Although there’s an incredible number of symptoms of Linux’s lack of popularity, I think it mostly comes down to a single main cause; it’s very hard to take Linux seriously.  Self-appointed spokepersons that wear robes, act like the world’s largest emo and have an incredible God complex, companies that mock more than promote Linux(use this if you don’t want to use Windows???  Really?) and rabid fans that ostracise the whole community in the process of telling the world how great their OS are all things that combine to make one big pot of laughing stock.

To be honest, I don’t have a very good relationship with Linux myself, in part because of the community tasked with promoting it.  I grow tired of the blind allegiance that many harbour and I find it very hard to ignore the actions of people like Richard Stallman.  I just want an operating system that works and while Linux is a pretty great operating system, to act like it doesn’t have any shortcomings is akin to acting like Mr. Stallman is a sane person. Just like any other operating system in the world, it has plenty it can improve upon.

As for Mr. Stallman, if he gets any more emo, then we won’t have to worry about him at all.

Top Six Google Chrome Extensions for a Much Secure Browsing Experience

At first, I thought he forgot a word there, but after looking at his suggestions, I’m more inclined to believe that he couldn’t decide between “Much the same Secure Browsing” or “Much false sense that you are Secure Browsing”

Here’s his suggestions for protecting yourself from the villains that reside on the web:

1) Web of Trust: Because anonymous people telling you whether the site you are visiting is safe or not can not be manipulated by malicious entities.
2) McAfee Site Advisor: Favorite quote FTFA – “…you can definitely rely on ratings by McAfee for the most part.”
3) KB SSL Enforcer: Because such an incredible amount of data theft goes on due to unencrypted web page viewing.
4) Flash Block: So few attacks are based on flash apps, that you would call this more of an adblock than a security measure.
5) Last Pass: Finally something we need for these browsers that don’t store passwords.  Wait…. what?
6) View Thru: Discover where shortened URL’s really direct you.  We’ve seen malicious files on the most trusted of sites and servers, so seeing the URL doesn’t help as much as you think it would.

I’m not giving the author a hard time about his choices.  Instead, I’m pointing out the fact that there are so few decent security addons for Chrome that he had to choose these.  Let me explain with a single picture:

This picture gives you a pretty good idea of the most dangerous aspect of browsing the web.  Visiting techdrivein.com results in 14 different domains trying to execute javascript on my computer. That’s the thing about javascript.  It’s payload can be delivered from any domain, not just the one you’re visiting.  The most popular methods of malicious infection on the web utilizes javascript to accomplish it’s task, whatever it may be.  Asking nameless people(or McAfee, of all companies) if they trust a website, blocking a flash app and browsing a site via a non-signed SSL connection is going to do you absolutely no good if the site is indeed reputable, but has had it’s code hijacked with a malicious script via either XSS, Iframe, or other method.

I tried using Chrome a little while ago, but due to it’s lack of ad and javascript blocking addons, I wasn’t willing to make the transition.  The very simple fact of the matter is that aside from user ignorance and stupidity, javascript is the single most dangerous aspect of browsing websites.

If you’re concerned enough about security to use any of the addons above, you shouldn’t be using Chrome.

I have used it for a couple hours and no matter how much I explored, I can only find one change between the old and new.  This change, however, will alter the landscape of linux computing.  Years from now, after every distribution, in all OS camps have followed in Ubuntu’s steps, the four of you that read this will remember my heralding of a new era.

So what’s the change?  What incredible insight did Mark Shuttleworth have that is sure to forever change the way we compute?

Good Lord in heaven, can you believe what you see?  I couldn’t at first and I still have moments where I feel the need to pinch…  What?  You don’t see it?  Ok, just a second.

Now, don’t you feel stupid?  Now that you can see the sheer genius that is Ubuntu, you’re probably feeling pretty stupid now, aren’t you…  What?  You still can’t see the change that is going to forever change the way you compute?  Christ, do I have to hold your hand?

There you go.  The only noticeable difference I was able to distinguish was the fact that they moved the action buttons for your windows to the left.  Which is fucking genius.  Now, when you want to choose something under the file menu, you have over a 50% chance of accidentally choosing to close your application, and if you’re lucky, losing all of your work in that application.

I can just picture Mark Shuttleworth as he looks in the mirror, comparing himself to Steve Jobs, the master of huge changes that on the surface seem absolutely asinine only to become globally emulated within the next year.

Well, he got half of it down pat.

I digress.  Let’s get to the form bits.  In my past posts, I’ve spoken about broad concepts that have worked for me.  This time, I’m going to provide the actual code I’m using.    With my latest change of checking for a valid MX record, I’ve completely stopped spam on the form that I’m using this on for over a month.

