2011-11-28
The login name problem
I have been vaguely considering getting a Twitter account or two for a while, but so far haven't done so. As before, the big stumbling block is that Twitter makes you pick a username and none of the ones that I find even vaguely attractive are still available. My usual login name is taken, as normal (it goes fast on many services). So is my last name (probably by a relative), my first name, a variant I sometimes use, a variant of my last name, and I don't feel like going on any more (it's too depressing). I can find only one vaguely appealing variant that isn't already taken (and I'm not going to say what it is).
Part of the problem is that people on Twitter use your username, which places a premium on short and memorable ones (especially given the size limit on tweets). But beyond that it's not just that Twitter requires me to pick a username per se, it's that it requires me to pick a public, more or less permanent identifier for myself. This is a fundamental problem because, as always, good names are hard. They are hard for people to come up with and there's only a limited supply of them.
(Twitter apparently allows you to change your username, but I suspect that that orphans your old Twitter URL and probably confuses people who knew you under the old name.)
Doing this is generally not actually necessary in most web services. Flickr, Facebook, and Google Plus (despite its serious flaws) all get this right; you can start using each service without creating such a permanent identifier. Oh, Flickr and Facebook have optional permanent IDs (and G+ may as well someday), but they really are optional; you can use the service for years (even as a paying customer) without having to commit yourself to one, and everything works fine. The most that happens is that the URL for your stuff is somewhat uglier that it could otherwise be.
(To be fair, all of these services make you give (or pick) your name and Flickr makes you pick a username. However, you probably already have a name you want to use and you can change all of this stuff if you want to. I've seen people rename themselves on Flickr all the time, not infrequently to add temporary status messages.)
The usual reason to force your users to pick login names is to generate URLs for them. However, Flickr shows that this isn't necessary; you can generate ugly URLs for now and let users improve them to nice URLs later when they make up their minds. Flickr even has convenient ways of referring to people who have not done so.
(To be fair, what differentiates Twitter from Flickr here is that Twitter wants people to be able to enter tweets as essentially plain text from outside itself; Flickr is content to require you to use its special markup to refer to other Flickr accounts.)
2011-11-05
Understanding Apache's Allow, Deny, and Order directives
Suppose that you want to add some IP access restrictions to your web
server, and you're using Apache. Apache supports this with its Allow
and Deny directives, but how you set them up is not clear. The Apache
documentation confused me on this recently, so I am going to write down
my own version of it.
The first thing to understand about Allow, Deny, and Order
is that the last rule that matches wins (unlike the more common
'first match wins'). Order sets the order that the two sorts of
rules are checked and thus determines what the 'last' can be. In
turn this leads to how to decide on what to set for Order: you
should use 'allow,deny' if you want to selectively deny some sources
and 'deny,allow' if you want to selectively allow only some source.
Thus we get the template for denying bad sources:
Order allow,deny Allow from all Deny from BADIP1 Deny from BADIP2
And the template for selectively allowing some sources:
Order deny,allow Deny from all Allow from 127.0.0.1 Allow from GOODIP1
If you are a firewall person you are now wondering what the default
policy is if there is no explicit match with either an Allow or
a Deny rule. The answer is that Order is inconsistent. 'Order
allow,deny' is default-deny; 'Order deny,allow' is default-allow.
This allows you to leave off the boiler-plate 'Allow from all' or
'Deny from all', if you are the kind of person who wants to do that. I
don't plan to ever do so; the whole situation is confusing enough as it
is without adding extra things to remember in the name of saving one
line.
The default Order is 'deny,allow', which means that at least in theory
the simple way to block bad sources is just to start writing Deny
rules without anything else. (I have not tested this.)
All of this is in the documentation for Order,
Allow,
and Deny if
you read it carefully.
2011-11-04
More on my Firefox 7 extensions
Rather than try to answer a number of comments on my original entry in more comments, I'm going to promote my replies to an entry (or more than one), and along with it I have some updates on my extensions due to things I discovered because of the comments.
If you don't like sending referer information to everyone and your ad filtering proxy does not cover it, the RefControl addon is quite handy.
I actually like sending Referer information. To my mind it's the right thing to do from a social perspective; it's basically a form of giving credit where credit is due. There are occasions when I want to suppress it, but they're rare (and I have a manual workaround when this comes up).
This probably makes me a peculiar person, and certainly Referer is increasingly degrading in the face of the modern social web (but that's another entry).
Bottom status bar (now called the Add-On bar) can be displayed with CTRL+/ or via the Options submenu.
For me, the most important feature of the old status bar was that it displayed a great deal of a link's target in a way that did not overlap with the content text. In the process it promoted content readability by creating visual separation between the content and the end of the window without using up too much space (less than a line of text in my usual font). This is not available in the new Add-On bar, and thus as far as I'm concerned makes the Add-On bar mostly a waste of space unless I really need to get at an addon's controls.
(This is why I called it an effective disappearance.)
