A tweet was recently posted featuring an advert claiming Firefox is the better browser in terms of respect for privacy:

Sadly, this isn’t the case, as this Pale Moon update clearly describes:


So, if you use #Firefox, best to expect information leakage back to #Google anyway.  If you value your privacy and want a functional browser, check out Pale Moon!


Also on:

[ This is a retrospective publication ]

It takes heroes like Edward Snowden to reveal how malicious governments can become. The Snowden revelations during the summer of 2013 showed that not only does everyone have to be wary of internet-based “threats”, but that those threats could be in the form of legally-appointed agencies seeking to catch out anyone who accidentally clicks something they shouldn’t.

Worryingly, despite the big players’ assurances of high levels of security, a post on Ars Technica discusses (and links to) slides created by the NSA, and leaked by Snowden, showing how Google’s international internet traffic was intercepted, analysed and understood – for a variety of its services. Thankfully, more heroes have recently stepped forwards with updates of their own.

My heroes today are +Brandon Downey and +Mike Hearn, who have voiced their contempt for the authoritarian misuse of power with, as we like to call it, the two-fingered salute (this would be one finger in the US…).

Google, too, has a data-collection objective

Let us not forget who Google is and what it does.  Yes, while its employees might be upset that their systems’ security has been brought into question, their employer’s mission “is to organize the world’s information and make it universally accessible and useful”.  So Google, too, has a data-collection objective.

The good thing about the Snowden revelations, if indeed any of them can be “good”, is that it has revealed how much work still needs to be done and how much we assume our data won’t be intercepted and inspected. It’s no longer safe to think like that, and the use of encryption should be mandatory between two end-points.

But now that the larger players are catching up with better security implementations, who is there to help the smaller players? Running a hosting outfit myself, I know how much time is required to stay informed with regards to common exploits and vulnerabilities, as well as implementing working solutions when certain zero-day exploits are revealed. Every internet service provider, hosting company and other entity transacting business via the internet has a responsibility towards safeguarding confidential data. How many take it seriously enough?

It’s time the larger players stepped up and started working collectively in a security community designed to help the smaller players in the market, rather than try to pwn the market itself; if that were to happen, the purpose of the internet would be destroyed and the argument moot.

This post has a new edition.

Part #1 of the Data Liberation series

Although Google Chrome is a very fast browser, it lacks one key feature which seems designed to lock users in – any account migration facilities to support moving to other browsers.  This post is intended to help you move your saved passwords from Chrome to Firefox.

Firstly, you’ll need to have a read of this page: http://blog.catoblepa.org/2012/08/linux-how-to-export-google-chrome_28.html   – then come back here for more info!

While following the instructions in that post, take note of these steps below before you close your browser. If you have also set up a separate encryption password for your browser, don’t worry – this method still allows access.

  1. Image of Google Chrome settings
    Disconnect Google account in Settings

    In Chrome settings, as a precation, I disconnected my Google account before closing the browser. Therefore, any changes I could make to this temporary session wouldn’t ever be uploaded back to Google.

  2. Once you have the saved CSV file from Chrome, keep hold of it – we need to edit it. In Firefox, install the Password Exporter add-on: https://addons.mozilla.org/en-US/firefox/addon/password-exporter/?src=search
  3. Image of Password Exporter
    Exporting passwords

    Password Exporter allows you to import passwords too, so you can avoid the need to install any third-party workarounds like LastPass (which again require you to upload all your browser data).Firstly, though, using Password Exporter in Firefox (Tools > Add ons … Extensions > Password Exporter > Preferences), we can export a sample CSV file to see how Password Exporter expects its import data. Simply click “Export Passwords” and save the file to your home directory.

    NOTE: This requires that at least one password is saved in Firefox already.

  4. The headings in the exported file are as follows:

hostname username password formSubmitURL httpRealm usernameField passwordField

This is the format that Password Exporter will expect its import data.