Since I’m passing variables via a session, at the top of the file, I’m going to go ahead and start the session before anything else is done in the file.

<?php
session_start();

Then I create a couple session variables:

/*Anti-Spam*/
/*-We’re going to seed the input with a hidden and random value and we’re timing to find the slowpokes.*/

$_SESSION['AS_seed'] =  mt_rand(1000, 9999); //Pull a random number out of our ass between 1k and 9999.
$AS_seed = $_SESSION['AS_seed']; //We are going to use the random number to change the form element names.
$_SESSION['AS_substart'] = mktime(); //Pass the form generation time to a session var.

Now in the form, we’re going to create the inputs like so:

<input type=’text’ name=’”.$AS_seed.”email’ size=’20′>

So what we’ve done is we’ve made sure that every time this page is generated, the element name is different.  The reason for this method of protection is the fact that one method the spammers use to submit form spam is by crawling the site(or manually browsing), saving the page HTML and then using a bot to automatically parse the page to shoot spam off.  Since the element name is different each time, saving a copy of the form will result in erroring out on the submittal side.

So on the entry side, we’ve created a start time and we’ve given the elements a random name.  Now we need to do some things on the submission side.

/*Let’s submit the form!*/
case “submit” :

/*AS: Anti-Spam measures*/

/*Setting a time to compare to the form generation*/
$AS_subend = mktime();

/*First a value set by the submission form.  This should defeat bots that simply contact the form processor, bypassing the actual form page.*/
if((!ISSET($_SESSION['AS_seed']))OR(!ISSET($_SESSION['AS_substart']))){ //If either session variable is missing, then we know that the submittal was not made via the proper method(form).
$stop =’1′;
echo(“Text to let them know that there were no session variables present in the form.”);
}

/*If it took them less than 5 seconds to submit the form, they’re not human.*/
if($AS_subend <= ($_SESSION['AS_substart']+5)){
$stop =’1′;
echo(“Text to let them know that the post took less than 5 seconds to make.  Send them packing.”);
}

/*If it took them longer than 30 minutes to submit the form, they fell asleep and their comment is probably really too boring anyway. Send them back to start*/
if($AS_subend >= ($_SESSION['AS_substart']+3600)){
$stop =’1′;
echo(“Text to let them know that the post took longer than 30 minutes to make.”);
}

/* If they made it this far, then all we need to do is verify the sender. */
// email address validation function.  This does not check for a valid domain, only a valid structure.
// kudos to http://iamcal.com/publish/articles/php/parsing_email/
function is_valid_email_address($email) {
$qtext = ‘[^\\x0d\\x22\\x5c\\xa6-\\xff]‘;
$dtext = ‘[^\\x0d\\x5b-\\x5d\\xa6-\\xff]‘;
$atom = ‘[^\\x00-\\x20\\x22\\x28\\x29\\x2c\\x2e\\x3a-\\x3c'.
'\\x3e\\x40\\x5b-\\x5d\\xa6-\\xff]+’;
$quoted_pair = ‘\\x5c[\\x00-\\xa5]‘;
$domain_literal = “\\x5b($dtext|$quoted_pair)*\\x5d”;
$quoted_string = “\\x22($qtext|$quoted_pair)*\\x22″;
$domain_ref = $atom;
$sub_domain = “($domain_ref|$domain_literal)”;
$word = “($atom|$quoted_string)”;
$domain = “$sub_domain(\\x2e$sub_domain)*”;
$local_part = “$word(\\x2e$word)*”;
$addr_spec = “$local_part\\x40$domain”;
return (preg_match(“!^$addr_spec$!”, $email));
}

$email = $_POST[$_SESSION['AS_seed'].’user_email’];

if(!is_valid_email_address($email)){
$stop =’1′;
echo(“Text to let them know that the email structure was invalid.”);
}else{
/* If the “if” checked out, then we are dealing with a properly structured email address.  Now, the “else” will determine whether the email domain actually has an MX record. That means that the domain is not only registered but also is set up to accept email.*/
function verify_email_dns($email){
// This will split the email into its front
// and back (the domain) portions
list($name, $domain) = split(‘@’,$email);

if(!checkdnsrr($domain,’MX’)){
// No MX record found
return false;
} else {
// MX record found, return email
return $email;
}
}

if(!verify_email_dns($email)){
$stop =’1′;
echo(“Text to let them know that the submission failed due to no MX record.”);
}

//So, lets see if any flags popped up.
if(!ISSET($stop)){ //If “stop” is not set, then none of the checks above triggered it and we’re ok to submit the form.

