Author Archive

3rd party cookies in Firefox…

Monday, June 10th, 2013 | Permalink

… seem so small since we know about Prism.

How about UNSUBSCRIBE-June?

Saturday, June 1st, 2013 | Permalink

How about cleaning up your inbox by unsubscribing to useless newsletters you are getting every day?
I am actually doing this once a year and this year I am calling it UNSUBSCRIBE-June.

It is really interesting how many companies put you on their mailing list and spam you weekly, daily or even more.
I am even getting newsletters in languages I don’t even speak, just because I once used the free wi-fi at an airport or anything like that.

Join me – unsubscribe!

Why disabling 3rd party cookies in Firefox 22 is a big mistake!

Monday, April 15th, 2013 | Permalink

Before I start, let me quickly outline two things. I am working in the online advertising industry + this is representing my personal opinion.
I have built several ad serving solutions and tracking engines within the last years and the chance of you having a cookie on your harddisk that comes from one of these solutions is quite likely.

Mozilla recently announced that with the release of Firefox 22 they will, per default, disable 3rd party cookies.
This in the first place looks like a big advantage to users. People fear to be tracked and analyzed across their whole internet behavior. I will come to data privacy a little later in detail.

I believe that data privacy is extremely important, I am just not happy the way Mozilla or to be specific the Firefox developers are handling this.
The idea is simply to avoid 3rd party cookies to be granted as long as the user hasn’t visited the 3rd party and the cookie became a 1st party cookie.

Or in other words, I am an ad network and as long as you haven’t ever clicked on one of my ads, I am not able to know identify the browser, how often you have been exposed to a specific ad and so on. Good? Sounds quite fair.

But the second you are putting this into a different context, the whole thing becomes a little awkward.

What is the default page that a Firefox shows you when you install it? Right that’s a customized Google search page. You just got a 1st party pixel by Google.
What’s the main income stream for Google? Right advertising!

Ever asked yourself how Mozilla is financing their servers, employees etc.? Right donations!

BUT:

Let me quote Wikipedia on this:

“The Mozilla Foundation is funded by donations and “search royalties”. Since 2005, the vast majority of funds have come from Google Inc. […]
In 2006, the Mozilla Foundation received US$66.8 million in revenues, of which US$61.5 million is attributed to “search royalties” from Google.[9]
The foundation has an ongoing deal with Google to make Google search the default in the Firefox browser search bar and hence send it search referrals; a Firefox themed Google search site has also been made the default home page of Firefox. […] On 20 December 2011 Mozilla announced that the contract was once again renewed for at least three years to November 2014, at three times the amount previously paid, or nearly US$300 million annually.[11][12] Approximately 85% of Mozilla’s revenue for 2006 was derived from this contract.”

Same also counts for Facebook. You are scared by advertising? Facebook knows already a lot about you, but with making the Like Button available across the web, they know your actual browsing behavior. They know what you like and now they also know what you have been exposed to on the web! And as they are everywhere, like Google Analytics, they have the full picture. This is actually not happening for any other advertising network as the market is fragmented across a lot of companies.

Let’s talk a little bit about data privacy. I am working for a pan-european advertising company and we are investing a lot of time and money into data privacy compliance. We are TrustE certified, we have regular audits with lawyers across Europe, we are participating in the Do-Not-Track initiative, we are on the global IAB opt-out page, we don’t store any IP addresses and we have a dedicated page to explain how we handle data privacy. The industry is 100% aware of the situation and we are adopting to all rules and are extremely pro-active in what we are doing.

If you ever thought cookies are the only thing that enables companies to track you, you are absolutely wrong.
Beside standard cookies there is technologies like LSO, LocalStorage, e-tags and lots and lots more. To be more direct on this, every browser plugin brings its own technology. A good collection of these can be found at the Evercookie of Samy Kamkar.

The online industry committed within the last years to not use LSO, also known as Flash cookies, anymore. The most obvious reason is that a plugin cookie like Flash LSO is not being removed when removing cookies. In addition a LSO can be read out across browsers. Means your behavior on Firefox could be read out when you are using Internet Explorer or Safari!
Needless to mention that the Firefox approach is technically not stopping this.
From a data privacy perspective this is a nightmare and that’s exactly why the industry stopped this.