Which leads me to a new essential extension, courtesy of another commentator: Status-4-Evar restores the old display of link targets, among other features. I believe that the status bar is now slightly taller than it used to be, but I can live with this since I can actually see where links are going once again. A useful page load status is nice to have back too.
(I care about this more than you might think.)
You should really look at ghostery if you like no script. No script is an all or nothing deal. [It's] a security measure when you whitelist a domain that you most likely didn't inspect yourself.
There's two parts of this.
One way to put it is that I consider the all or nothing nature of NoScript to be a feature. Before NoScript even existed I worked with JavaScript entirely off, turning it on only when absolutely necessary. Thus for me NoScript is a way of conveniently temporarily turning on a limited amount of JavaScript, instead of (temporarily) turning on all of it. I don't use the default NoScript list of permanently whitelisted websites, as I consider it to be far too permissive.
(I just checked my prefs and right now my permanent whitelist is YouTube and some internal sites at work. I think that I can trust the latter. The former is just laziness.)
At the same time Ghostery does look interesting, because it stops a lot more than just JavaScript. Unfortunately I think it's too noisy for me to use, because it really wants me to pay attention to it so that it can horrify me with how much I'm being tracked. Well, I already know that I'm being tracked a lot; I just want not to be tracked.
(Even in 'status bar only' form Ghostery keeps changing what it looks like by displaying a count of issues. That's too noisy; it should just alter the icon a bit to show 'no bugs' versus 'some bugs, you can pull up the menu if this surprises you'.)
Another commentator suggested doing cookie management by forcing almost all cookies to be session cookies (except whitelisted ones). This is an attractive notion for people who close their browsers all the time, but the problem for me is that I strive to keep a single Firefox session running for months. 'Session' cookies thus would persist for potentially far longer than I want.
(In practice most of my cookie management (ie, cooking discarding) is done in a filtering proxy. I mostly have a cookie management extension to deal with https sites and any cookies planted on me by JavaScript that I have to run.)
Now, an update on cookie extensions. It turns out that there is a Firefox 4 version of CookieSafe, with a page here and the actual source here (it requires manual installing). Since this appears to work and I found a number of limitations of CookieMonster once I started really looking at it, I've now reverted back to this version of CookieSafe.
2011-11-03
My Firefox 7 extensions
If you use Google services, you may have noticed that they recently yanked around the design of pretty much everything. Part of that work basically forced me to upgrade from a self-compiled Firefox 3.6.2x to a self-compiled Firefox 7, because Google carefully broke my workaround to their previous search design issue by degrading the HTML returned when you visited in Firefox 3.x from a <div>-based layout to a table based layout. Since I can't stand the stock Google search results layout, it was either switch search engines or update to Firefox 7 to get a fixable, <div>-based layout back. I opted to do the latter.
(It helped that since I upgraded to Fedora 15 at both home and work, my testing instance of Firefox has been Firefox 7 so I've already partly acclimatized to it. I might have been very grumpy with Google if I had been forced into Firefox 7 cold.)
I am not entirely fond of Firefox 7's interface, but I can live with it. However, now it's time to update my list of essential extensions from the Firefox 3 version:
- NoScript
continues to be one of my two core extensions. It works. What more can
I say?
With the effective disappearance of the bottom status bar in Firefox 7, I now put the NoScript menu button in the top bar.
- All-in-One Gestures
(or more specifically my tweaked version of it) is my second core extension.
It too works fine. As is by now standard, I turn off A-i-O autoscroll
in favour of native autoscroll.
(I experimented with FireGestures at one point but at the time it had an odd bug where font size changes didn't persist and would revert back to the default sizes very easily. I can't remember if this was in Firefox 7 or Firefox 3.6.)
- Stylish
continues to work and to be essential for suppressing horrible design
decisions that sites I feel compelled to use keep trying to stuff
down my throat.
- It's All Text is
rapidly becoming essentially for any browser instance that I use a
lot, because it handily deals with how browser make bad editors. Now that I actually run a current version
of Firefox I can actually use it, unlike earlier.
- I had to switch to CookieMonster for
suppressing cookies, because my old standby CookieSafe doesn't seem
to work under Firefox 7. Since I just switched I don't know how well
CookieMonster is going to work, but it seems acceptable so far.
(See my original entry for an explanation of how I handle cookies in general.)
I no longer care about the Nightly Tester Tools extension. The relentless march of Firefox version numbers has created a situation where running the bleeding edge Firefox means doing without extensions relatively frequently, and I'm no longer willing to do that. At the moment I'm running a patched and self-compiled version of the current release version of Firefox 7 and I expect to continue doing so in the future; if anything I'm likely to lag behind the official releases (as I did recently, when I was still running Firefox 3.6.x well after Firefox went past that).
My list of extensions that I don't use from 2006 (and why) continues to be applicable. The only extension I'll add today is:
- Firebug: I only need this once in a blue moon to analyze site structures so that I can write a Stylish rule to defeat their attempts at bad layouts. In a spirit of minimalism I don't keep it installed at other times.
(I write these entries partly so that I can come here on a new machine and immediately have links to all of the extensions that I want to install in order to civilize my Firefox.)