A Consuming Experience

I've started using the free microblogging (or, for me, more microchatting!) service Twitter a lot more lately, but posting URLs (web addresses) within a tweet takes up too much valuable room when you've only got 140 characters to play with.

If you try to include a URL of more than a certain length in a tweet, Twitter does automatically shorten it using TinyURL, but the catch is that the full length of the original longer URL is still counted towards your 140 characters behind the scenes.

So the best course is to reduce or compress the length of the original URL yourself as much as possible first, then paste that "manually" -shortened URL into your tweet.

URL redirection or compression services

There are several free URL redirection services around that will shorten URLs for you, of which I think TinyURL was the first - certainly it's the best known.

You feed them your long URL and they produce a reduced short URL you can use instead which, when clicked, will redirect the clicker to the original long URL. Usually you can just copy and paste the tinier URL.

These address compression services are probably most often used to produce short URLs which the user can then paste into an email, as often long URLs which extend over more than one line will "break" in emails and then the recipient won't go anywhere on trying to click them - not unless they edit the URL first, which is problematic for novices who don't realise that, and inconvenient for everyone.

URL redirection services have their risks (see the Wikipedia TinyURL article), of which the main one to me is that the service goes down or goes bust and then their URLs will stop working. But personally I'm willing to take the chance where it's for ephemeral use, e.g. in tweets which people are unlikely to look at after a day or two.

is.gd

The main service I use for address shortening is is.gd. Why? Because every reduction in character count helps, and is.gd produces the shortest URLs of any URL shortening service I know of: 5 characters in their base URL, compared with 11 in tinyurl.com, for starters. Hey, 6 characters can make all the difference, if like me you find cutting down verbiage hard work!

Also, I like the fact that they produce the shorter URL in a text box, whereas with TinyURL the shortened URL is displayed in the main body of the resulting webpage. Why do I care? Because my Nokia N95 mobile phone lets me copy and paste text (including URLs) from a text box, but not from a webpage - and believe me when you're using a phone without a full keyboard, copy/paste can save bags of time and frustration.

is.gd bookmarklets

Now is.gd do provide a Shorten with is.gd bookmarklet which you can click in your browser Favorites, Links bar or Bookmarks Toolbar in order to automatically produce their compressed URL for the webpage you're currently visiting (what are bookmarklets / favelets and how to install and use them).

But what if you want to shorten a webpage's URL without having to go to that web page first, e.g. you've saved the link to its URL previously or you can just rightclick a link to it to get its URL?

is.gd don't seem to have produced a favelet for that, so I have. Here it is:
is.gd shorten URLs bookmarklet (which I've also added to my page of useful bookmarklets for bloggers)

Hope it's useful!

(For Firefox users there's a much fancier add-on for is.gd you can get, but it's obviously not available for users of other browsers like Internet Explorer, whereas bookmarklets generally work in all sorts of browsers.)

Labels: browsers, free, tools, Twitter

Speed tip: if you're a faster PC go go keyboard person like me and use Internet Explorer, try installing this speedup searching hack for Internet Explorer, for quicker access to Google. I use Ctrl-l to call up the address bar then type g then space then my search, for very quick results (or you can just click in the address bar then type the keyword for the site you want to search, space, then the search term, if you prefer). So I use w for searching Wikipedia without having to go to that site first, and so on.

This "one letter search" or "shortcut search" trick works for searching your favourite sites other than Google too e.g.Wikipedia or Amazon, and you can use more than one letter to trigger your search if you wish, as long as it's not already in use. For example I use "rt" for searching Rottentomatoes.com for movie reviews, and "f" for Google Product Search, formerly Froogle, for price comparisons of stuff I want to buy.

In Firefox and Opera the same feature comes built in - just go to the Wikipedia or your other fave search page, rightclick in the search box, choose "Add a keyword for this search" (or "Create search" in Opera) and type your info including the chosen keyword like w, if it's not already taken (you can use more than one letter for a keyword like "wi").

