Wikipedia defines bookmarklets as "a small JavaScript program that can be stored as a URL within a bookmark in most popular web browsers." Basically, they're buttons you can add to your browser to give you a little extra function and convenience.

I've gathered for you a list of what I believe are the world's best bookmarklets - the ones I've found most useful and probably couldn't continue without. They appear as links; to use them, simply click and drag them onto your browser interface. I tend to keep mine just under my address bar.

frmget - Many web-driven applications accept input in the form of GET variables as opposed to POST variables, despite defaulting to the POST method. By using this button to convert POST forms to GET forms, variables are modifiable in the Address Bar and search results often become bookmarkable where they were not before.

remove maxlength - Ever start typing in a text box only to find that the websites's author set a limit on the text length for no good reason? This button will remove those annoying limits and will allow you to type as much text as you like. I often find this very useful. However, this will not help you when the text length is checked on the server-side.

show hiddens - This bookmarklet will turn all hidden variables into modifiable (and labeled) textboxes. This often comes in handy when you want to see (or change) what data is secretly being passed, without having to sift through the page's source.

view passwords - Are your remembered passwords being sent to your browser in plaintext every time you go to login? Use this button to reveal the content of those masked password boxes.

undisable - Have you ever wondered what would happen if you somehow click those greyed out checkboxes or buttons somehow, even though they're greyed out? Find out by clicking this one first. It will undisable/enable all elements on the page including check boxes, radio buttons, text boxes, and just about anything else that would otherwise be disabled.

toggle checkboxes - Toggle (check or uncheck) all of the checkboxes on a page at once.

Alexa - Check the Alexa ranking of any site with a single click.

zap style sheets - Find out what the page you're on would look like without any Cascading Style Sheets

YSE - Explore other indexed content on a site without having to follow all the links with the Yahoo! Site Explorer

Y - Find out what pages link to the one you're looking at (according to Yahoo!)

MS - Find out what pages link to the one you're looking at (according to MSN)

Please keep in mind that I didn't create any of these bookmarklets. They came from of the following places, which are great places to find more:

Jesse's Bookmarklets Site

Steve Kangas's Bookmarklets.com

Over the last several months, I've done my best to seek out every podcast related to computer security concepts.  I started with a list of just under fifty podcasts and gradually eliminated the ones that consistently failed to offer interesting ideas or were simply too watered down.  I'm left the following list of podcasts that I feel are worth listening to.  Since each podcast certainly isn't for everyone, I've included some details to make it easier to pick that ones that would most likely interest you the most.  This list is in a blatantly-subjective order.  If your podcast hasn't been included, contact me and I'll let you know if it was because I couldn't find it on my own or because I thought it sucked.  If you have something to add, please leave a comment and I'll update my list.

Name: PaulDotCom Security Weekly
Main Subject: anything related to computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: mobile malware, hacking ATM machines, tool that allows for hosts to communicate over wireless without being associated, Spamhaus in trouble, Filtering IM for kids, Hacking Web 2.0 Applications with Firefox
Justification: All kinds of good stuff week after week.  Highly recommended.
Rss Link: http://pauldotcom.com/podcast/psw.xml

Name: Security Now!
Main Subject: computer security and basic technology concepts
Format: Formal
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Parallels, Virtual PC, Application Sandboxes, Blue Pill, Vista's Virgin Stack
Justification: The show still touches on a number of interesting subjects that are worth tuning in for.
Rss Link: http://leoville.tv/podcasts/sn.xml

Name: Binary Revolution Radio
Main Subject: hacking, phreaking, computer security
Format: Casual
Approx. Updates Per Month: 4 to 5
Recent Subjects Covered: Toorcon, IPv6, Covert Channels, Phishing, Tunneling
Justification: Less organized but offers fresh information and interesting discussion each week
Rss Link: http://www.binrev.com/radio/podcast/

