A little while ago, I started playing around with the userChrome.css and userContent.css files in Firefox, and I have been rather pleased with the results. As far as I can tell, few people know about these files (perhaps I am mistaken, but most people I know have never seen them before). The files are located in the chrome folder in a given profile. On Linux at least, the path to that is
~/.mozilla/firefox/{weird alphanumerical sequence}.your_profile_name/chrome

On Macs, the profile directory is in
~/Library/Application Support/Firefox/Profiles
I don’t care about windows…
The arrangements of profiles is what I consider to be one of the prime examples of why Firefox isn’t a great piece of software. If I ever want to edit my profile, I have to remember the my profile begins with an r, or at least view all the other profiles, when I tab complete on the folder. For some reason, using unique profile names wasn’t enough for Firefox; it attaches an 8 letter alphanumeric sequence before the name of the profile. I really see no reason for this extra bit of crap. Perhaps it allows for profile name changes more easily, but it is not like people really futz around with different profiles too often. Given that there are things that a user might want to edit in the directory, this crap seems unnecessary. The directory structure inside the .mozilla folder doesn’t make too much sense either, but I won’t go into that now. In general, I use Firefox, because I believe it to be the best browser out of a series of really awful software packages. Maybe I am horribly naive, but the browser doesn’t seem like such an achievement in software to warrant the amount of attention Mozilla gets (or the money). That aside, one can do some nice things with Firefox.

The userChrome.css and userContent.css files allow a user to change the default css for the XUL in browser.xul (I think it applies to all XUL, but I haven’t tested that or bothered to look it up) and the default css used in the browser for sites. These files must go into the chrome/ directory of a user’s profile. There are example files already in there, which just need to renamed to get you started. There is a page on these files on the Mozilla website as well as some additional examples. I haven’t done much to userChrome.css; I got rid of the throbber (thing in the top right corner, which likes to spin) and I set my url bar to have a fixed width font. Those mods are both in the example file. The userContent.css file is a little more fun… As outlined in the example file, you can get rid of annoying tags, like marquee and blink. I added a rule to remove text decoration from links except for hover:

a { text-decoration: none ! important }
a:hover { text-decoration: underline ! important }

The ! important part lets a page’s css override my own (update: whoops, opposite is true; the programmer in me must have remembered it that way since I read “! important” as “not important”). It sometimes tricky to spot out the links, but I appreciate the overall aesthetic it produces. There is also a way to set it to only apply to individual pages. I choose to modify my google search results:

@-moz-document url-prefix(http://www.google.com/) {
.g {
border-bottom: 1px solid grey ! important;
padding-bottom: 1em;
}

}

As of now, I forgot why I made the url prefix just google.com as opposed to google.com/search, but I must have had a reason. Either way, my experience has shown me that the g class is not used elsewhere on google. Anyway, this snippet adds a line between each search result. Here is a screen shot of the end result:

Since I am not a big fan of spam, I normally do something to obfuscate my e-mail address whenever I put it up on a publicly accessible site in plain text. I usually don’t do anything special; I just do something like name {at} example {dot} net. As far as I am aware, spammers have not started to collect addresses formatted using such methods, but it has always bothered me, because it would be so simple to collect such addresses. Of course, that fear is far greater with any sort of compute-generated obfuscation. For example, mailman has a particularly dumb formatting. Every address is like name at example.net. Since spammers don’t have to worry about false positives, they could collect every address off of a mailman archive just by joining together every word immediately before an ‘at’ with the word that comes immediately after the ‘at’ with an ‘@’. Without reducing the accuracy, the false positive count could be reduced just by checking for a dot in the latter word. Really, the difficultly in extracting such addresses is incredibly minimal. The only reason that it is not an issue yet is that there are still enough people out there who put addresses up without any sort of obfuscation, so the task is still easy. I am think that spammers will have to start collecting such addresses soon enough, if they haven’t started already. So my goal is to determine exactly how I would go about an e-mail extraction system were I a spammer; this way, I can determine what sort of addresses could not be extracted easily. To start, let’s go through the assumptions we are making about spammers:

• False positives aren’t important. There will be plenty of bad addresses already, so a few more won’t hurt.
• Want to keep everything simple. The spammer is not looking for the theoretically best system, just something that works and is simple to write.
  • Want to write things for the most global cases. If someone does something unique, then we should expect the system to fail.
• Keep the system to the level of joining together strings. Don’t look for cyphers or anything like that.