Creating search in Firefox

Creating search in Opera

Carrying out the search

Then to do the search, go to the browser address bar (or use Ctrl l hotkey which I find quicker), type in the keyword, space and your search terms, and hit Enter or Go.


You can later edit your shortcut searches too (Firefox: the search is a bookmark, find it, rightclick it, choose Properties; in Opera: menu Tools, Preferences, Search tab), so it's well worth setting up search shortcuts for the main sites you regularly search.

Labels: browsers, search, tips

Apple have now released a QuickTime 7.2 security upgrade for Windows Vista and XP SP2 which fixes a QuickTime security vulnerability that could allow attackers to take over your computer via Javascript run over the internet e.g. if you tried to go to a supposed Quicktime link or certain other media links on a dodgy website in the Firefox browser - a security hole which Firefox developers previously plugged in version 2.0.0.7.

If you have Quicktime in Windows Vista or Windows XP Service Pack 2, you should install the update ASAP to protect your online security. (Mac OS X users weren't affected.)

Via Heise Security.

Labels: browsers, Firefox, security

I love Firefox, but there's one thing I'd change about it: the history. It's too hard to find a page again which I know I viewed recently, where I know the site it's from but I just can't remember exactly when I last viewed it.

In the history sidebar, viewing the history by site doesn't list all pages in your history properly. It lists all the web pages in your history, in alphabetical order by the page title - not even the visible title shown on the page, but its title as given by the page author in the head section of the page's HTML metadata, i.e. it's a "behind the scenes" title.

That means it doesn't even group webpages from the same site together alphabetically - it only does that if all pages from the same site start with the same words in their title (like "phydeaux3: GData Javascript Library", and "phydeaux3: YouTube Goes GData"), which relies entirely on the website owner having consistently entitled all their pages in that way. A long list of titles, not even ordered properly by site, is not exactly easy to navigate round, never mind find the page that you're looking for (and I don't think the history searching in Firefox is easy either, by the way).

Here's what my history "View By Site" looks like in version 2.0.07:


Surprisingly, someone reported this as a bug only relatively recently, in April 2007. I should have got off my butt and reported it myself much earlier, as it's been bugging me ever since I got Fox, but I didn't want to moan publicly too much. So all I did was forlornly do a search once in a while to see if anyone had fixed the problem, then moan quietly to myself and grumble a bit when I still couldn't find anything.

Well, I can now say - Huzzah! I've just noticed that the official Win32 20070823 [Trunk] build fixes this issue. (If you want to download it use the "All.. hourly builds for the last 14 days" link, if the others are broken.) I've now downloaded version 3.0a9pre (Minefield). See this screenshot:


All organised into nice neat folders, grouped by main domain URL of the site. Look at the difference, and drool! (OK, I'm sad like that.) It's so much more usable from a consumer and personal information management point of view.

I'm not going to use Minefield as standard because it's still experimental and I'm a scaredycat, plus more to the point my essential extensions like Greasemonkey don't seem to work with it yet.

But by downloading Minefield, I can now just use it whenever I need to view my Fox history by site in a grouped folder way. (Note: you need to close all existing open versions of Firefox before you try to launch Minefield's Firefox.exe from your unzipped download folder, or it'll just open your existing version of Fox.)

So now you too know how to view your Firefox history by site, organised properly by site into folder groups, pending the release of 3.0, and if you need that feature you could try doing the same.

Huzzah, I say again! I can't wait for 3.0!

Labels: browsers, Firefox

Firefox users should upgrade to the latest version 2.0.0.7 if they haven't already, as it fixes the QuickTime security vulnerability I previously described.

Good on the Fox developer team for coming up with the security update fast - thank you!

Labels: browsers, Firefox, security

UPDATE: fixed in Firefox 2.0.07, do upgrade if you haven't already.

If you use Firefox as your default browser and have Apple's QuickTime plug-in (you probably do if you have QuickTime - see the mozdev site - or iTunes), note that there's a security risk with QuickTime link files in Firefox [UPDATE: should have added the default browser bit earlier, sorry].

