Sunday, November 24, 2013

Securing Your Firefox

While its popularity suffers from a decline in the past year or two, Firefox is still a great browser which has a lot of things to offer. One of those things is the ability to control whether a plug-in will start automatically when the relevant content is being loaded, or should the browser ask for the end-user’s permissions to activate the plug-in on a per-site basis.

When can the above functionality be most useful? When defending against malware. The sad truth is that being infected via a drive-by malware is something that can happen to anyone, regardless the security measures being taken (e.g using Linux or OSX, having an anti-virus running or using a browser which is not IE). Due to the increased efforts in making it secure, Firefox has very little known vulnerabilities in the core browser engine, forcing the bad guys to opt for its plug-ins as the attack vector.

Unfortunately, Adobe (maker of Flash and Reader) and Oracle (maker of Java) are still doing a so-so job in terms of making secure software, thus it is recommended to have their plug-ins run only when the user approves them to run.
As a matter of fact, I’d recommend getting rid of Java and Reader entirely, yet Flash is still needed for many sites, thus cannot be discarded easily.

So how could one make Firefox ask for a permission to run such plug-ins? Easy:
  1. Open the “tools” menu and choose “add-ons” (ctrl-shift-a for non OSX users).
  2. Choose the “plug-ins” tab on the left panel.
  3. Choose “ask to activate” for the not-so-secure plug-ins.

That’s it. Have a safe browsing.

Friday, November 8, 2013

Be specific with your python conditionals

Here’s a mistake in Python that I saw getting done time and again:
some_val = some_dict.get(some_key, None)  # the None is optional in this case
if some_val: do_something(some_val)
What’s wrong?
Usually, the person who writes such code wants do_something to run whenever some_value is not None, yet if some_val is an empty list, empty dict or even the number 0 - do_something will not run! The right way to do it is:
if some_val is not None: do_something(some_val)
alternatively, one can check
if some_key in some_dict: …
Both options are more verbose and will get the job done.

The OSX ‘open’ command

A few days ago I was asked “how can one open more than a single instance of an application in OSX?”. The question was raised because by default OSX will open the already running application instance when an application icon is clicked (or entered via spotlight) more than once.
My first guess was to invoke the application executable directly from the command line - and it worked. But then it made me think maybe there’s a better way to do it, so I found the open command. This command is quite versatile, allowing one to “open” a file with its default handler application or with an alternative one, open any file with a text editor, stream the standard input to a text editor, fix applications which has windows that has gone out-of-view and more. For the above requirement, the “-n” flag can be used, such as:
open -n /Application/
The application becomes independent from the terminal session and the prompt can be used to re-launch another instance immediately. Simple and elegant.

Monday, January 28, 2013

Alexa domain ranks in Python

After the 10th time that I've developed a similar capability, I finally decided I should create a public, open-source, Python library for getting the Alexa rank given a URL.
Even though it's not complicated, I imaging many people could enjoy such ability. Also, I'm open for suggestions if anyone requires enhancements.

I'm currently thinking about creating a Node.js web API which provides similar abilities, for those who prefer having this solution accessible in such a manner.

The code can be found on Github.

Tuesday, December 4, 2012

SQLite DB with Orange Data Mining

The following post has no agenda or moral. It's just a story about stuff I did at work and some code I published.

Not a long time ago I was requested to bring my data-mining knowledge back from the dead. The project is actually quite fascinating, something in the software security field, and it's a shame I cannot provide much more details in this blog.
Anyway, since budget is low, and I tend to prefer open-source solutions, I installed Weka and Orange on my machine. Since the raw data to be processed is stored in a SQLite DB and since I recall I had better experience with Weka - I went for the first.
After a few hours of breaking it and trying to get it to produce some decent classification rules, I gave up on it. I guess that the fact I now love Python more than Java (it wasn't always like that) had quite a serious weight on my decision to stop trying to get Weka to work, so Orange it is.

