Archive for the ‘Internet’ Category

Bad Firefox Extensions

Samstag, Februar 15th, 2014

I just found out, that firefox still ran after closing it.
That was strange, so I revisited its extensions.

I found a strange extension
{1c0d37be-0673-4869-ad47-0061db41421e}.xpi
which was installed on 2013-11-08.
I am not very good in reading extension programs. But the only clou I found was a link to an update URL
https://dummf1up57pez.cloudfront.net/watcher/update.rdf

I looked at
https://dummf1up57pez.cloudfront.net/
and received a list of extensions? Most of them had something with „ad“ in their name. I suppose it stands for advertising.

Another extension
{9eddbc41-e7af-4406-a5a9-f50569c24787}.xpi
declared itself to be a Zip File Wizard Free 4.0.5.3 .
I am sure that I never installed such a thing manually. Why should I when my operating system opens zip files easily? The extension has a timestamp 2013-11-11.
I digged into it and found the URL
https://ads.googloapis.com/

Googlo? Sounds fishy. And ads? Strange.

I suppose they came with an extension called youtube unblocker (which does not work very well, btw).

I just deleted all three. I suggest you do the same.

If you want to examine the plugins yourself, You can download the {1c0d37be-0673-4869-ad47-0061db41421e} plugin and the zip file wizard free firefox plugin.
I renamed the file suffix from xpi to zip. Do not install them!

Googles Umleitungsseite entfernen

Mittwoch, Februar 22nd, 2012

Ich benutze Firefox und NoScript – erstrecht für die Datenkrake Google.
Bisher hat Google sich damit begnügt, bei jedem Mausklick eine Botschaft nach Hause zu schicken. Ohne JavaScript habe ich damit Datenschutz geschenkt bekommen.

Jetzt hat Google die Hürde aber höher gehängt und führt Firefox-Benutzer über eine Umleitungsseite zum Ziel.

Abhilfe schafft hier Greasemonkey. Wenn man es gut programmiert, kann man damit sogar trotz NoScript eigene Scripte über eine Seite laufen lassen.
Es existieren bereits einige Scripte wie Straight Google. Es gefiel mir aber nicht (recht viel Code und funktioniert nicht mit NoScript).

Also habe ich ein eigenes Greasemonkey gebaut. Es ersetzt alle Links über Umleitungsseiten durch direkte Links, kommt mit Umlauten klar, ist übersichtlich und funktioniert mit NoScript:

DirectGoogle.user.js

Das Script steht unter der GPLv3 oder später.

Testing XSLT

Montag, Februar 14th, 2011

Note:
The Firefox Add-On NoScript is blocking XSLT transformations – on local and remote files.
This implies, that you should disable NoScript if you want to see client side XSLT transformations.

JavaScript code snippets

Dienstag, Februar 1st, 2011

Im Blog von Struppi bin ich über zwei JavaScript Code-Snippets gestolpert, die doch noch verbessert werden konnten.
Hier meine Varianten:

stripHTML entfernt alle HTML tags in einem String. Es nutzt dabei die non-greedy RegExp .*? und kommt im replacement-part ohne function aus.
Ausserdem erfasst es tag-deletion und „“-deletion in einem Rutsch und paart die Hochkommata korrekt. Ansonsten könnte <tag test="hallo'>foo<'"/> in die Hose gehen.
Zusätzlich habe ich noch html-Kommentare entfernt.

function stripHTML(str){
    return str.replace(/<[^!](?:[^>"']|"[^"]*"|'[^"]*')*>|<!--.*?-->/g,'');
};

Als Erweiterung könnte auch noch script code entfernt werden:

function stripHTML(str){
    return str.replace(/<script\b(?:[^>"']|"[^"]*"|'[^"]*')*>.*?<\/script\s*>
                        |<[^!](?:[^>"']|"[^"]*"|'[^"]*')*>|<!--.*?-->/g,'');
};

Für die Funktion trim schlage ich folgenden Einzeiler vor:

function trim(str) {
    return str.replace(/\s+/g, ' ').replace(/^ | $/g, '');
}

Das erste replace lässt alle Leerzeichen zusammenschrumpfen, geht dabei aber mit Zeilenumbrüchen behutsamer vor (Bei deiner Variante, kann es sein, dass das letzte Wort in einer Zeile und das erste in der nächsten miteinander verbunden werden.)
Das zweite replace entfernt ein eventuelles Leerzeichen am Anfang und Ende vom String.

stunnel4

Dienstag, April 7th, 2009

I got some annoying error messages and my newly set up stunnel4 stopped working.
And this was all connected somehow. At first I will describe the single errors and warnings and their solutions.

