Electricmonk

Ferry Boender

Programmer, DevOpper, Open Source enthusiast.

Blog

Firefox VS IE: barf!

Sunday, December 11th, 2005

I’m getting a little bit sick of all the Firefox VS IE bullshit floating around the Internet. Firefox has been boosted as the more secure browser by various open source advocates and groups. Lots of other people seem to love to hate the people that hate IE; lately they’ve been claiming things like “Firefox has had more security advisories than IE in the last [year, month, week, days, minutes], so it must be just as insecure or even worse!”

What these people fail to realise is that the number of security advisories are not an indication of the security of a product. If you don’t have the IQ to extract meaningful facts from statistics, please shut up. Just because security flaws where found in Firefox does not make it a less secure browser. In fact, finding flaws is one of the idea’s behind Open Source software.. we’re supposed to find the flaws so we can fix them BEFORE they become a security problem.

When discussing the security of a certain product, please keep the following in mind:

  • How many actual exploits for the bug are in the wild? (i.e. actually being used against users
  • What’s the impact of the bug
  • What’s the impact of the exploit?
  • Do not blame security problems in third-party products on the product it was based on. (PHP IS NOT INSECURE!)
  • What are the definition being used? Is a critical flaw in Firefox the same as a critical flaw in IE?
  • Consider that not all known flaws in a product are reveiled. Closed source companies would rather keep security flaws quiet if there’s no exploit in the wild. Open Source products would rather quietly fix the flaw and make a tiny little note about it in the changelog.
  • A denial-of-service attack is not a security problem!
  • Take a look at the target demographics for the product. People using Firefox are usually more computer-savvy than IE users and are therefor less likely to get a virus.

So. Is Firefox more secure than IE? I’m not even gonna awnser that. There are just too many variables to consider to make any useful statement. Anybody that does otherwise shouldn’t be trusted because they obviously don’t understand what they’re talking about.

If you, however, were to ask me about the security of Outlook….

Looking for an 1U rack server

Wednesday, November 23rd, 2005

Hey folks,

I’m looking for a 1U rack mount server. Something old and cheap, preferably ;-) Somewhere along the lines of a 500Mhz machine, 256 MB memory, 40 to 80Gb HD. Nothing fancy; don’t need RAID or dual CPU/power sources.

If you know anything, please contact me.

Update: Just to clarify: This doesn’t have to be a new one; second-hand is okay. Perhaps even preferable.

Update II: Got one.

Bought a leatherman

Monday, November 21st, 2005

Last friday, I bought a Leatherman multitool and, since it was quite expensive, I have to tell everybody about it. No better way than to abuse my log for such a goal, is there?

I got me the Leatherman Charge Ti which has, like, a gazillion tools in it. I’m not sure I’ve already found everything on there. The fixed Lanyard ring is especially well hidden. Maybe there’s a prize for anybody who finds it? It’s plated with the most useless Titanium plaques ever, but they sure look spiffy! It got a pretty good review on Equipped to Survive too.

Anyway; I’d been thinking about buying one for a long time, but I always thought them kind of expensive. My previous pocket knife was a Victorinox Nomad . A great knife, which I’ll probably still frequently use, but which kind of lacked a bit in features (didn’t even have a philips screwdriver).

The Leatherman Charge Ti cost me €170,-. Too much probably because I’ve seen it on the internet for less, but what the hell. I’m happy with it and it was money well spent. Comes with a 25 year garantuee, so I won’t have to buy a new one anytime soon (unless I lose it, which is not highly unlikely too happen).

Homepage updates

Monday, November 21st, 2005

You’ll probably not notice it, but I updated my homepage. Every page now has an index (except the Home page) and I rewrote some parts of the most import page on this site. The Links page is gone; it was outdated and I was lazy.

SafeMailTo

Monday, November 14th, 2005

Hardly worth an entry on the projects page, but still:

SafeMailTo, a script that hides your e-mail address on your website but still allows people to see it, click it and copy-paste it.

It uses ROT13 ‘encryption’ so it should protect against spambots that can’t do ROT13 and Javascript. If it’s ever broken you can always upgrade to ROT26! (that’s a joke).

More XML Commandline unix tools

Tuesday, November 8th, 2005

A little while ago I reported on a little XML toolset called XMLStarlet. XMLStartlet provided a bunch of commandline tools for reading and converting XML files from the commandline. Usefull in scripts. However, it uses a pretty complex interfacing. For instance, you’ll have to know XPath to easily select a particular piece of XML to show.