The data’s headings that you have just exported from Chrome are a little different:

origin_url action_url username_element username_value password_element password_value submit_element signon_realm ssl_valid preferred date_created blacklisted_by_user scheme password_type possible_usernames times_used

We need to match up the firefox CSV headings with the corresponding Chrome CSV headings. To do this quickly, use a spreadsheet tool I used LibreOffice Calc.

This is what I arrived at:

(FF = Firefox; GC = Google Chrome)

FF: hostname username password formSubmitURL httpRealm usernameField passwordField
GC: origin_url username_value password_value action_url signon_realm username_element password_element

Once the fields are mapped, there’s a couple more important steps to undertake.

Export dialog
Export in the right format!

Firstly, when you come to exporting from your spreadsheet application, make sure you choose to edit the output filter. In the Export Text File dialog, make sure “Quote all text cells” does not have a check (tick) in the box.

For good measure, I also selected ASCII/US in encoding type,  as that is the format used by Password Exporter when exporting.   I think the importer should handle ISO-8859-1 and/or UTF-8, but your mileage may vary.

Now export it.

Remember seeing the additional header in the exported CSV file? It might have looked something like this:

# Generated by Password Exporter; Export format 1.1; Encrypted: false

In order to tell Password Exporter what format to expect its data in, this heading needs to be added back. However… the best way to do this is via a text editor, not in a spreadsheet program.

Open up GEdit, Emacs, Vi… whatever. Add that line to the top, but remove any trailing commas! It should now look like this:

# Generated by Password Exporter; Export format 1.0.4; Encrypted: false

One more step before you import!

A side-effect of exporting your CSV in LibreOffice is that empty cells are not quoted. In other words, the comma-separated values may appear like this:


Did you see those two commas with nothing between? The Password Exporter won’t like that when trying to import, so do a quick search-and-replace:

Search for ,, and replace with ,””,

Finally, save the file.  Again, ENSURE the file type is US/ASCII.

The importer dialog
Successfully importing passwords!

Now open up the Password Exporter dialog from Firefox and click Import Passwords – you should see progress in the dialog shortly.


There is an import bug when the version header is declared as 1.1. However, you can get around this by “fudging” the import header to an older version (I used 1.0.4). If you have trouble importing, adjust your header in the file to look like this:


After importing, you may see that not all passwords were imported. This is because duplicates are not imported. You can view the details in the link.


So far I’ve not had time to find a way around this. It’s to do with the import format.

The adventurous can investigate the source code, here: https://github.com/fligtar/password-exporter/blob/master/passwordexporter/chrome/content/pwdex-loginmanager.js

Hopefully you have now successfully liberated your passwords!

Problems?  Comment below!

If you have a curious bent – and you bought a Chromebook thinking it would be the answer to all problems, then chances are you probably gave up on that notion fairly quickly and installed a variant of GNU/Linux on it.

If so, well done. Thankfully, Daniel Berrange – a Red Hat fellow and Fedora users, posted some instructions on how to get Fedora 18 (Spherical Cow) installed on a Samsung series 3 (XE303C12) Chromebook. This is the route I decided to take, having been a Fedora user for many years. But I digress.

If you have GNU/Linux installed on a Series 3 Chromebook, you may want to remap those Google-inspired function keys that run across the top. You know, those keys with the arrows, reload, window-size/position, brightness and volume icons… Yeah. Actually, they’re function keys: F1 to F10.

A good read for how to identify what each key is can be found here, on this askubuntu post which details the xev command.  xev displays the numeric keycode of the keyboard key (!) you just pressed.

Keys F1-F10 use the following keycodes:

Bright down72F6
Bright up73F7
Sound down75F9
Sound up76F10
Using xev, you can remap the function keys to something more appropriate to your environment.

To remap these keys, we now need to identify what extended functionality the XF86 multimedia keyset provides.

A reference table is available is available on linux questions.

.. and why you should consider it, or, “…and how to be more efficient”.

I’m an avid tasker and a fan of the GTD methodology, but when I use tools that have lots (and lots!) of features I tend to slip up easily and do silly things.  An example is adding a repeating task to my task list.  A repeating task? Why is this an issue?

