» Tech Tips



Firefox – Stop Pages from Hijacking the “Tab” Key
Posted by Stephen B. on February 16th, 2014

This one has been a personal pet-peeve of mine for a while now: text fields that hijack the “Tab” key, breaking the Ctrl-Tab & Ctrl-Shift-Tab keyboard shortcuts (to switch between browser tabs) in Mozilla Firefox. Many text editing components do this, particularly ones meant for editing code of some kind, so that pressing the tab key indents instead of switching to the next form field – inadvertently breaking a common, useful keyboard shortcut.

A Google search turns up numerous bug reports, feature requests, and support forum posts complaining about the issue – going as far back as Firefox 3.6 (2010), so it doesn’t seem to be a big priority for Firefox’s developers (evidently they’re too busy creating a poor imitation of Chrome’s user interface). But, as is often the case with Firefox issues, it is possible to fix with some 3rd-party add-ons – read on for the details.


» Post a Comment


Rogers “Extreme Text Messaging”: Useful Features, Silly Name, and Glaring Security/Privacy Risks
Posted by Stephen B. on December 28th, 2013

There’s a set of options that Rogers Wireless bundles under the heading “Extreme Text Messaging” – while it’s not heavily publicized (apparently it’s been around since 2010), it does include some very useful options. It also illustrates one of the more annoyingly-lazy product/service-naming trends (at least they didn’t call it “Xtreme”), and opens Rogers customers up to some fairly serious security/privacy risks – but more on that aspect later. (more…)

» Post a Comment


A Beginner’s Guide to WordPress Security
Posted by Stephen B. on April 8th, 2013

WordPress is one of the most popular blogging/CMS (Content Management System) applications in existence; according to some statistics, WordPress accounts for more than 50 per cent of all CMS-powered websites totaling more than 60 million websites worldwide. This popularity has a flip-side though: there are probably more compromised (hacked) sites running WordPress than any other CMS. But this does not mean that WordPress is inherently insecure – or that it cannot be made secure.

In this post, we’ll take a look at some of the common issues that can lead to compromised WordPress sites – and some of the basic strategies that web developers can use to help ensure the security of WordPress-based sites.




Exporting User List From
Posted by Stephen B. on March 5th, 2013

One of the main problems with the web-based application “” is the absence of many basic features – this includes the lack of any built-in functionality for exporting a list of EMail addresses for the site’s users. The only instructions I could find appear to assume that you’re already familiar with Python development in general, and Zope/Plone in particular (in which case you probably wouldn’t need the instructions in the first place). Faced with a need to export a list of user EMail addresses from a install, and not being familiar with its underlying technologies, I had to find a different method – preferably one that didn’t involve hours of manual copy-pasting.

Read on for the instructions.


» Post a Comment


Updating Expression Engine – The Fast Way
Posted by Stephen B. on February 15th, 2013

Ellis Labs’ ExpressionEngine is one of the best CMS packages available; if you’ve done development work with it, then you’re probably already familiar with its advantages over other CMS software, including free/open source options like Drupal or WordPress. And you also probably know that the process of installing updates is definitely NOT one of ExpressionEngine’s advantages. The upgrade process involves numerous manual steps, you can’t simply overwrite the old files & folders with the new ones (problems will often occur if you don’t remove old files first), and the process involves taking your site offline for at least 10-15 minutes – if you follow the upgrade instructions provided by Ellis Labs, that is.

Fortunately, there are a few simple tricks that can speed up the upgrade process considerably, while also making it more straightforward and removing the need to take your site offline for more than a few seconds. Read on for the details.




Revealing Glimpse Under the Hood of a Broken Comment Spam Bot
Posted by Stephen B. on January 18th, 2013

Earlier today, the Smartypants blog received yet another “faux-praise” spam comment – one of those comments that attempt to look legit, but are still obvious spam because of how generic and semi-literate they are (“Thanks you for all the wonderful infos!!!”). Run of the mill stuff for anyone who runs a blog, or any other type of site that allows commenting, right? This one was a bit more interesting, though.

One of the oldest methods of identifying spam is to look for multiple, identical messages (old-timers are probably thinking “Briedbart Index” right about now) – so spammers will often add random variations to each message in order circumvent filters. And that’s what makes this particular comment spam interesting – for some reason (probably misconfiguration), the comment contains some sort of template markup, which show all of the possible variations of the message. Most of them are minor, such as slight changes in wording:

I {couldn’t|could not} {resist|refrain from} commenting. {Very well|Perfectly|Well|Exceptionally well} written!

In simple terms, this spammer has accidentally posted his entire script/template for generating seemingly-unique comments. Read on for the full script.


» One Comment


Google Plays “Hide the Free Version” with Apps for Domains
Posted by Stephen B. on August 28th, 2012

A few years back, Google introduced a free service called “GMail for Domains” – in a nutshell, it allowed domain name owners to use the GMail service for their domain’s EMail accounts. Later, this was renamed to “Google Apps for Domains” when it was expanded to included other Google apps like Docs & Calendar, around the same time that Google started offering a paid version for businesses. Unfortunately, this was also right around the time that they started making the free version progressively more & more difficult to find (just a coincidence, no doubt).

For example, this post from 2008 describes how the only way to signup for the free version was to start the signup process for a trial of the paid version, and then click a “Compare to Standard Edition” link on the second page. Four years later, and even that option is no longer available – in fact, Google’s main page for the service doesn’t contain even a single reference to the free version (and refers to the service only as “Google Apps for Business“).

Fortunately, there is still a way to sign up for the free version – as of this writing (August 28th, 2012), the only signup link for “Standard” (free) version is on the Google Apps Pricing page (you can also go directly to the signup link for the free version).

» Post a Comment


A Fix for HTML Issues with the WordPress Visual Editor
Posted by Stephen B. on August 6th, 2012

If you’ve done web development work with WordPress, you’ve probably run into this situation: you create a form or some other type of complex content in an external editor, test it as a static page, and it works fine. Then you create a new page in WordPress, paste the code into the HTML tab, and publish the page – but when you check the page, you see that WordPress has added <p> and <br /> everywhere there was a line break in the HTML code itself.

Fortunately, there is a fix – read on for the details. (more…)



Anatomy of a Website Compromise
Posted by Stephen B. on April 28th, 2012

Recently I had the “pleasure” of cleaning up one of the websites we host, and encountered one of the sneakiest website compromises (“hacks”) I’ve seen so far. I’ve decided to document the details, in case the information is of any use to other people whose sites have been compromised the same way. This incident is also a good example of how sophisticated (or at least sneaky) these attacks have become, and the amount of effort required to cleanup a site compromised in this way.

Read more for the gory details.

» One Comment


Lego Laptop: Using a Motorola Bluetooth Keyboard with an Apple iPad2 and a Blackberry Playbook (and a Xoom)
Posted by on August 10th, 2011

The objective of this test was to see if we could use the same keyboard – in this case a Motorola bluetooth keyboard – with either our iPad2 or our Playbook. (more…)

» One Comment



this isn't the link you're looking for (REALLY, we mean it)