NANO ZEN

For those who follow my technical exploits…

SnertSoft is happy to announce Private Wimp, a simple light weight mailing list manager, that is free to download. Private Wimp has been used to manage several mailing lists for past few months now.

It avoids the bloat of Major Domo, Mailman, and Ecartis . Completely written in C and so avoids the overhead of Perl or Python. Installation and configuration is short and simple; all list management can be done remotely by email; always confirms subscribe/unsubscribe requests and admin. commands; handles bounce messages (discard, forward, or removal of unknown users); provides support for four list types (announcement, trusted, closed moderated, open moderated); keeps track of users that unsubscribe; and provides a simple archive structure (similar to Ecartis).

The online documentation can be found here:

http://www.snertsoft.com/sendmail/wimp/

I just love Google and Wikipedia for research. I spent the better part of today learning about the Lunar Standard Time (LST) proposal and the Julian Day Number (also the Calendar FAQ is very informative).

I even wrote Javascript classes that implemented them. I thought it would be kind of neat in an odd ball off the wall sense, like expressing the speed of light in furlong per fortnight, to display them here on the blog (see sidebar right). I’ve even had an idea for a new RFC

Google Analytics, or my preferred name for it “google anal-tics”, is a service designed to provide web site owners with statistics about visitors movements on their site. One would think this is a simple and ordinary enough service and nothing to worry about.

However, I have two issues with this:

First, to achieve this data gathering, a web site is required to load on each web page of interest a Javascript file called urchin.js from Google or the more advanced ga.js file. Essentially a web site is telling your browser to execute some remote 3rd party script on your system. This is a BAD idea in terms of security, since it might be possible to hijack that script in transit and replace it with attack / hack code. Also the script is not loaded securely via HTTPS, so no certificate authentication or validation of any kind is done; just blind trust that google-analytics.com has not been hijack by DNS cache poisioning or that some intermediate web proxy hasn’t been compromised.

Second, I am interested in protecting my privacy online as much as possible these days. I already have a pretty big online foot print dating as far back as 1986; regardless I see it as my right to restrict data collected about me. So whenever a web site asks for HTTP cookies, Flash Cookies (How to Manage Flash Settings), tries to load advertising, or track my movements through scripts and/or cookies, I’ll go out of my way to block that from happening.

So when a web site loads urchin.js or ga.js, it is going to communicate information about visitors back to Google. I find this an invasion of my online privacy. What I do online is my business, not Google’s. Google already has enough data about what search terms I look for (this can be controlled through Google, though who knows if it is honoured or not). Frankly I don’t think Google or any other 3rd party advertiser needs to know where and what the frack I’m doing.

Simple solution: use a URL blocker, like Bork Bork Bork! or Adblock Plus, to block urchin.js, ga.js, and/or anything from google-analytics.com from being accessed. If you don’t want to use a URL block, this can also be achieved by adding to the Unix or Mac OS X /etc/hosts file (Windows has an equivalent C:\WINDOWS\system32\drivers\etc\hosts) and add an entry like:

127.0.0.1  www.google-analytics.com

Most webs sites where google-analytics.com has been blocked are designed well enough to continue functioning. However, there are a small handful of web sites the refuse to do anything when the tracking code is not loaded. Typical bad design on the web sites part. In the end I see Google Anal-Tics as evil and chose not to do business with web sites that expect me to put up with that shit.

CNet News reported how the Microsoft vomit ad was removed by them and their ad company. They probably realised the actress was actually reacting to Vista instead and the state of Microsoft products.