My Firefox Tweaks

Despite everything I’m still a Firefox user and can’t see myself changing any time soon.

I have been making more and more changes to my standard Firefox configuration (outside of extensions) and keep forgetting to document them, so here they are (at least, a few of the ones I can remember – I assume I’ll find/remember for).

dom.event.clipboardevents.enabled = false

Overrides the ability of sites to handle clipboard events. This stops bad websites from preventing you from being able to paste your secure passwords into their password fields. (Docs)

network.http.speculative-parallel-limit = 0

Disable the completely rude speculative pre-connections feature which will open connections to sites based on several hints without you actually clicking on them. (Docs)

browser.pocket.enabled = false

Gets rid of that Pocket stuff which was stupidly added by Mozilla in v38.0.5. (Docs)

browser.urlbar.unifiedcomplete = false

Disables the annoying “visit” thing that pops up in the address bar as of v43:

visit-firefox

(Docs)

app.update.auto = false

Disables auto download and install of updates. (Docs)

browser.newtabpage.enhanced = false

Disable the ad tiles that turned up in v34.

browser.altClickSave = true

ALT-clicking a link to save it to disk worked happily until Firefox v13, when it was disabled by default.

browser.urlbar.trimURLs = false

Stops removing the ‘http’ part of URLs in the address bar. (Docs)

browser.display.background_color = #CCCCCC

I likes me a grey background.

privacy.trackingprotection.enabled = true

Enables Firefox’s tracking protection, blocking several trackers which allegedly enhances privacy. I typically have this set to false, because it can break a few things (some video players seem to rely on these trackers), but it’s good to know about. (Docs)

Google Ending Deceptive Download Buttons in Ads

Google announced yesterday that they’re ending the practice of allowing advertisers to use deceptive “download” or “play” styled advertisements in AdSense ads, dubbing it a form of “social engineering”.

If you’re an Internet user that has ever tried to download or watch anything on an ad-supported site, you will have seen these stupid annoying ads. On some sites they’re styled carefully to match the look and feel of the rest of the site, so they can look like actual native content – but they’re not, of course.

They’d look something like this:

download-play-ad

(Even worse, often they seem to link to third party versions of popular free/open source files – Adobe Acrobat Reader was always a popular one. I can only assume these third party versions are wrapped with adware or malware to justify the adverts.)

Here’s an example I just pulled off AusGamers right now:

ag-download-ad

If you’re a user, these make browsing the web irritating at best, but really they’re outright deceptive and can even be dangerous.

It’s obvious why these ads exist – there are enough users out there clicking on them to make them profitable. The cost of running the ad is less than whatever profit the advertisers are making from selling whatever the hell it is that they do.

As a result, it’s obvious why they end up on sites like AusGamers. AdSense rewards site operators on a per-click basis. Ads that perform well reward them more. On sites that offer a lot of downloads where the user’s brain is already in “GIVE ME THE DOWNLOAD BUTTON” mode, it is pretty easy to see how they work.

I have always hated these buttons for this reason. I was massively embarrassed when I started seeing these on AusGamers – putting AdSense on our download pages was something we did only relatively recently. So I decided to try to turn them off.

After figuring out the AdSense control panel I discovered that you could in fact block certain types of ads. However, each ad needs to be blocked individually in the Ad Review Center. This is what it looks like right now:

ad-review-centre

If you click through you’ll see there are 12 ads there – several of which are stupid download ones – but that this is only page 1 – 12 of about 106,961! Now, Google anticipated that you might not want to click through hundreds of thousands of pages of ads, so you can actually block entire ad accounts.

I went through several times when we first had these ads turn up and started blocking ads and accounts. Here’s a screen capture from a couple years ago:

blocked-ads

This is just one page of many (… many) which contains all the ads I’d blocked. Further, I’d blocked all the accounts I could find responsible for these kind of ads. But it made basically no difference to the number of these ads that showed up on the site.

It was an unstoppable tide of bullshit ads that – despite spending many hours manually blocking ads and blocking accounts – I could do nothing about. It made me sad.

I’m relieved to see Google taking action on this. It will make the web better. It will make users safer. And it will make site operators that run AdSense feel less like jerks for having these deceptive ads on their sites.