Name: PLA Radio
Main Subject: Phreaking
Format: Very Casual
Approx. Updates Per Month: 1 to 2
Recent Subjects Covered: Free Phone Calls, Beige Boxing, Deaf Relay Operators (IP Relay), Social Engineering
Justification: Covers topics related to "phone hacking".  While the format is a bit strange, some of the older episodes had me laughing uncontrollably and are worth a listen.
Rss Link: http://www.phonelosers.org/rss.xml

Name: Off The Hook
Main Subject: General technology, phreaking, politics
Format: Semi-formal
Approx. Updates Per Month: 4 to 5
Justification: This show, hosted by Emmanuel Goldstein, has been running since the 80's and has become somewhat legendary in the Hacking and Phreaking communities as it's been there to document the evolution of technology.  Definitely worth a listen.
Rss Link: http://www.2600.com/rss.xml

Name: SploitCast
Main Subject: new vulnerabilities, exploit code, security and technology news
Format: Casual
Approx. Updates Per Month: 1 to 4
Recent Subjects Covered: Interview with Johnny Long, ping tunneling, sensitive data on stolen laptops, Zfone, high level ISP hacks, darknets
Justification: They haven't been releasing much lately, but their episodes are usually pretty interesting.  I can't find any other podcasts that discuss exploit code in great detail.
Rss Link: http://sploitcast.libsyn.com/rss

Name: Blue Box: The VoIP Security Podcast
Main Subject: VoIP Security, of course
Format: Semi-casual
Approx. Updates Per Month: 3 to 6
Recent Subjects Covered: Skype security news, interviews, VoIP fraud, recent vulnerabilities
Justification: Covers some great VoIP-related security-centered information.
Rss Link: http://feeds.feedburner.com/BlueBox

Name: TWAT Radio
Main Subject: All things technology with a slight security focus
Format: Casual
Approx. Updates Per Month: 10+
Recent Subjects Covered: Newsgroup readers, Wireless attacks for dummies, Eggdrop, Wake On Lan, Network Recon, VPNs, The GIMP, Cygwin
Justification: Covers a great deal of different technology subjects
Rss Link: http://www.twatech.org/wp-feed.php

Name: Basenet Radio
Format: Casual
Approx. Updates Per Month: 2 to 4
Justification: Underground feel, great information
Rss Link: http://www.basenetradio.net/rss2.xml

Name: LugRadio
Main Subject: Linux and Open Source
Format: Casual
Approx. Updates Per Month: 0 to 2
Recent Subjects Covered: the Portland Project, trusted computing, comparison of Linux distributions, Software Freedom Day
Justification: Possibly the most popular Linux-related podcast
Rss Link: http://www.lugradio.org/episodes.rss

Name: The Linux Link Tech Show
Main Subject: The cutting-edge in Linux-based technology
Format: Casual
Approx. Updates Per Month: 4
Recent Subjects Covered: Linux Home Automation, OpenWRT, Asterisk, Debian vs Mozilla, DRM
Justification: Lots of good Linux-related information
Rss Link: http://www.thelinuxlink.net/tllts/tllts.rss

Name: StillSecure, After all these years
Main Subject: All things related to information security with a focus on a business environment
Format: Formal
Approx. Updates Per Month: 2 to 5
Recent Subjects Covered: Interview with Steve Hanna of Juniper Networks, TCG/TNC, The IETF, 3rd party patching
Justification: This podcast includes some great interviews and information centered around enterprise security
Rss Link: http://clickcaster.com/clickcast/rss/1653

Name: Symantec Security Response Podcast
Main Subject: Security updates
Format: Formal
Approx. Updates Per Month: 2 to 4
Justification: A consistent source of security updates - great for people who are charged with defending a network for a living
Rss Link: http://www.symantec.com/content/en/us/about/rss/sr/sr.xml

Name: Network Security Blog
Main Subject: Network Security…
Format: Formal
Approx. Updates Per Month:
Rss Link: http://www.mckeay.net/secure/index.xml

Please understand: The information on this ID has been verified against the user's PayPal data to confirm that is indeed the real McCoy. The person who did this has access to the bank accounts and credit cards.  In addition, he has a personal website that features the same username as what he used on our system and has his real name all over the domain records.  This person is not framed.  It's really him.