$username = strip_tags (substr ($_POST[$_SESSION['AS_seed'].’username’], 0, 50));
$name = strip_tags (substr ($_POST[$_SESSION['AS_seed'].’name’], 0, 50));
$user_email = strip_tags (substr ($_POST[$_SESSION['AS_seed'].’user_email’], 0, 50));
$comment = strip_tags (substr ($_POST['comment'], 0, 2000));

$to = me@here.com’;
$subject = “Your site -|- Contact form submission”;
$message = “Here’s a submission for you:\r\n
User: $username \r\n
Name: $name \r\n
Email: $user_email \r\n
Comment: \r\n
$comment”;

$headers = “From: $user_email” . “\r\n” . “X-Mailer: PHP/” . phpversion();

mail($to, $subject, $message, $headers);

echo(“Text to let them know that the submission was a success.”);

}

break;

Before I added the mx check, I was getting a single spamming piece of whale shit that kept hitting me with the same test post:

Here’s a submission for you:

User: bunqwputd

Name: bunqwputd

Email: aaivnq@gjpluc.com

Comment:

QHq9CT  exmlpcvlbyvq, [url=http://ywepjoknkzps.com/]ywepjoknkzps[/url], [link=http://fzzqigwvqeao.com/]fzzqigwvqeao[/link], http://zpedowpklfhx.com/

which doesn’t make much sense at first, but here’s the deal.  Most spammers don’t read the language of the page they’re on and they don’t have the time to decipher each form’s purpose.  They’ve got shit to post.  To help in their effort, they post bullshit like this and then see what happens.  If the resulting page shows their spam, then they know it’s a form they want to hit.  If it doesn’t, it’s time to move on.

I lucked out here because they use a random string for a domain name.  I suspect they do this to protect themselves from forms that block posts from known webmail domains that historically house spam accounts.  If it’s a bogus domain, then it’s definitely not going to be on any blacklist.

It will also not return a valid mx record

That’s it.  Months have gone by with no more spam.  If it changes, I’ll start playing with other things to try short of a CAPTCHA. I imagine I’ll begin running the content through Akismet.  For now though, this is doing the trick.  Hope it helps someone else.

Let me just say before starting this that I love Firefox.  The ridiculously large number of addons are the biggest draw for me with standards compliance coming in at a close second.  Recently though, the ballooning of the browser has been getting in the way of my productivity.  It’s become fucking slow, for one.  The browser is beginning to take as long to start as the operating system itself.  Secondly, I’ve started having problems with flash inside the browser.  Other browsers are using the same flash plugin without issue, so I have to assume that it’s Firefox botching the implementation of it.

As often happens with me, I began grazing upon browsers in search of greener pastures.  Almost always, this ends up with me back at the application I started with, but this time may be different.

First, I tried Opera 10. I’ll summarize.

NO.

My sweet Jesus.  For a bunch of super geniuses, they’ve designed the absolute worst UI I have ever been subjected to in a browser.  I might as well use Conkeror.  At least they had the balls to just go ahead and intentionally design a browser around all the things about vi that piss you off. Instead, Opera teases you with buttons and menus then waits until you’ve got seven pop-ups open before you realize they don’t really do anything.  Sucker.

Seriously, since all of the people using Opera are too busy telling you how cool the browser is to develop a single decent ad blocker, you have to add the filters yourself.  Trying to do so in the preferences pane is an exercise in frustration.  Want to copy and paste from an established list on a page in the browser?  Don’t make me laugh.  There will be no interaction with other parts of the browser when this pane is open.  Want to paste more than one at a time?  Don’t make me laugh.

Kazehakase: I think this is a cool browser.  Unfortunately it’s just another open source project with a community too small to develop the things I need.  The core of the browser seems quite buttoned down but I don’t fly without ad blocking and I don’t like not having the ability to turn off j/s based on host.

Chrome:  Here’s the deal.  I tried Chrome a while ago but to be honest, I feel that I already give Google too much information.  If I’m not going to use their nameservers because of this, I’m sure as hell not going to use their browser to parse all content I view on the web. So I downloaded the latest version of Iron, described as Chrome stripped of all it’s data mining abilities. I may have found my new browser.  For starters, it’s incredibly fast.  First start with 15 tabs from previous session is almost immediate. Compare this to the 15-20 seconds it takes Firefox to do the same. Secondly, it’s missing all the useless crap that the Firefox developers have recently begun throwing into their browser in an attempt to make a browser that can do everything up to and including folding your laundry.  Don’t get me wrong, I love features.  I just don’t like the repercussions of when you have too many.