Reflections of an Australian Startup in the Midwest

In November 2013 I moved to the US – so as I write this, it’s been just over two years since I became a non-resident alien in the great state of Ohio.

The entire time I was here I envisioned writing a bunch to explain what it was like moving over here and trying to expand our tech company – a virtual server hosting service called Binary Lane – into the US market. But, reasons, and I never did, and I’ve felt guilty about it. Now 2016 has arrived I thought I’d try to put some words down.

The first thing I wanted to scribble were some notes about why an Australian tech company might want to consider destinations that are alternatives to Silicon Valley.

I have finally done this and posted my rather long and windy series of thoughts up on Medium. I hope it’s useful to someone and plan to write some more on the topic.

Moving on from the USA

It’d been just over two years since I moved to the USA, and my time here is now almost at an end. Sadly I’m not going back home to Australia just yet – in January 2016 I’m moving to London.

There are few cities that can genuinely be considered capitals of the world – and London is at the top of the list. A nexus of culture, finance, technology, and history, it has everything I could possibly want in a place to live. (Except, perhaps, too many English people that remember the result of the last Ashes series.)

With the exception of Brisbane – which for me will always be home – there is nowhere else I’d rather be going.

I’m excited about a new adventure in a new land; from a personal point of view I’m looking forward to being able to explore the United Kingdom in more detail, and being at the doorstep to the rest of Europe. From a professional perspective, I can’t wait to check out their entrepreneurial and startup ecosystem to develop new insights that I hope to bring back to Australia.

When I first moved here, I’d planned a whole series of posts that I fully intended to write about the journey, mostly targeted to Australian startups that were looking to expand to the US – how the visa process works, what you need to do when you arrive, what it’s like living in the US, how the midwest compares to the more common destinations… As I look back, I realise I did precisely no writing on this topic.

I hope to rectify this in the coming weeks by providing some reflections of my time in the US.

“Your startup idea is worthless!” and other demotivational posters.

This recent Dilbert comic made the rounds in startup circles recently.

It is well known within the startup community that an idea by itself is not super useful – it is the combination of the idea and execution that matters.

This belief has become almost instinctive now, to the point where people are almost dismissive of listening to ideas from those who they believe have no capacity to execute them (i.e., non-technical people). It’s always fun to hear concepts that people are working on, but hearing about Yet Another App that someone wants to make – but probably won’t – can be tiring.

While it doesn’t seem to result in outright rubbishing of ideas, there seems to be a trend to devalue the concept of “the idea”, which I think has the potential to be demoralising and de-motivational – almost the exact opposite of every other experience I’ve had in various startup communities.

I am very confident this is certainly not what is intended. It is very important to ensure that people that are interested in startup life realise that the idea is only a part – a very small part – of what makes a business.

However, it is hard enough to motivate people to consider a startup in the first place. Creating a perception that “the startup community” thinks ideas are worthless is probably not the right tone to set – everything has to start with an idea.

It’s easy to see why this comic entertains – I loved it. But the response to it (including my own!) reminded me that it’s important not to be dismissive of “idea people”, when instead we should be focusing on encouraging them to execute their idea.

Encouraging More Flexible Government Procurement

Last year, Jon Stewart interviewed Nancy Pelosi on The Daily Show discussing how government procurement sort of sucks. A lot of it was the result of issues with the Affordable Care Act’s healthcare.gov site, which struggled at its launch with a series of technical problems that would make any web developer wince.

The full interview is, as always, an excellent watch.

While the scale of the deployment and the bizarre state of the American healthcare system is almost completely alien to most of us in Australia, there was one part of the interview that resonated very strongly with me as a small business owner who has tried to approach government to solve their technical problems.

Stewart brought up the point that the complexity of the procurement process limits the accessibility of it to large companies – small companies are excluded simply because they don’t have the resources to devote to the tendering process.

The relevant text for those nerds (like me) who dislike video:

Stewart: “Obama’s IT guy, small company, clearly a brilliant guy – he arranged all of Obama’s Internet campaign stuff … That guy couldn’t figure out the process. He couldn’t figure out how to bid for that contract.

He said it was a 300 page document and it seems like it’s obscured like that purposefully so that the larger companies have an advantage because they have teams of lawyers and things that can do it.

