The future of Venkman, the Mozilla Javascript Debugger

In a previous post, I asked a question about the future of Venkman.

There seem to be no official response yet, so I did a simple search: I’ve gone on Mozilla Module Owners page and searched for Venkman owner info. There are related maintainer, peers, newsgroups and pages.

So I looked for newsgroups: if you go on the official newsgroup, you’ll find that it is officially closed and you have to go on the new one. Here you find a message from Aleks Totic on 2006/2/14 that says that he has a patch to solves some known bugs of version .85 and bumps the version number to .87. Here you find also a link to the related bug in bugzilla (and a link to his xpi). Besides that, you can find two versions numbered .86, one by James Ross on official Mozilla Addons site and the one already known to all us by Joe.

The most interesting news are from the bug comments, where there is clearly stated that

Venkman has been effectively unowned for months (and still is in many respects)“.

So we have a sort of an official answer to my question, but Aleks did a good work (it’s sad that he gave up at some point), James Ross and other people peered for the module, so seems that Venkman is not dead.

I’m writing an email to all people involved (to my knowledge) with Venkman also at Mozilla Foundation to ask if they know what is going with Venkman.

Stay tuned, more on this when I get a reply.

Simple anti-mail-harvester Javascript code

In my continuous quest to fight spam, I think I’ve found a simple solution to an aspect of this problem. It isn’t the definitive one, and we can consider it a variation on the theme of the captcha, even if there’s no image involved, because there must be a “human intelligence” involved in the interaction.

We know that one of the problems behind spam are mail-harvesters: servers that search for email addresses in the Internet (see Project Honey Pot). I don’t know exactly how they work, but I think that they find a web server someway (trying IPs or searching for HTTP addresses on search engines), then they start to suck every accessible page on it and search in the HTML text for acceptable email addresses. But we know that a web page can have a behaviour, too: I think it’s very difficult that mail-harvesters “run” the pages they get, because that would be very resource intensive and slow. Besides running them, they should fire all registered events and follow their consequences: definitely too much work.

That said, my idea is simple: manually encrypt your email and embed the encrypted string in the page; it will be decrypted on demand based on user action and opportunity. An example is the link with my name under “Author” in the sidebar of my blog site: when you pass on it with the mouse, an event is fired that decrypts my email and puts it in the href attribute with the mailto protocol; then you can click on it and send me an email with your email client.

It seems at least strange that a harvester can do these actions in a timely fashion.

To encrypt the email, I used a simple ASCII Encryption Javascript source file found somewhere (thanks to David Salsinha). I choose this algorithm because it has the interesting property to produce a different encrypted string every time for a given input string.

If you want to use this trick, you can encrypt your text here , and copy the result from here directly in your page source.

Then use this code (or a similar one):

<a data="...encrypted string..."
onmouseover="this.href= unEncrypt(unescape(this.getAttribute('data')));">
Diego Caravana

[EDIT] Changed slightly the script to obtain a stronger separation between the encrypted data and the code to decrypt it; now to reach that point, there must be at least a partial DOM of the place, besides a Javascript engine.

Venkman for Firefox

I’ve just grabbed the beta update of Firefox and, surprise, Venkman is disabled again. So I’ve done what someone else did here for Firefox 1.5 (thanks!): I’ve grabbed the jw2 version and changed the max version number to 1.6.

Note that I’ve not tested it throughly, so there are no garantees.

Please find the xpi here.

And now the most important question: what will be the future of Venkman?

[EDIT 2006/02/01] From the date of publication (on 26 january), hits on my site are more than doubled and Venkman was downloaded more than 500 times! I’m glad that my small hack helped so many people in the developer community. My only worry is that none seems to know what the future of Venkman will be: does someone know it?

[EDIT 2006/02/04] It seems that joe has done it again.

[EDIT 2006/02/14] From the date of publication (on 26 january), hits on Venkman xpi were more than 1500 times. We all hope that someone will take on its development.

SSH tunnels made simple

I’ve just found two short articles that quickly explains how to use SSH tunnels to bypass over-security and maybe preserve your privacy: the first one is the shortest but effective, the second one is longer but explains more deeply the concepts behind the tunnels.

Valenza legale per l’e-mail (PEC): legge attuata

In questo articolo de La Stampa si parla della valenza legale per l’e-mail finalmente definita da una legge dello Stato (DPR 11 febbraio 2005, n. 68). Nell’articolo si dice che, tuttavia, la cosa si potrà toccare con mano non prima che venga definito un elenco dei “gestori del servizio” abilitati a trasmettere email certificata e l’ente preposto, il CNIPA, non lo aveva ancora fatto al momento della pubblicazione (29/12/2005). Incredibile ma vero, invece il CNIPA ha abilitato i primi gestori il 22 dicembre 2005! Mettendo un momento da parte questo attimo di incredibile efficienza ed agilità dello Stato italiano, è rilevante il fatto che da oggi è possibile mandare l’equivalente di una raccomandata con ricevuta di ritorno direttamente dal computer, più o meno come si manda una normale email, ed evitando eventualmente le Poste Italiane (cioè appoggiandosi ad altri gestori.) Inoltre, visto l’obbligo per la pubblica amministrazione di dotarsi di caselle di posta apposite, dovrebbe essere più semplice comunicare tra cittadini e PA (e forse anche meno oneroso per le nostre tasche.)

[Edit] Se avevate per caso pensato che fosse una buona idea per una nuova attività, beh, sono d’accordo con voi… se, oltre ai soldi per l’investimento tecnologico, avete almeno un milione di Euro da investire, più qualche altra decina di migliaia per l’assicurazione industriale (come indicato qui al paragrafo LA NORMATIVA DI RIFERIMENTO, punto secondo.)