothing to distract you. Multiple tabs, and multiple windows and quick and easy to find your way around.

The bad is… well, ironically, the web. Because ChromeOS is essentially an OS with a Browser for the GUI and no native apps as such you are limited to what you can do in a browser.

Normally while writing this I would have had

  • a couple of tabs running. Well, that worked fine.
  • music – usually VLC tuned to a station. That’s a problem. No VLC (or any standalone music player). I found the Chrome Radio Player extension which does stream… but only on Windows, Mac or Linux and only if you have installed VLC or Windows Media Player. Luckily I found a Pandora extension
  • something to manipulate images. Well, kinda. No MS Paint here. You have to find the image you want on the web, and manipulate it in the cloud. There’s no local storage for you to save your artwork away to upload to the blog later.
  • An IM client. Digsby by choice. It lets me chat on MSN, GTalk, Facebook Chat, as well as keep up with Twitter and Facebook. So far I’ve not found a good IM equivalent (eBuddy has promise but not a patch on Digsby). Chromed Bird is a nice extension for Twitter though.
  • Email notifications to interrupt me. Luckily there are lots of Gmail notifiers, and I found one that talks to Exchange, but doesn’t seem to like staying logged in. Close but not quite perfect.
  • An app to write this post in. Windows Live Writer or even Outlook. At least Posterous has a web interface so I could write this.

At the end of the day the frustration comes from the lack of real utility apps – no IM, no music player; the lack of local storage and the reliance on the cloud for everything – you can’t even log in without a web connection, and what happens if you want to draft an email on a plane or at a retreat with no Wifi or Verizon coverage?

I think that ChromeOS certain will move the bar in terms of battery life and performance, and for many people it will be a useful web-centric environment for checking Facebook and webmail, but in order for it to make a real dent there needs to be a lot of work solving the problems that “real” OSes have made appear simple… an app framework that goes beyond bookmarks to web pages and some extensions that, so far, are a little rough round the edges. Oh, and fixing the app store so it’s clear if apps work on ChromeOS or only really work in Chrome running on a real operating system.