I’m presenting it as – “Do we have a foundational problem? Is there a corruption in the system that needs to be addressed to give us the confidence that moving forward, we can execute these programmes better?”

Pelosi: “I don’t think there’s a corruption. There may be a risk aversion with going with the known and then just not being entrepreneurial enough to say, question whether that is really going to do the job.”

If you’re a small ICT company in Queensland looking to expand your customer base, you’ve almost certainly looked at the QTenders site every now and then to see what stuff is on the table.

In general I’ve found the tender documents to be very well written. They’re well organised; it’s clear what they’re trying to do and how they want to do it.

Unfortunately many of the documents are very long – just reading them can be a full day exercise.

For a small company, responding to a tender is the work time equivalent of running an entire project. They often require several people to work on. Given the often short timeframes for tender response – maybe a month – it can mean taking up a huge amount of time servicing other customers.

Arguably, this is just part of the sales process. But large companies have entire teams of sales people that do this. A mate I played soccer with actually lead a team (in mining or something, not IT), the sole purpose of which was to just reply to government tenders, having (over the years) developed a keen insight into how many they’d win versus how many they’d lose.

If you’re a large company, you can afford to do this. You can build your sales process over time and simply absorb the losses incurred by blowing a few human-months of time on responding to a tender. But if you’re a startup or an SME, you’re potentially losing 10-20% of your entire sales effort for a YEAR, working on something that you’re almost certainly not going to win – because the big companies have the tender process so streamlined. They basically have human machines for churning out responses to these things; responses that they probably know statistically how likely they are to win.

The tender process is an important part of open government procurement. But watching the giant companies that win the tenders fail again and again costing taxpayers billions of dollars is starting to wear a bit thin. We need to look at better solutions – dividing large projects up unto smaller and more manageable components and figuring out a way to let our SMEs and startups compete effectively for them, instead of them being excluded because they simply can’t afford a seat at the table.

Idle thoughts on Mozilla, Firefox and Thunderbird.

I’m a big fan of Mozilla and have been a Firefox and Thunderbird user and advocate for many years. The last few years of development on these projects have left me somewhat disillusioned. Firefox seems to be slowly converging on Chrome, with disruptive UI changes making each update irritating, rather than exciting. Thunderbird, despite regular updates, feels like it has stagnated.

I feel like Mozilla have already won the browser wars. I’d love to see more effort going into Thunderbird and Lightning – groupware being something that open source is still really struggling with despite many valiant efforts.

It’s hard to convince myself this is a big deal; web-based groupware is pretty good these days. But I use Thunderbird every day. I’ve become almost dependent on a bunch of excellent extensions. I love having the option to be in complete control of my email.

I wrote about this in a bit more detail at Medium.

Update:

This seemed to resonate with a few people – ended up being the 18th “Most Read” article on Medium and was featured in their Technology section. Also spawned interesting discussion on reddit and Slashdot.

forgetting-firefox-stats

WPUpCheck – keeping WordPress up-to-date

WordPress is a great piece of software, but it’s popularity and superficial ease-of-use combined with the fact that computers are hard means running a site on WordPress is not always as simple as it seems.

I wrote about some of the ways to reduce the risk with WordPress over on the Mammoth blog a while back.

One of the biggest risks is a WordPress site that is out of date. There are three main components to the WordPress site:

– Core: the base functionality you get on a brand new installation.
– Plugins: all the other stuff you install for functionality
– Themes: what things look like

Each component is typically its own code base, requiring maintenance and updates. Many users only know they have updates available when they log in – and many of them don’t log in that often, especially if their site is primarily static.

WPUpCheck is a simple Windows tool that polls a WordPress site periodically to check for updates in any of these three components. If it detects available updates it will bring it to your attention via a balloon in the system tray.

The goal is simple – try to ensure a larger number of WordPress sites are no longer running obsolete, out-of-date, potentially vulnerable software.

Anyone interested in beta testing it can download WPUpCheck now.

Irritation, Confusion and Deception in the Android Permission System

The Android permission system seemed like a great thing at first – crystal clear understanding about what each application can do on your device. However, with the latest round of updates, it has become even clear that the permission system is confusing at best and deliberately harmful for users at worst.