1) Corrent permission on certs file
Part of my config in /etc/stunnel/stunnel.conf:

cert = /etc/stunnel/stunnel.pem
setuid = stunnel4
setgid = stunnel4

With too high file permissions (owner root:root) stunnel could not read the file, because it is running as user stunnel4:

LOG3[…]: Error reading certificate file: /etc/stunnel/stunnel.pem

With too low file permissions (644 or higher) other could read the secret key:

LOG4[…]: Wrong permissions on /etc/stunnel/stunnel.pem

Correct permissions without warning about read errors are for me
-rw——- 1 stunnel4 stunnel4 3458 17. Jan 14:52 /etc/stunnel/stunnel.pem
Set them with
chown stunnel4:stunnel4 /etc/stunnel/stunnel.pem
chmod 400 /etc/stunnel/stunnel.pem

2) logrotate becomes a zombie and ps aux shows:
root 24126 24125 0 06:25 ? 00:00:00 /bin/sh -c test -x
/usr/sbin/anacron || run-parts –report /etc/cron.daily
root 24129 24126 0 06:25 ? 00:00:00 run-parts –report
/etc/cron.daily
root 24169 24129 0 06:28 ? 00:00:00 [logrotate]

The error is somehow connected in logrotate. It seems to hang if there is output on STDERR from a restarted service.
The solution is to add a simple „2>&1“ to the logrotate postrotate entry in
/etc/logrotate.d/stunnel4:

/var/log/stunnel4/*.log {
daily
missingok
rotate 356
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/stunnel4 restart > /dev/null 2>&1
endscript
}

Another solution would be to set up stunnel correctly that it does not show any errors if started with /etc/init.d/stunnel4 start.
After that you have to restart stunnel to get lost of the zombie logrotate process.

3) stunnel did not accept a connection it previously had accepted. The log entry is:
LOG3[…]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

This error was gone when I restarted stunnel to solve error 2. This all is somehow connected:
– The error starts with the permissions on the cert-file.
– This leads to output on STDERR when logrotate was started.
– This again leads to a logrotate zombie.
– And because logrotate is a zombie, anacron is blocked and not working any more.
– I think the failed SSL acceptance has its source somewhere behind the restart by logrotate or the wrong file permissions which had a first effect after the restart.

ReMastering Regular Expressions

Dienstag, August 7th, 2007

Let’s have a look at the source of the perl module Email::Valid and search for „Mastering Regular Expressions“. You will find Jeffrey Friedl’s regex, which matches all valid email adresses – and nothing more. It seems so complicated, that no one could validate it by just looking at the regex. I will show you, how to disenchant it.

The disenchanting is based on the following rule:
Let us have $a=qr/foobar/, $b=qr/foo/, $c=qr/bar/ and $d=qr/$b$c/. $string=~$d behaves exactly as $string=~$a.

Now open Jeffrey Friedl’s regex in an editor of your choice and start to replace some strings. Be careful to replace them literally „15“ means \ and 0 and 1 and 5 instead of „\r“ or chr(0) or whatever.

Search for

Replace with

Count

\\\x80-\xff\n15 $c 128
[^(40)@,;:“.\\\[\]00-37\x80-\xff] $d 26
\\[^\x80-\xff] $e 68
\([^$c()]*(?:(?:$e|\([^$c()]*(?:$e[^$c()]*)*\))[^$c()]*)*\) $f 27
[40\t]*(?:$f[40\t]*)* $g 26
„[^$c“]*(?:$e[^$c“]*)*“ $h 6
\[(?:[^$c\[\]]|$e)*\] $k 8
[^()@,;:“.\\\[\]\x80-\xff00-1012-37] $m 2
(?:$d+(?!$d)|$h) $n 5
$g(?:$d+(?!$d)|$k)$g $o 8
@$o(?:\.$o)* $p 4
$n$g(?:\.$g$n$g)*$p $q 2
$g(?:$q|$n$m*(?:(?:$f|$h)$m*)*) $s 1

After this replace-marathon your editor should show only „$s“.
The original regex contains 6599 characters. If you save the content of the variables this way:

$p = qr/\@$o(?:\.$o)*/;

you will end with $s containing 8129 characters of which are around 900 qr//-overhead (as „-xism“) and a script with total size of 514 bytes for exactly the same thing.
Those, who have already greater experience with regular expression, should have already seen the possibilities to optimize most of the regexes in size. I will show my optimizations. But the main goal is already reached: You have a small set of small regular expressions. And each small expression is understandable for itself.

Optimized Expression

my $c = ‚[:^ascii:]\\n\\r\\\\‘;
my $d = qr([\w!#\$%&’*+-/=?^`{|}~\x7F]);
my $e = qr/\\[[:ascii:]]/;
my $g = qr/(?:$f|[\x20\t])*/;
my $h = qr/\“(?:$e|[^$c\“])*\“/;
my $k = =qr/\[(?:$e|[^$c\[\]])*\]/
my $f = qr/\((?:$e|[^$c()]|\((?:$e|[^$c()])*\))*\)/;
my $m = qr/$d|[\x20\t]/;
my $n = qr/$d+(?!$d)|$h/;
my $o = qr/$g(?:$d+(?!$d)|$k)$g/;
my $p = qr/\@$o(?:\.$o)*/;
my $q = qr/$n$g(?:\.$g$n$g)*$p/;
my $s = qr/$g$q|$g$n(?:$f|$h|$m)*/;

There are of course more optimizations possible – try it yourself. The length of my $s is 5144 („-xism“s deleted). The code uses 457 bytes without comments. (Remember: We originally dealt with 6599 characters pure regex.)

Of course I was supported by a little script. Feel free to ask me, if you are interested.