A lot of people are annoyed by commercials and there is a simple trick to stop seeing these ads, but please for one moment think about using an ad blocker.

Internet infrastructure, a team of editors, creators, writers, system administrators and developers are not cheap.
The reason why the majority of the internet is still free is the fact that advertising is paying for this! So instead of having an internet where you need to pay for every article, blog post or video that you are seeing, they show you commercials. So whenever you are talking about net neutrality, keep this in mind!
Or otherwise the internet will look like this in a couple of years.
Btw. same is happening when you are watching TV or buying a magazine. Part of it is paid by advertisement!

Dear Firefox developers, please think again about your approach. The industry has done a lot of things to comply with current law. It would be a shame if this would have been for nothing!
And the bad guys use another technology anyway!

How to check if a SSL certificate is valid using command line

Friday, January 18th, 2013 | Permalink

Quite easy:

openssl s_client -connect www.google.com:443

Shred – How to format a disk save on a rented machine

Thursday, November 8th, 2012 | Permalink

There is lots and lots of hosting companies that ask you for a couple of dollars and give you your own machine for that.
This is normally the cheapest way to have your “own” server in the internet.

After a couple of years, you realize that there is a better deal including better hardware at some other hoster or even the same.
So you decide to move your stuff over.

Now you want to cancel the current contract, but what is happening to the data that is on that server. Simply deleting is not really a solution. There are plenty of reports of harddisks turning up on ebay and the new owner has no problem restoring your data.

There is a solution to that called shred. It is a basic tool that is available with all popular linux distributions.

The easiest way is to use the following command. shred /dev/sda -f -v -z

This will overwrite your harddisk 25 times with garbage and it is really, really hard to get your data back.

Here is the shred man page.

5 years spamcollect – Happy Birthday

Sunday, April 22nd, 2012 | Permalink

Actually I was quite surprised when I realized that I am maintaining this blog now since 5 years.

Initial idea was just to store things I had trouble with and found a solution. So I don’t have to use Google or any other search engine.

I have to say I am also quite surprised that the PHPList Hack is since years the most popular one I have wrote. Seems like the system is used widely but not as open as expected.

Also one of my favorite posts is the one about SLES 10 sucks. Especially the comments section is fun.

Lets see what the next years will bring.

Fixed! – SugarCRM – Module Loader blank page after installing module

Wednesday, April 11th, 2012 | Permalink

This took me a while till I found a solution. The module builder in SugarCRM seems to have a bug. Whenever you install something using the module loader, the system seems to kind of crash. The module loader page is not showing anything any more except the saying “Module Loader”. This seems to be a bug in all 6.2.x versions.

I found a solution here.

Goto the file ModuleInstall/PackageManager/PackageManager.php and edit line 668.

change:

$target_manifest = remove_file_extension( $upgrade_content ) . '-manifest.php';

to:

$target_manifest = UploadFile::realpath(remove_file_extension( $upgrade_content ) . '-manifest.php');

How to copy all files including hidden ones on linux

Sunday, April 8th, 2012 | Permalink

I tried to copy all files using the cp under linux. Unfortunately in the usual case this is only copying the normal files. Things like .htaccess or .ssh directories are not being copied.

There is a simple solution for that. Just add the following line to the bash / shell you want to do the copy from.

shopt -s dotglob

This sets kind of a “global / all files”.

Ever asked yourself how long it takes till Apple approves your App?

Friday, April 6th, 2012 | Permalink

There is no general answer to this, but from my experience it takes around one week usually.

I have submitted four apps within the last three months and in general there was a waiting time of one week.
Honestly this is a hard time for a developer. In some cases (2 out of 4) Apple decided not to approve the app and rejected it.

I wonder how long this takes for the Google Android market.

Update on: Just found a bug in OS X Lion and there is nearly no way to tell Apple!

Friday, November 25th, 2011 | Permalink

I described a problem related to Samba shared drives on Windows and connecting them with Mac OS X Lion here.

After three months and two more versions of Lion there is still no solution. The guy from Apple never called back and never replied to my email.

I see this problem on all Macs running Lion in my company. So this is not my machine.

Apple support was one of the best in the industry for many years. Today it is just like the rest of the support hotlines. It takes hours to explain and it gets never solved.

Thanks! I liked Snow Leopard better because it actually worked!
Do I have to move back to a PC? After all these years?