Unlike my previous experience with Orange, back when I was a student, I figured I should go with the core framework - no UI, only Python commandline and scripting using Orange's extensive data-mining libraries.
After refreshing my memory with the tutorials, I felt comfortable with it, yet I realized Orange isn't capable for handling SQLite DBs. Instead, it uses some of the industry's common file formats for data-mining, and TSV. Yes, TSV. But this shouldn't stop me, right?
Few minutes later, I had my first SQLite-to-TSV converter up and running. You can find the sources on github.

From here, everything was a breeze: some data fiddling, some algorithms threshold settings, and results started to appear. Cool.

Monday, September 24, 2012

Boring Android UI

I am an Android user for a year and two months now. The only Android device I have ever owned is the Samsung Galaxy SII. Before that, I had installed nitdroid on my N900, but it was mainly for fun and the ability to show off how great the N900 was. My only previous experience with smartphones UI was with devices made by Nokia: E65, N95 and as mentioned, the N900. The first two had:
  • A home screen with a single row of the most useful apps, similar to the bottom row usually found in modern smartphones.
  • A menu of all of the other apps, which is basically a grid of icons and folders containing icons. Exactly like what can be found in modern smartphones.
The N900 was more refreshing, as it supported widgets, kind of like what you can find on Android devices (hi Apple, people love having widgets, seriously).
So when I got my Android device, I felt at home right away with the new desktop environment, which originally was the TouchWiz launcher. Actually, I can't understand Apple's claim of Samsung copying its UI from them, since it reminded me much more of the Nokia UI, but never mind...
After playing around with the device for a while, I figured I should be switching to other launchers, to get a richer experience of what can be done with the Android desktop. But seriously, other than effects and perhaps smarter widgets, there was nothing more to it.
Recently I tried Launcher 7, which is supposed to mimic the Windows Phone experience on Android devices. Since I have only one friend who owns a Windows Phone device (and he is a MS employee, so you cannot credit him for actually buying the device), I wasn't very familiar with the Windows Phone UI. After a using it for a while I was really impressed. This is a really fresh smartphone UI, which doesn't resemble anything else out there, and most importantly - doesn't resemble the UI I had back in 2007.
Does it mean I suggest you all to start using Windows Phone? no. It does mean that there is place for innovation which I hope will happen as soon as the new Windows Phone devices will start gaining market share.

Update: in the week that past since I wrote the first draft of this post, I've demonstrated Launcher 7 to several other Android users and all of them were really impressed as well. I guess there's something to it...

Monday, May 14, 2012

Blogging for the .NET framework

A system I've been working on is based on the .NET framework. It seems that Mono and Apache on a web server is a pretty good combo, and I recommend everyone with a spare day or two to give it a try.

Anyway, I needed to run a blogging engine on that same server and have that blog support Hebrew and right-to-left languages. While there are several good blogging engines for .NET, not all would run on Mono and most doesn't do the RTL part good enough.
My first attempt was to use SubText, but getting rid of the SQL Server dependency and adding the RTL support became too much of a hassle. I picked SubText for it being notorious for its simplicity and elegance, but while I was ready to invest some customization time, it demanded too much of it.
My second attempt was BlogEngine.NET. What can I say - I fell for it almost immediately. The platform is versatile enough to support not only many RDBMS's, but it also allows storing the posts in XML files. Nonetheless, the translation to Hebrew wasn't complete and there was no RTL native theme for it. So I made one.

BlogEngine.NET is hosted on CodePlex and uses Mercurial for its source control. I had a fork of the project in no time, so I started making the required changes and created a new theme based on the default one. Since I don't want to maintain a fork of the project for eternity and since I want others to enjoy this new feature, I've sent a pull-request which was accepted yesterday. So starting from version, you can enjoy BlogEngine.NET for your Hebrew blog.

As always, it feels good to contribute back and to know that my code can be further enhanced by other developers.

Happy blogging.