If you’re a privacy/security conscious, tech savvy user, you might end up poring over individual permissions for each application before deciding to install it. This can be time consuming – even experienced users might have to hit up Google to see exactly what a permission means. Sometimes you might even veto an app or an upgrade because of onerous permissions. But if you watch normal civilians use their phone, they barely even glance at the security options, during install or upgrade. I’ll even confess to giving up dealing with permissions and just installing an app because I felt I “needed” it.

Everything looked good for a while back in Android 4.3 with the discovery of the permission tweaking system which lead to “App Ops”, allowing users to selectively enable/disable permissions on a per-application basis, granting total control over what they had access to. This was perfect, but sadly was pulled in a later release, with Google saying wasn’t intended to be available. The clever hackers over at CyanogenMod restored it as part of their release, but there’s basically no way to have fine-grained control over your apps – meaning you accept everything permission that they want, or you do without.

Here’s an example – I just received notice of an update for PasswdSafe:

2014-09-29 17.21.57

Now, the “What’s New” notes are provided by the application developer. Sometimes they are nice enough to include details about why there was a permission change, but I would say this is generally pretty rare.

Here’s what happens when you click ‘Update’:

2014-09-30 01.04.50

You only get this sort of popup when there’s a permission change. So this popup implies – to me, at least – that there’s some sort of permission change involving media, or files, or whatever.

But if you scroll to the bottom of the app page to click on the ‘Permission Details’ icon, you’ll see this:

2014-09-29 17.22.46

Here you can see the new permission actually has something to do with Near-Field Communication! (So in this case, the changelog provided by the developer actually does relate directly to the permission change, though it’s not really clear until you manually inspect the permissions like this.)

While you can find the information, this current flow is totally broken. It’s infuriating that the recent change now seems to actively hide and thus mislead the user.

This UI change is a massive step back for Android; it compromises the ability of the user to make informed decisions about the software on their device.

Setting Up Infobox Templates in MediaWiki v1.23

This article explains how to add the “Infobox” template to your MediaWiki installation. It is primarily intended for people who have installed v1.23 from source.

This is an updated version of this older post about setting up Infobox on earlier versions of MediaWiki. It is basically the same but has been modified to be suitable for the current (at the time of writing) version of MediaWiki, v1.23. Please see the older post for more info and background as well as helpful commentary from other users in different circumstances.

Here are the basic steps necessary to add working Infoboxes to a freshly installed version of MediaWiki. Note that the original steps required the install of ParserFunctions; this is no longer required as it ships with recent versions of MediaWiki by default.

  1. Download the Scribuntu extension into your extensions folder and add it to your LocalSettings.php as described in the ‘Installation’ section.
  2. Copy the CSS required to support the infobox from Wikipedia.org to your Wiki. The CSS is available in Common.css. You’ll probably need to create the stylesheet – it will be at http://your_wiki/wiki/index.php?title=MediaWiki:Common.css&action=edit – and then you can just copy/paste the contents in there. (I copied the whole file; you can probably just copy the infobox parts.)
  3. Export the Infobox Template from the Wikipedia.org:
    1. Go to Wikipedia’s Special:Export page
    2. Leave the field for ‘Add pages from category’ empty
    3. In the big text area field, just put in “Template:Infobox”.
    4. Make sure the three options – “Include only the current revision, not the full history”, “Include templates”, and “Save as file” – are all checked
    5. Hit the ‘Export’ button; it will think for a second then spit out an XML file containing all the Wikipedia Templates for the infobox for you to save to your PC.
  4. Now you have the Template, you need to integrate them into your MediaWiki instance. Simply go to your Import page – http://your_wiki/wiki/index.php/Special:Import – select the file and then hit ‘Upload file’.
  5. With the Templates and styles added you should be able to now add a simple infobox. Pick a page and add something like this to the top:{{Infobox
    |title = An amazing Infobox
    |header1 = It works!
    |label2 = Configured by
    |data2 = trog
    |label3 = Web
    |data3 = [http://trog.qgl.org trog.qgl.org]
    }}
  6. Save, and you should end up with something that looks like this:
1 2 3 4 27  Scroll to top