So, I liked Iron, but like I said, I won’t browse the web without ad blocking… Which leads me to Adblock and Adblock+ Element helper. These are not nearly as refined as their Firefox namesake, but they get the job done. The thing I’m having the most problem with is the fact that there is just too much crap in regards to extensions for Chrome.  Everyone has half-assed developed something, they’ve all named it the same thing and all of them used a different Chrome extension site to host it.  Just like adding modules to your Google home page, finding extensions for the browser can be a royal pain in the ass due to the sheer volume of useless shit you have to wade through.

That being said, I’m on day three with Iron.  I’ve not had any of the problems that I have been having with Firefox lately, but there are definitely some foibles.  I sometimes find myself having to refresh certain pages that initially render as completely blank.  It’s happened probably 5 or 6 times in the last three days.

I’m going to miss the remaining extensions that I often use in Firefox.  Time will tell if I miss them enough to take that blimp of a browser back.

I won’t bother regurgitating any of the links to prior art.  You can find hundreds of them over at the Groklaw site.  I just wanted to post for the people who don’t understand why it’s becoming increasingly hard to take Microsoft seriously as a software “developer”.

They came into existence riding on the coattails of other people’s work.  Over the years, you would have thought they could have hired enough competent developers to come up with something of their own to stand on.  It seems though that they are still trying their damnedest to keep and gain users by simply absorbing intellectual property they can buy and shutting down those they can’t through lawsuits.

I guess we’re supposed to be surprised.

A growing number of people are getting locked into an endless reboot loop during upgrade, destroying their Vista installs and leaving them with no OS.

Woops.

Microsoft must be working day and night to try to resolve this issue, right? From TFA:

According to Microsoft’s head of support, however, the endless reboot problem isn’t on the company’s top list of concerns. “It’s very early in the process,” said Ben Bennett, the director of Microsoft’s Windows consumer global support group, in an interview Monday afternoon. “In terms of the top issues of customers who choose to upgrade, the XP-to-Windows 7 [upgrade] is up there on the list for lots of reasons. The netbook upgrade scenario — how do I upgrade my netbook to Windows 7 — is also a big one. And another is, ‘Where are my applications?’ after people have upgraded. They wonder what happened to e-mail and photo editing, for example. Those are the top issues so far.”

So, they’re more concerned with those upgrading from XP to 7.  Well, that makes sense.  I’m sure that was their plan all along.

At least I got to keep the paper hats and confetti.

The cost of attending the conference? $3,695.00.

So we’re clear, Gartner, the entity that wants you to look to them for cutting edge trends and intelligent discussion concerning all things technological, hopes that you believe that if you pay almost four thousand dollars to attend their conference, the copy of Windows 7 you receive will be free.

In fairness, if there’s anyone that will believe they’re receiving a free copy of Windows 7, it’s the very type of person that would pay four thousand dollars to listen to these blowhards.

After getting everything installed, set up and tested, I moved over all the important stuff in my home directory and replaced the old work machine.  Then I got to reflect upon the install.  I can say that I still would never think of handing a linux disk to a Windows user and telling them to try it as their OS.  At the same time, I’m astounded at how far linux has come in regards to the desktop.  Here’s the highs and lows:

Highs:

1) Did I say fast?  Holy crap, I don’t know what happened in the last year, but whatever it was, it seems to have gotten rid of half of the time needed for bootup. From BIOS splash to no disk activity in the desktop, I’m looking at between 15-20 seconds.  A Vista boot on the same machine requires almost a minute to stop disk activity.

2) Friendly install for the ignorant: Finally, I don’t need to know anything about chipsets and partition sizes for my swap space to install.  I had a working install within a half hour of starting the process.

3) Looking pretty snazzy:  Gone of the days are oversized icons, almost-readable fonts and menus that look like they were Windows 3.1 rejects.  The fonts are fantastically crisp, the icons are top notch and the polish is in place in all the right spots.

4) I can rest:  My game computer is such a tiring experience. Malware, antivirus, scans, disabled javascript and more just for some peace of mind.  It’s so refreshing not to give a flying shit if I visit a hijacked web page.

5) Screensavers and power settings are no longer a joke:  Used to be nothing worked.  Then, Gnome sometimes worked.  Then Xscreensaver worked in lieu of Gnome screensaver.  Imagine my surprise when I got a screensaver and power management without messing with startup apps and shutting down native processes.

There’s more, but those are the high points.  Not all of my experience with The latest distro has been rosey though. There were some aspects that made me wonder what I was thinking.

The Lows:

1) Partitioner? More like PartitioNOTer:  I’m serious.  Just stop acting like you can resize partitions for dualbooting.  I’ve never once had a linux distro successfully resize a Windows partition.  I tried for about 30 minutes to resize the Vista partion before breaking down and using the Vista system to resize itself.  The process took under one minute in Vista.

