Minefield: I came, I saw, I couldn’t use it

November 1st, 2008 by Sjan Evardsson

I decided I would be brave and download Minefield (the latest “trunk build” from Firefox) and try it out. I have been reading several reviews about how fast it is, and wanted to see for myself.

I was not, however, able to use it at all. First, my current setup. I am running OS X 10.5 on a 17″ MBP with 4GB RAM. (I have the older mobo however, and the system only actually uses 3GB.) I also have Parallels 3.0 installed with a Windows XP VM (this is important) and two Linux VMs (a Gentoo server and an Ubuntu desktop).

When attempting to start Minefield on OS X (Parallels not running), as Minefield starts Parallels attempts to start an installer on Win XP. The VM cannot be shut down until Minefield is shut down and the only way to do that is via Force Quit. Otherwise the installer continues to attempt to run on Win XP in Parallels. I did not download the Windows installer, nor did I wish to, however, there is something that is triggering a “Firefox Installer” on Win XP whenever Minefield attempts to open on OS X.

Needless to say, while Minefield will not start until it has finished “installing” on XP, and since it is trying (I guess) to install the OS X version on XP, I end up with a hung Minefield and an endless loop of Windows error messages (“The application Firefox Installer has performed and illegal operation etc etc”) followed by the “Firefox Installer” on Windows dying and respawning. Maybe I’ll try again in a week or two, since these are trunk builds and fixes and updates are coming in pretty regularly at this point.

Bookmarklet and Google Gadget for etymonline.com

December 19th, 2006 by Sjan Evardsson

I ran across the Online Etymology Dictionary the other day and was blown away by the well-designed and incredibly useful service they offer. Of course, it’s much nicer to have access to that functionality at a click, so of course I created a Firefox/Mozilla bookmarklet. But I wanted to have the same thing available on my Google homepage, right next to the Dictionary search box and the Wikipedia search box, so I created a “Google Gadget” for it as well.

To use the bookmarklet, drag the link below into your Firefox/Mozilla bookmarks bar.

Find Etymology

To use the “Google Gadget” go to your Google homepage, click on the “Add Stuff” link, click on “Add by URL” and enter http://www.evardsson.com/files/gg_etymonline.xml

Enjoy!

Surf carefully

October 3rd, 2006 by Sjan Evardsson

Although it has been said many, many times, be careful how you surf. Make sure your machine is patched, you have anti-virus and spy ware blockers, blah blah blah.

Well, if a picture is worth a thousand words, then maybe this video will shed some light on the subject (sorry – it is an ad for McAfee, which I neither use nor recommend – just my personal preference) .

Code for IE exploit posted

September 17th, 2006 by Sjan Evardsson

Hackers Post Code for New IE Attack

Although the hackers are calling it a 0day exploit, it seems that it isn’t really. It is one of many that can be easily found using the AxMan ActiveX fuzzing engine. It seems that the guys over at xsec.org are trying to take more than reasonable credit for writing code to exploit a known vulnerability.

HD Moore, head of the Metasploit project was quoted in the article as saying:

“This is one of the many exploitable bugs that can be discovered using AxMan and one of the few that I didn’t include in Month of Browser bugs due to the ease of exploitation. I still have three or four left in IE that have similar impact.”

There is also a Secunia Advisory related to this exploit.

Security fixes for Firefox

September 14th, 2006 by Sjan Evardsson

Firefox 1.5.0.7 was released this morning which fixes the following security issues:

MFSA 2006-64 Crashes with evidence of memory corruption (rv:1.8.0.7)
MFSA 2006-62 Popup-blocker cross-site scripting (XSS)
MFSA 2006-61 Frame spoofing using document.open()
MFSA 2006-60 RSA Signature Forgery
MFSA 2006-59 Concurrency-related vulnerability
MFSA 2006-58 Auto-Update compromise through DNS and SSL spoofing
MFSA 2006-57 JavaScript Regular Expression Heap Corruption