Wednesday, November 11, 2009

Must-have Firefox add-ons for safer and trouble-free browsing

One of my favorite browsers is Mozilla Firefox, for several reasons, but mainly because it is quite safe and can be modified using add-ons to browse even more safely. These are some of my favorite plugins that give me a trouble-free browsing experience and protect me from malware, virusses and all sorts of web attacks :

  • Noscript (Download) : This add-on disables all Javascript by default and protects you from Cross-site scripting (XSS) and other kind of web attacks. You can manually enable the Javascript of sites you trust and leave the Javascript of unknown sources disabled.

    A lot of websites use Javascript to enhance the browser experience. Some are small and innocent like loading a Flash-animation. While others use a vast array of scripts to make a fully dynamical website using AJAX, like Google, Facebook and Flikr.
    But unfortunately some Javascript has no good intentions and tries to install malware or steal personal information (usernames, passwords, credit card information, ...). Sometimes these bad scripts are added to websites you trust (because these websites were compromised), or you end up on a shady website by accident.
    Your browser executes all Javascript by default, even the bad Javascript. So if you visit a website that contains bad Javascript, it will be executed. Unless you turn Javascript off completely, but then websites like Facebook or Gmail won't work.
    Or you can install the Noscript add-on and take control of which Javascript is executed by your browser.

  • Adblock Plus (Download) : This add-on removes all advertisements from the webpages you visit. It uses a list of advert-providing websites and blocks all images, scripts, iframes and pop-ups that originate from these sites. The list is maintained by the developers of Adblock Plus, so you don't have to do this yourself.
    Install this add-on if you want ad-free surfing.

  • Flashblock (Download) : This add-on disables all flash-plugins on a website. By a simple mouse click, you can view them.

    Some website are flooded with flash-plugins and make it cumbersome and slow. This add-on disables them all, so they don't load.
    If you do want to see them, for instance to watch a YouTube clip or to play a flash game, you have the choice to enable it.

Sunday, November 08, 2009

How to set up a fully encrypted dual boot PC

I planned to reinstall my (old) laptop with a fully encrypted hard drive and dual boot (Windows and linux).
Unfortunately, I couldn't find a (free) software solution that supports this. So I'll use different systems for Windows and linux. A hardware based full disk encryption might do the trick, but this must be supported by your PC hardware.
For the encryption of the Windows system partition I will use TrueCrypt.
The linux encryption will use dmcrypt / LUKS.

Disclaimer : This article is intended for advanced computer users. Please don't try any of this if :

  • you never installed Windows or Linux before
  • you are not comfortable with encrypting your hard drive
  • you don't know why you should encrypt your hard drive
  • you don't know how encryption works 
  • it is not legal to use encryption in your country
If you do something wrong you might loose all data on your hard drive, or your PC might not start up. I am not responsible for data loss, in case you try what's described below.

If you are not comfortable with all this, please don't try what I have described below. This article is intended for people who want to try creating a fully encrypted hard drive, and have the experience, skills and knowledge to make it work or to restore a PC if something goes wrong.
It is advised to make a backup of your harddrive before starting.

First step : install Windows

I'm installing Windows XP SP3, but this should work with future versions as well. (TrueCrypt supports XP, Vista and Windows 7)

Insert the Windows installation CD and create a partition with a size suitable for you (leave some space on the hard drive for Linux and the shared data partition : I chose 20 GB for Windows, 7 GB for linux and the rest for the shared data partition).
Install Windows on the created partition.

Second step : install Linux

For installation of linux with hard drive encryption, I would like to refer to an excellent manual (with Ubuntu 8.04). But make sure you change the location of the bootloader, otherwise your Windows system partition will not be available anymore :

  • Click the Advanced button in the last screen of the installation process and select to install the boot loader on the Linux partition (in my case /dev/sda3), in stead of MBR (/dev/sda). 

    TrueCrypt uses the first sector of the hard drive to load a small program to decrypt the hard drive on boot, so a boot loader like GRUB should be installed in the first sector of a partition, not in MBR.

Last step : Encrypt hard drive

  1. Download and install TrueCrypt.
  2. Setup hard drive encryption :
    • Start TrueCrypt (in Windows)
    • In System -> Encrypt System Partition/Drive
    • In the window that opens, select Normal and click Next
    • Select Encrypt system partition and click Next
    • Answer No on the question to encrypt the Host Protected Area and click Next. (This is the safe answer to continue using diagnostic tools, ... that are installed by the manufacturer of your PC)
    • Choose Multi-boot and click Next. 
    • Confirm that you want to use the Multi-boot option.
    • Answer Yes on the question if the OS is on the same disk as the bootloader.
    • Choose the number of drives. In my case this is 1. But you have to choose 2 or more if you have more than one physical drives in your PC.
    • Answer No on the question if you use a non-Windows bootloader (f.e. GRUB, LILO) on the MBR (if you followed instructions your linux bootloader should not be in MBR)
    • Read the remarks about Multi-boot and click Next
    • Confirm the question about Windows Vista SP1.
    • Choose the desired encryption algorithm. Consider the strength of the desired encryption and the legal use of this type of encryption in your country. I choose AES (Rijndael). More info on the other encryption algorithms : Twofish, Serpent
    • Choose a password and confirm (Keep in mind, that it is adviced to use a strong password. Don't forget this password otherwise it is virtualy impossible to get your data on the encrypted hard drive back.)
    • Create random data by moving your mouse in the window. (The more random, the better the encryption)
    • Create a rescue-disk to be able to restore a damaged boot sector, save it to a disk (different from the one you are encrypting) and burn it to CD or DVD. The encryption process will not contibue unless you do so.
    • Choose the wipe mode, I chose 3-pass. You can choose another value if you are more or less paranoid.
    • Now your setup, computer, the bootloader and your password is tested. Your PC will reboot to do this. Nothing is encrypted at the moment. 
  3. Reboot your PC and test all setting before encryption:
    • When rebooting, you will notice the normal bootloader was replaced by the one of Truecrypt. You have to enter the password you submitted in order to boot Windows
    • After reboot, TrueCrypt will start. If the test was succesfull, the encryption will start. The encryption process can be cancelled, paused or reverted at any time.
    • The encryption took little over an hour in my case (20GB partition size, 3-pass wipe mode)

Finally : booting your system

When your PC boots the TrueCrypt bootloader starts and asks you for a password to encrypt your harddrive. If you provide the correct password, Windows boots.
When you start TrueCrypt, you will notice the C-drive is already there (it was loaded at boot).

If you want to start linux, just press ESC in the TrueCrypt boot loader. This will take you to the linux boot loader (GRUB in my case).

Friday, November 06, 2009

Checking for empty variables in PHP

While writing some php code I checked for an empty string, using the empty() function, but I got this error :

PHP Fatal error:  Can't use method return value in write context
I found this very strange because I've used the empty() function many times before. It turns out that the empty() function can not handle the return value of a function or method. You can only check variables using this function.

The solution is simple, store the return value of a function in a variable, and then check the variable with the empty() function :

if ( empty ( some_function() ) ) {

$some_variable = some_function();
if ( empty ( $some_variable ) ) {

On a side note, using the empty() function, is the best way to check for an empty variable, because it combines multiple checks, and works for different variable types. See documentation for details. When relying solely on strlen() or isset(), you can get an unexpected result.