That's not just .qtl links but it seems even .mp3, .wav, .3gp, .png and .mov links - for a longer list of possibly risky file extensions and details of the problem, as well as demo links you can click on to see what an attacker could do, see 0DAY: QuickTime pwns Firefox.

A bad hacker could set up a dodgy website so that when you click one of those types of links on that site, they could get into your system by secretly running Javascript in Fox - e.g. install a backdoor in your computer.

Heise Security, where I first read about this, were able to reproduce the problem with Firefox 2.0.0.6 and QuickTime 7.2.0.240 under Windows XP with Service Pack 2.

How do you protect yourself? Until there's an update with a fix, Heise suggest that you should:

• uninstall QuickTime, or else
  
• use the NoScript extension for Firefox (see my NoScript review).

You can guess which course I've taken (or rather, had already taken)!

UPDATE: fixed in Firefox 2.0.07, do upgrade if you haven't already.

Labels: browsers, Firefox, security

If you use Firefox, for your own online safety you should install NoScript. This review of the free NoScript extension for Fox (NoScript homepage) explains why I think that.

NoScript is an extension or add-on for Fox which automatically blocks Javascript and Java from running in Fox. As bad guys could use hidden Javascript or Java on web sites that you visit to infect your computer with all sorts of nasties, NoScript is A Very Good Thing. I've been using it for a month or two now, myself.

I should have installed it much earlier, but foolishly I'd mistakenly got the impression that it killed all Javascript indiscriminately, and because many of the sites I visit won't work without Javascript I just didn't look into NoScript properly until relatively recently. As I mentioned, I was wrong.

As it turns out, NoScript does stop good as well as bad Javascript dead in its tracks - but, you can still access the sites you know are "good" or "safe" yet require Javascript to work, like Gmail, because you get a warning line popping up above your status bar when you visit any site that has Javascript or Java, and then via the NoScript options you can positively choose to Allow (or Temporarily allow) script originating from a particular site to run in Fox:


If you trust the site and click the option to allow scripts from it, you won't see the warning again on future visits to the site. So, you only have to allow a trusted site once - it's really not much hassle for the much better security and protection you'll enjoy.

Why do I think installing NoScript is a no-brainer if you're a Firefox user?

It's not just because I'm the ultra-cautious "safe computing safe sex safe everything!" type who runs anti-virus checker, anti-adware (like Ad-Aware which you can get in Google Pack - ) and anti-spyware software (like Spybot) at least once a week, and an online virus scanner like NOD32's Eset at least once a month. I really think there's no excuse not to be safe when there are so many excellent free computer security tools out there.

The bad guys have moved on: viruses were initially spread by opening infected files on floppy disk or in email attachments, then your PC could be attacked if you were simply online, connected to the internet, without a firewall. Now, your system can become compromised even if you have a firewall and anti-virus, anti-spyware etc software on your computer, just by your going to some dodgy website or clicking on certain suspect links.

You need protection for your browser. And, as is usually the case with computer security and internet security generally, you have to look after yourself - you can't just rely on software or hardware suppliers or ISPs etc to do it for you (though some of them may have to at some point, if the UK government takes up the House of Lords' recommendations in their interesting August 2007 report on Personal Internet Security following their investigation).

Generally, Firefox is thought to be safer than Internet Explorer (), but even Firefox has its vulnerabilities.

There are various potential Firefox security holes or risks which NoScript, and in some cases only NoScript, can stop - e.g. cross site scripting or XSS dangers, or the QuickTime security hole in Firefox.

NoScript provides the necessary defence for many potential Firefox exploits, in my view striking the perfect balance between security and usability / functionality - and it's free.

So if you have Fox and you don't already have it, go ahead and try NoScript, you've nothing to lose (how to install Firefox extensions).

However, I'm still waiting for a workable solution for Internet Explorer. It's certainly not Haute Secure toolbar, in my opinion!