The XMLCliTools toolset is more in the spirit of traditional Unix tools like grep. It can grep, read and format XML files quite easily. Some examples:

Look for node sequence "top->a" (levelwise). Display from level 1.
jensl:~/c/xmlclitools> xmlgrep -f test.xml 1 top.a
<a><b u="kalle">B1</b></a>
<a><b>B2</b><c>C1<b>B3</b></c></a>

Above with formating.
jensl:~/c/xmlclitools> xmlgrep -gf test.xml 0 b:u=kalle|xmlfmt b:u
kalle

Uptime birthday

Monday, November 7th, 2005

[todsah@sharky]~$ uptime
 19:36:19 up 367 days,  8:41,  3 users,  load average: 0.01, 0.01, 0.00

Whoohoo! My first longer-than-one-year uptime! And too think I haven’t really maintained my server for about that long. It did survive an upgrade to Debian v3.1 without rebooting.

Cypres v0.1

Sunday, November 6th, 2005

I’m finally finding the time to release some stuff that’s been sitting on my diskdrive for way too long. Here’s a little something I create a Long, Long time ago. I think it was for my graduation, but can’t really remember. Anyway:

Cypres is a complete browser-based presentation tool. It consists of a single HTML file.

Cypres is an ideal presentation tool for people that know HTML:

  • First of all there is no need to learn any of those difficult presentation tools like that thing from Microsoft or Open Office.
  • It won’t crash on you.
  • You won’t need to make sure the PC you’re gonna run the presentation on has the presentation tool installed; every PC’s got Firefox or Internet Explorer.
  • Presentations are kept simple yet can be completely modified and have things like pictures, movies, fonts, etc.
  • Since it’s just a single file, it’s easy to take it with you on a floppy or just view it directly over the Internet.
  • Presentations can be shown on screen / beamer and can be printed for hand-outs. All from the same file.

Homepage.

RSS2MySQL v0.1

Sunday, November 6th, 2005

For a colleague of mine:

RSS2MySQL v0.1.

A Small script which reads in an RSS feed, takes the news items and then puts them in a MySQL database.

Electricmonk.nl stopt met hosting email en websites (Dutch)

Thursday, November 3rd, 2005

Ik heb vervelend nieuws voor jullie (en voor mezelf ook eigenlijk). Het
is namelijk niet meer mogelijk voor mij om mijn eigen server te hosten.
Voor mensen waar ik dingen voor host heeft dat de volgende gevolgen:

Alle e-mail adressen gaan weg.
Als je dus een e-mail adres @electricmonk.nl hebt die je via de website https://www.electricmonk.nl/services/pp.php of via POP3 benaderd, dan zul je op zoek moeten naar een nieuw e-mail adres ergens anders.

Aanraders: GMX.net of GMail.com

Alle websites die gehost worden op electricmonk.nl gaan weg
Als je dus een website hebt bij mij zul je op zoek moeten naar een andere website hoster.

Aanraders: www.8m.com of www.cjb.net

Alles zal, voor zover ik kan, blijven werken tot donderdag 1 december.
Vanaf dan zal het niet meer mogelijk zijn om mail te ontvangen/benaderen
en zullen de websites verwijderd worden.

De reden dat ik helaas niet door kan gaan met het zelf hosten van mail
en websites heeft te maken met het feit dat Chello (mijn internet
provider) mij constant van een nieuw IP adres voorziet. Het IP adres
moet hetzelfde blijven om email en websites te hosten, omdat dit aan de
naam electricmonk.nl gekoppeld is. Elke keer als het IP veranderd moet
de naam opnieuw gekoppeld worden. Het duurt elke keer ongeveer twee
dagen voordat de naam over de gehele wereld aan het IP gekoppeld is.
Aangezien Chello mijn IP minstens twee keer per week veranderd is het
over het algemeen dus zo dat de boel een dag in de week werkt
(wereldwijd gezien). Geen doen dus.

Ik zal op verzoek backups verzorgen van je oude mail, contactlijsten en
je website (plus eventuele database gegevens die achter je website
zitten). Als je deze gegevens graag wilt ontvangen, mail mij dan even
(Voor mijn e-mail adres, zie verder op in deze mail). Zorg er voor dat
je dit VOOR donderdag 1 December doet! Daarna is alles namelijk
verwijderd.

Voor vragen : Contact

The text of all posts on this blog, unless specificly mentioned otherwise, are licensed under this license.