Google Tasks: Simple.
Too simple, for some.

I simplify this slightly, but in David Allen’s approach to task management, anything that is time-related should be put into a calendar.  Therefore, if I am allowed to set up a repeating task, this means I need to do something with a certain regularity, which further implies I must actually do it at some point in order for it to warrant the repetition which I have ascribed to it.

In ToodleDo and other “expert” task managers, the ability to manage tasks has advanced to the point where you can essentially control your calendar through your task manager.  This approach really suits some people but, to me, this essentially is the tasks-first, time-second approach.  It is truly a GTD-esque system and I have had a love/dislike affair with it for several years.  I have never “hated” ToodleDo – it’s a great system, but isn’t as integral with my working environment as I would like.

Why move?

To me, tasks should be lean and mean.  I don’t really want to spend my time managing them – I want to be doing them.  And various factors always weigh in that can be managed outside of my task list.  I become less efficient if I start duplicating events into tasks.Part of me loathes the traditional “Weekly Review” of the GTD system.  I have a daily review and the most important things are always the ones that get done – it’s a self-managing approach which I’m happy with and doesn’t require over-thinking.  Removing the opportunity to over-manage tasks is A Good ThingTM in my book.  All I want to do is store my tasks somewhere and interact with them quickly.  Using Tasks in Google will accomplish this.

Yes, but what about contexts, projects (folders), statuses & goals?!

GTDers rejoice! Toodle-
Do lets you live the dream!
In defiance of pure GTD-ism, here are my views on these three aspects:
  • Context
    In GTD, the context of a task is, broadly, how, when or where you might do it.  What I kept finding about my contexts, as I was setting them, were that they kept resembling more basic primary situations.  For example, I started with “shopping”, “online”, “errands”, “home”, “phone” and “work”.  Except, when I started looking more closely, these contexts could be whittled down – and needed to be, in order not to conflict with my Projects/Folders.”Errands” and “shopping”.. well, I would generally be out and about for both of these, so why not make them simply “out-and-about”?  This would mitigate the risk of not running an errand while out shopping.  Phone calls would typically be work-related, but not always – so I would either make them during work or in personal time.  Realising this, I started to see that all of my activities would be split, broadly, between work and personal time.  Therefore, if I was working, I would want to make work phone calls.  At home, I would want to catch up with my friends online.With always-connected capability (phone, internet, 3G, etc) my contexts eventually became two things: work or personal.  That’s it.  With a Google Apps for Business account (work) and a personal GMail account (personal), I can separate my work and personal tasks completely.
  • Projects/Folders
    My Folders (“Projects” in GTD parlance) in ToodleDo would typically resemble the types of task I needed to manage.  You could argue that this is the wrong way to manage tasks, and instead use Tags for this purpose.  While true, Tags are amorphous while Folders are structured and, in ToodleDo, Folders resemble the only way to aggregate tasks into suitably-managed “blocks”.My Folders are things like “cases” (support), “customer/project”, “finance”, “phonecalls” and “systems”.  These are unlikely to change as they closely match my general daily activities.  Google’s Tasks can accommodate this with top-level lists.  Within each list, I can have a task (with indented sub-tasks) which allows enough manageability without overcrowding my senses with due-dates, contexts and estimated duration.
  • Status
    This is a real easy one and probably the one thing I disagree with GTD about.  The overall status of my tasks is logical: either incomplete, or complete.  If I am waiting on somebody, I will already know this.  If I am doing my task, I will probably know this too!But what about if I wish to do my task “someday“?  Well, shocking as it may sound, but that’s how I view all my tasks.  They are things to be done, sooner rather than later, but someday is the best I can plan for.  And this is what it’s all about: planning effectively.  Therefore, to have a status of “planning” seems idiotic: unless I’m actually doing a thing, I’ll probably planning to do a thing!This is the key:  the status of a task in GTD could be mistaken for the status of a person – you.  If my status changes, that might mean my ability to do that task is deferred.  That doesn’t mean I won’t do it, or that the task somehow becomes like me and is also unable to do anything until another time (such as when I am well, or back from a holiday, etc).
  • Goals
    …. I include here as a passing reference.  One aspect of goal-setting is the ability in ToodleDo to track progress on tasks relative to goals set.  In this regard, Google’s Tasks is clearly inferior.  But managing goals can exist outside the context of a task management application and, I argue, it should.  If goals are important, one’s whole life should be managed into achieving them.