So of all things, the obfuscation method is least likely to do anything to the actual text in the address. In the name@example.net example, ‘name’, ‘example’, and ‘net’ are never changed. The only constants here are the top level domains such as ‘com’, ‘net’, ‘org’, ‘edu’, etc…. On the web, the most frequent occurrences of these TLDs will be in URIs and e-mail addresses. The first step would be to filter out the URLs from this mix. Any address without a protocol specified would result in a false positive. First thing to do is find all the obvious addresses. With the rest of the TLDs found, if the match is connected by a dot to anything to the left, join the word to the word occurring two positions to the left with an ‘@’. Otherwise, join the word two positions to the left with a ‘.’, and then join that new string with the word two positions to the left of that with an ‘@’. The spammer surely could think of other methods like these I have outlined. This exercise makes it clear that the only way to avoid most trouble is to come up with some sort of encoding method that is human readable, but is obfuscated to these sorts of general extraction methods. With something like an e-mail address on a uchicago system, if it is listed on a uchicago site, it is possible to make abbreviations like uchic.... edu. These sort of obfuscations could still be detected by a sophisticated extraction system, but it would be too much of a hassle for too limited results. There are other tricks one could employ along these same lines; for example, the addresses name..../\7.....example#...#net or USER:(....name....) |AT| ADDY:(....example{dot}net....) . The problem with these is that they are just human-readable, and a means to extraction is not that far off.

What is the best solution? For all intents and purposes, I consider javascript obfuscation the equivalent to putting addresses in plain text without obfuscation. As I have previously discussed, it is pretty easy to extract the contents of the DOM from firefox. The first method that comes to mind is essentially a series of variations on the barely readable obfuscations. Basically, using php or something else server-side, addresses can be written as normal, and then encoded. The problem with this solution is that these methods are barely human-readable, and the text is still left unaltered. What sort of method could leave everything as human-readable but also modify the text itself? I haven’t been able to think of anything. Perhaps I will think of something soon…..

This question seems like an oxymoron. How many personal websites have ever existed that are really good? Not many, but a few I suppose. Yet, I am asking this seemingly absurd question right now. It wouldn’t be my first attempt either. I thought for a first blog post that I would go through what I know and what I want in a new website:

1. Simplicity - Really, this should be the simplest, most obvious criteria for any website, but I have found that it is one of the hardest to achieve. Often times, I have some idea of some really elegant, pretty design for a site, and I always end up falling short of it. I have found out the hard way many times over that I do not have a good sense of design. Usually, I tend to try to make slick graphics and some complex (yet somehow simple) design, and it always comes out bad. No, I don’t need to have a great design in order to have a good website. Although it is a serious problem for many, I have always realized that content is what makes a website. Design should always come after content. It seems apparent to me that there are a few maxims to follow in order to keep a website simple, yet elegant:
1. Close that image editor, fast! - OK, maybe some amateur or professional graphical designer thinks that it is easy to use some imaging program and come out with a great design quickly. I, for one, have spent hours obsessing over a title banner to make it look just right. It never does. I am always dissatisfied. Maybe someday I will come up the perfect graphic in a relatively short amount of time. Until then, I am better off closing any editor after a few tries and using plain text, or maybe make a near plain text banner. Forget about other graphics. No chance any of those will work just right. A perfect and more primitive design will always beat a somewhat problematic design that looks a little more modern.
2. Stop fussing with the CSS. - It could always be a little more perfect, or it could always be a little more complex. Really though, for most people like me, CSS is most potent when left simple. Just stop fussing with it once it takes care of all the important stuff, or just do a little fine tweaking, not much.
3. On a personal site, use scripting for yourself, not others. - I always like fiddling around with some design approach that uses some scripting language or something a little more than html. These projects can be fun, but you can keep a website easy to edit using SSI just as easily as any sort of php approach. I always like trying new things (hence why I am starting a blog), but if you just want to get a website up and running, keep it traditional. Javascript need not be used on a personal website. I consider javascript to be an awful language that should never be used (ok, AJAX is great and makes js legitimate if you have a legitimate web application!).
2. Include what you want people to see - again, something obvious. Unfortunately, it is a mistake I have made before. This blog isn’t for me to write down all of my personal thoughts or divulge much from my personal life. Same goes for the main website. A personal website really shouldn’t be all that personal. Really, I just want to be able to write down some ideas, programming examples, and other things like that. You know, masked shameless self-promotion, except it might be useful to someone.
3. Design up, not down - Maybe this should be included under “simplicity,” but I think it is a little different. I have found that it is important to make a design that can be modified easily to include more content or to expand in different directions. It is always better to start small and build up, than it is to try and make a large and complex website from the beginning. On the last website I design (the website for the undergraduate ACLU chapter at the University of Chicago), I wanted to keep it simple. I did this for several reasons. First, I didn’t really want to spend much time designing the site. I took up the project, because I was the only who really could. I used pure xhtml and css. I only made a small gif for a favorites icon (admittedly, I spent too much time on this), and I had a title graphic from the start. I spent a little too long on the css, but it came out simple in the end. Now, I am modifing the site to include more content. Nothing special. I added some SSI commands to put common html snippets in seperate files. I might have approached this website in a different way if I had access to the server the site is on from the start. Anyways, I have realized that this start simple approach gives you the best sites. Same is true with programming, but that is not always apparent in web design.

I am looking foreward to getting back into web design. I stopped for a couple in high school, and I think that I may be able to do some much better work with a new and more mature perspective. I am really looking for a way to just make some of my ideas public. Just start to make a name for myself. This site should be an interesting project.