2) But I like Jackelopes better than Koalas:  I started out with 9.04.  Unfortunately the linux kernel used in Ubuntu 9.04 didn’t recognize my soundcard(Creative Soundblaster X-Fi Xtreme).  There was a three page tutorial for building a workaround module into the kernel but there were a couple caveats.  One, you lost all but duplex capabilities on the card.  Secondly, you had to follow the three page tutorial every time you upgraded your kernel.   Thirdly, users had a huge amount of problems with the process.  To say they had mixed results would be kind.  Fortunately the latest kernel supports the card, so I decided to upgrade to 9.10(Karmic Koala).  It’s only a couple of weeks prior to the official release and to be honest there was no way I was going to go to all that trouble for mediocre results.  Upgrading to 9.10 led me to my next hiccup, however.

3) We get it, you like absolute control: Another reason I wasn’t hot about running 9.04 was because of the age of the apps available.  If you’re running a major version behind on a browser, you’re doing something wrong.  Sure, we can build apps into the distro, but there might be something behind letting the user deal with the third party apps like OpenOffice, Firefox, Songbird and more.  For instance, my upgrade from 9.04 to 9.10 kept failing.  after trying a few times, I began rooting through the logs to find out why.  I eventually did find the problem.  OpenOffice was causing the complete failure of the upgrade.  A word processing app stopped my OS upgrade.  As another example, this thread guides you along the process of installing the latest Firefox 3.5 and getting your menus to accept and use it.  The fact that this thread exists is proof that linux hasn’t figured out how to relinquish control of apps that have nothing to do with their distro.

4) Networked drives… they’ve been around a while you know:  It’s still a process of adding options to your fstab entries until you get a working Win share.  And don’t forget to install smbfs!  Oh, and linux still thinks there’s nothing wrong with shutting down the network prior to disconnecting network drives.  Hello, minute and a half shutdowns!

5) Make the brown stop.

I could nitpick but to be completely honest, I’m happy with the way everything has gone and barring any oddities that impact my productivity, I’m going to end up one of the Ubuntu flock for a while.

If I can get over their brown fetish.

Let me just say that I get it.  You can’t donate to every open source script that you use.  You’d be broke in a short period of time.  That being said, I’ve donated to IEs4Linux.  I own Mozilla t-shirts.  I’ve given money to the Dreamlinux community.  I’ve sent money to Brad Sucks, Harvey Danger, MC Frontalot and countless other musicians in return for their music.  I figured that although not all the people downloading my scripts would be in a position to compensate me for the scripts they were using to make money, surely the wheel of fortune would stop on my spot every once in a while.

Four people donated.  The total equaled less than three billing hours for coding. So how many people downloaded the script?  Hundreds of thousands.   The last version alone of the most popular script was downloaded over ten thousand times.

Check out the Google search.  I name my scripts only after ensuring that the proposed name garners zero results on Google.  This helps me keep an eye on the script’s use and popularity.  Of the 116,000 results you see in Google, after the first 6 results, almost all are the script in use by people that didn’t even take the time to change the default page title from the script name.

So, of the hundreds of thousands of people using my script, four people felt compelled to repay me.  It’s kind of mind boggling when you take into account that almost 100% of the installs were used to try to make more money.

A couple days ago, I was reading a post from a gentleman that wasn’t smart enough to figure out the URL path to the script he installed( http://www.domain.com/public_html/automonial  was his best try) and I was trying to help him.  During one of his responses, as I was reading sentences laced with capital letters and bolding, I realized that I just no longer gave a shit if these people were able to install my script.  Further, I no longer wanted to provide anything to them.  See, I was able to handle the fact that hundreds of thousands of people would use the fruits of my labor to make money without ever feeling the need to thank me for the ability, but now I was expected to take shit from people too stupid to determine the URL of their script install?

I decided to join the ranks of the millions of open source developers that decided to not develop openly any more.  It was frustrating to realize that not only did people have no issue with using you, they could give two shits less about the continued development of the very script they were using to make money.  They got what they needed and didn’t give a flying fuck if you were developing tomorrow.  In the case of the people that weren’t smart enough to install the script on their own, they saw nothing wrong with receiving assistance via the forum, sometimes having me install the script for them, before going on their merry way, again without any compulsion to thank me for making them money.

I will always consider open source to be the right way to develop.  Further, I appreciate it more than I did before trying my hand at it myself.  I will still thank those willing to provide something to me without restriction, encryption or other crippling aspect by donating to their project.

I have to.  I’m obviously the only one keeping their coffers full.