They said it couldn’t be done.

Well, actually, they didn’t really say that.  I did.  But it’s true – it couldn’t be done, easily, until now.

Here’s what you need:

  • A ToodleDo account (www.toodledo.com)
  • An Astrid account (www.astrid.com)
  • A GMail or Google Apps for Business account (www.gmail.com)
  • A smartphone capable of running Astrid’s mobile app, installed from your device’s play/app store.*

* I have only used this on Android 4.1 and have set up both of my Google accounts as sync accounts on my phone.  As always, your mileage may vary.

Here is the order of my approach – no warranties offered, it just worked for me:
  • Install the Astrid app on your smartphone.
  1. In the app, navigate to Settings   (see pic to the right)
  2. Select Sync & backup
  3. Click on Synchronize now
  4. Authorize the log-in using your destination Google account
  • Create or Log-in to your astrid account using your desktop web browser, as astrid.com
  • Still in the Astrid app on your phone, go back to the Sync & backup settings and select Astrid.comensure that you can log in using your astrid.com account credentials.
  • Run a sync on the phone (menu > Sync Now) – this will sync your two task lists (Astrid and Google).
  • Now, log in to ToodleDo in your desktop browser and navigate to Tools > Import / Export / Backup and select CSV Import / Export.  Choose to Export all incomplete tasks.    You can also export all completed tasks if you want, but there’s no point syncing them (IMHO).
  • Back at Astrid.com in your desktop browser, click on your “name menu” at the top-right of the page, then Import Tasks. (see above-right screenshot)
  • In the next page, use the drop-down to select ToodleDo.
  • Import your CSV backup of incomplete tasks from ToodleDo – this may take a couple of minutes.  Be patient!  NOTE: I saw a javascript error/alert when doing this, but my tasks still imported ok.
  • Back on the phone, tap “Sync now” again.
  • Voila!  Your original tasks are now in Google Tasks!

facebook engancha
facebook engancha (Photo credit: Wikipedia)

Oh dear.

Many bloggers and commentors have read Mark Cuban‘s recent blog about Facebook‘s edgerank story sorting algorithm.  One could argue that at the level of Cuban’s business, small problems become big problems quickly.  But, on Facebook as in most walks of life, being “large” does have some advantages.

One advantage is Facebook’s Page Insights.  Let’s take the smallest business.  In Facebook terms, it’s this:

  • a one person profile with no friends
  • one page owned/managed by that person with several likes
If you want to build up a following quickly, you need to build up some Likes.  Be Liked.  Or, at least, look like you’re liked.  You probably get the idea.  This is marketing, after all.
So, how about running a competition?  Provide an incentive for someone to come and “Like” you.  How about asking current customers (those who, presumably, like you anyway) to submit a review and hit “Like”.  Great.  
Except it’s not great, really.  To use Facebook’s Page Insights, you need 30 Likes.  Yes, it’s not a tall ask, but why?  The problems with Facebook for small business start with this innocent enough little idiom.  No, there should not be a 30-Like threshold to see who Like’d you.  There should be 1.
Facebook’s habit of making it hard to access and understand your own data, or data relating to you, stems from the misguided notion that building up more visible momentum in your brand’s page means you’re more like to find Facebook “sticky”, and consequently more important (vital, even) for the success of your on-line marketing.
Does Google Analytics insist that you have over 30 visitors per month to your site before it can be bothered to report this back?  
Enhanced by Zemanta