Labels: browsers, Firefox, reviews, security

I tried Haute Secure when it first came out in beta just over a month ago. It's a browser plugin /toolbar for Internet Explorer which is supposed to warn you when you attempt to visit a "bad" site laden with malware which attacks your computer the moment you land on the site, and it will even block your browser from downloading nasty smelly germy webpages.

In their words, "When the bad content attempts to load, our behavior-based profiling algorithms identify and intercept it in real-time, before it installs itself on your computer." How it works: they have algorithms that analyse, identify and stop sneaky malware downloads in real time (and send reports home), plus a database of bad sites kept constantly updated from reports etc, or as they put it: "A distributed real-time malicious link database and a scanning infrastructure that is connected to the client software". They'll also include "malicious content found by others such as security experts and hobbyists joining the fight to stop malware attacks on unsuspecting users".

It's had good write-ups. But I go by my own experience. A favourable review will get me to try something, but I won't stick with it if I don't like it. I don't often blog about things that suck because usually I've picked up enough info to know that I should just avoid them in the first place. But if I come across something that's sucky, I'll say so. Haute Secure is sucky.

In more sober terms, here's my verdict. A most excellent idea in theory, but way too blunt an instrument in practice. I had to uninstall it after a few weeks, it was making my browsing unbearable.

Why? Like I said, it's far too blunderbuss in approach. It tars (and feathers) entire domains with the same brush, without bothering to distinguish between subdomains - like, x.blogsome.com is not the same site as y.blogsome.com, and may not even be run by the same person. Yep, you'd never credit it wouldja. And if you have a script or image on your webpage that's from a supposedly "bad" domain, that'll mark out your site as bad too.

For example, go to Yahoo-owned Mybloglog.com, and you'll get a yellowy reddish brown kinda warning in the toolbar (they call it "orange" but I guess my color vision is different...):

Or a messageboard where someone's posted pics from Photobucket:


Here's another well dodgy site, oooh look, see the warning on the right:


And why was my blog suspect, pray? You can click on the Haute Secure toolbar then 0, 1, 2 "Blocked URLs" to check, and, hey, whaddaya know, that well known and now Google-owned purveyor of malware Feedburner (not!) was one of the chief culprits. It wasn't me guv it was that nasty malicious Feedburner:


See, Haute Secure even went dramatically red on another site because of Feedburner, oooh we're really taking agin Feedburner now aren't we, bad bad bad Feedburner:


One of the few totally safe "blue flame" sites was Google:

But Google didn't escape entirely. Not all Google domains were considered non-evil, oh no - there's that suspicious dirty mac-donning googlesyndication.com, fer instance:


The last straw for me was when it stopped IE dead in its tracks when I tried to drop by John Tropea's site:


And why was John's site so all-fired dangerous then? (yeah yeah, can't resist those fiery puns, so poke me with a match). Because it's on naughty smackit Blogsome, is why:

At that point I completely had it (though I didn't quite lose it), and uninstalled Haute Secure. Sure, you can choose "Continue" to visit red sites anyway, or unblock a site it's decided to kill:

But really, why should you have to? Are Haute Secure having a laugh or what? Just because some bad guys have set up malware-ridden sites using Blogspot.com or Blogsome.com addresses, just because some of them burn their feeds using Feedburner, why should legitimate bloggers on one of those "tainted" domains (or who have incorporated pics or scripts from a tainted domain) be given a bad name and hung too? What on earth were Haute Secure thinking? My fingers are tired enough from constant typing thank you, why should I keep having to manually choose to continue to or unblock perfectly safe sites?

It's like anti-virus or anti-spyware software which keeps coming up with too many false positives, false alarms. It wastes your time, you stop trusting it, you stop using it.

Yes, Haute Secure issued an update a couple days ago, but it sounds like it's just fixing crashes etc. Me, I've lost interest, like many other people I just haven't got the time, I'm not going to bother to try it again. Not (perhaps) unless I know for sure that they've sorted out the sub-domain and scripts etc issues. Great great idea, huge glaring gap in the execution.

Labels: browsers, reviews, security