Tag Archives: firefox

How to make Chrome bearable in Ubuntu Jaunty 9.04

So, there I was, watching Firefox 3 thrash my CPU and IO, when I decided that I needed a replacement.  Something elegant, fast, preferably threaded… oh!  Google Chrome!  So, I finally found a link to download the unstable version of the browser based on the latest revisions, of which I got version

Now, I’ve used Chrome in Linux before, and a few things about Firefox kept me hooked.  Today, though, I was on a mission to change all that.  I wanted basically all the functionality I got from Firefox in my Chrome experience as well.  This article should help others do the same.

Continue reading

Implementing Mozilla’s Content Security Policy

I recently discovered this page, which describes Mozilla’s solution for prevention of XSS (Cross-Site Scripting) available as a Firefox Extension.  Here’s the HTTP response from my site:

hank@tardis:~$ wget -S http://www.ralree.com
--2009-06-30 09:52:13--  http://www.ralree.com/
Resolving www.ralree.com...
Connecting to www.ralree.com||:80... connected.
HTTP request sent, awaiting response...
 HTTP/1.1 200 OK
 Date: Tue, 30 Jun 2009 13:49:54 GMT
 Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a Phusion_Passenger/2.1.3
   mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/
 X-Powered-By: PHP/5.2.8
 X-Pingback: http://www.ralree.com/newblog/xmlrpc.php
 Last-Modified: Tue, 30 Jun 2009 13:49:21 GMT
 X-Content-Security-Policy: allow self; img-src *; object-src *.ralree.com 
  *.ralree.info; script-src *.ralree.com *.ralree.info pagead2.googlesyndication.com 
  friendfeed.com; style-src *.ralree.com *.ralree.info
 Content-Length: 57457
 Keep-Alive: timeout=5, max=100
 Connection: Keep-Alive
 Content-Type: text/html; charset=UTF-8

As you can see, my content security policy is sent as an HTTP header on all HTTP responses from my site.  I basically stole an example from this page.  I’ve attached it in the .htaccess file in my site’s root, before everything else in there, like so:

<IfModule mod_headers.c>
Header set X-Content-Security-Policy "allow self; img-src *; object-src *.ralree.com *.ralree.info; script-src *.ralree.com *.ralree.info pagead2.googlesyndication.com friendfeed.com; style-src *.ralree.com *.ralree.info"

I highly recommend everyone with commenting activated on their blog enable this, since XSS is a serious pain.  This seems to work very well on Site5, where mod_headers was simply enabled out of the box.

Greasemonkey Script to get Jabber Room for Google Group Chat

So, today I was invited to Google Group chat for the first time. This would be really cool on a terminal that’s not equipped with an IM client, since it’s all done through the web with flash and magic. But, since I don’t like having 2 IM clients running at the same time (Pidgin and the Flash one from Google), I decided I needed to rip out the Jabber Group Chat Room name from the invite page. I got some tips from this site, and wrote a Greasemonkey script to do so.


All you have to do is copy the room name into the Join Chat window, and put in groupchat.google.com as the server.  I hope you find it useful.  If anyone knows how to make this a link that GNOME will throw at Pidgin, let me know.  That would be awesome.

Get the Script

Flash 10 for Linux Fixes Landmark Bug

The new July 2nd version of Flash Player 10 for Linux finally fixes the HTML overlay bug that we’ve been seeing for years. You can now see things on top of the flash elements on the page, like so:

Now I have to go clean myself

Get it now!


After trying it with YouTube and TheSixtyOne, and seeing some lame bugs, I decided to go back to Flash 9 and face the music on overlays.