UPDATE: As if that wasn't enough evidence, he's come out and admitted on his personal website that the ID is indeed his.  In addition, the IP that was used to execute the UDP flood perl script matches the IP he contacted me with on IRC.  Please, for the sake of my sanity, stop telling me he might have been framed.

As the administrator of a free shell account provider, I see all kinds of questionable activity on a regular basis.  Some people try their hardest to root the server they've been given access to, shut it down, or to wreak havoc on a remote server from ours.  In any case, they usually try to cover their tracks before trying anything stupid.  Not so in the case of Mr. Machelesen of the Netherlands.  Before uploading and executing a perl script designed to send a flood of UDP traffic to an IRC user, he was kind enough to upload a scanned copy of his official government-issued photo ID to his public_html folder.

Meet the script kiddie of the year, Mr. Machelesen:

Please take this moment to make a mental note: It's not a good idea to upload photo ID before bringing down a shell service.

There's nothing worse than being stuck somewhere with nothing to do, be it the airport, public transportation, or an incredibly boring lecture.  As someone who almost always has his laptop handy, I often find myself wishing I could get on the internet to talk to friends, check email, and read up on the latest news - anything to pass the time.  The problem is that mobile data service is so darn expensive.  Verizon and Sprint both charge almost $60 per month for speeds of 60 to 80kbps, and Cingular isn't much better with a price of around $45 per month.  T-Mobile used to have a great Unlimited GPRS plan for only $19.99 per month, but alas, they now package it with their WiFi crap and force you to pay $29.99 per month for unlimited data.

But don't lose hope.  There's actually a way to connect your laptop to the internet, almost anywhere in the US, to take care of your web browsing, instant messaging, and IRC needs, without having to worry about over-usage fees, for only $5.99 per month.  The secret is in the details.

You see, T-Mobile has several tiers of data service all with different and mostly-meaningless names.  The first part of the trick is figuring out what the differences are and using them to your advantage.  Let's take a look:

• T-MobileWeb - $5.99 - Internet access intended to be used by your phone.  Formally called "T-Zones".  Operates through the APN wap.voicestream.com.  Outbound traffic is restricted to ports 25, 110, 143, 465, 587, 993, 995, and 8080.  The IP you are issued is non-public.  An HTTP proxy is also provided at 216.155.165.50.
• Total Internet - $29.99 - Same as T-MobileWeb, but without the port restrictions and uses a different APN.  Operates through the APN: internet2.voicestream.com. The IP you are issued is non-public.
• Blackberry Unlimited - $19.99 - Same as Total Internet, but cheaper and includes some extra support for Blackberry's.  Operates through the APN: blackberry.voicestream.com. The IP you are issued is non-public.
• Internet with VPN - Same as Total Internet, but you actually get a public IP, albiet a dynamic one, instead of one based on NAT.

It should be noted that with EDGE-enabled phones, consistent speeds of 190Kbps are common.

Simply put, your laptop can be configured to use the APN that was intended for your phone.  So, if you just want to be able to connect to the internet for web browsing, AIM, and/or IRC, here's how it's done for $5.99 per month:

1. Sign up for T-MobileWeb and get an EDGE-capable phone.   They're free with a contract, and if you're already with T-Mobile, chances are good that your phone is already EDGE-capable.
2. Download drivers for your phone from the phone's manufacturer.  These are usually very, very easy to find.  If you have trouble, post a comment with your phone brand and I'll help you find them.
3. Connect your phone to your laptop via Bluetooth, Infrared, or by USB Data Cable, whichever floats your boat.
4. Create a Dial-Up Networking connection, select your phone as the modem.
5. Then go to the "Advanced" Tab and add this line into the "Extra Initialaization commands":
   AT+CGDCONT=1,"IP","wap.voicestream.com"
6. Now simply set the phone number to *99# and dial.  A connection should be established pretty quickly.
7. Configure your browser to use the HTTP proxy:
1. Firefox users, click Tools > Options and then click on "Connection Settings".  Enter 216.155.165.50 as the HTTP proxy and 8080 as the port number
2. Internet Explorer users, click Tools -> Internet Options, choose the connection tab. Then the "LAN Settings…" button.  You MUST have "Automatically detect settings" with a checkmark.  Put a checkmark at the bottom at the "Use a proxy server for your LAN" and put the "Address:" of 216.155.165.50 and the Port of 8080.

That's it!  Enjoy unlimited 190Kbps nationwide internet access for only $5.99 per month.  And, if you feel like the port restrictions are getting in the way, just tunnel through a free service like Silence is Defeat.

Enjoy!  Be sure to post a comment to let me know how it went for you. 

For all of those who thought Linux just wasn't that appealing to the eye and that Microsoft would offer something much cooler to look at, please take a second to watch this video.  The effects offered by Novell's newly-released Xgl, which is a version of the X server powered completely by OpenGL, takes the PC desktop to a whole new level of eye candy.  I've never been a fan of flashy visual effects, but this makes OS X look like Windows 95.  I can't wait to try it.

A note to Tor users:

If you didn't already know, Tor is a distributed anonymity network that allows anyone to use the Internet to both browse the web and publish information without giving away his or her identity.  It's a wonderful step in the direction of privacy and it serves an increasingly important role in today's world.  As far as usability goes, Tor clearly has more potential than any anonymity network that I've ever seen.  Tor could very easily be the most powerful tool that we as everyday people have to combat the gradual removal of our personal rights and freedom. 

However, as of right now its most likely cause of death is not an organization or government, but rather its own users who in some cases, perhaps out of ignorance, take advantage of privacy the Tor network affords them by hiding behind it to steal software, movies, and music.  I'm not going to sit here and claim that I haven't pirated my fair share of all of the above; that's not what this is about.  Before you use BitTorrent on Tor, please stop and consider the effect this has on the Tor network. 

When you use BitTorrent on Tor, you're placing an incredible amount of burden on the network and sucking up the bandwidth that could have otherwise been used for the purpose of freely spreading information.  You're discouraging people from donating their bandwidth to running the exit nodes that allow the Tor network to function.  You're destroying everyone's ability to publish information without being persecuted by their government.  You're destroying the privacy that so many people worked so hard to give us.

Besides, if you want to download files from a torrent, there are much more efficient and much faster ways of doing it.  See this article for example.   Using Tor for your BitTorrent download will undoubtedly take much longer than any other method around.

A note to Tor Exit Node administrators:

You have the power to prevent people from using your exit node to waste your bandwidth and destroy Tor.  Simply add the following lines to your exit policy and restart your exit node.  This will in no way impact people who are using Tor for legitamate reasons.

ExitPolicy reject *:1214
ExitPolicy reject *:4661-4666
ExitPolicy reject *:6346-6429
ExitPolicy reject *:6881-6999

A note to all BitTorrent users:

It is, in theory, possible to slow down the abuse of Tor by configuring your BitTorrent client to block traffic that's going to or from Tor exit nodes.  This will in turn slow down torrent download for people using the Tor network and will discurage people from abusing Tor in that matter.  This is something I'm currently researching.  What I'd like to do is offer a BT client-compatible block list that auto-refreshes based on known Tor exit nodes.  This would allow BitTorrent users to block all torrent traffic to Tor users.  If anyone has a better idea on how to combat torrent-related Tor abuse, by all means, please let me know. 

Let's all work together to preserve the wonderful privacy Tor and the EFF has allowed us to enjoy! 

Thanks for listening. 

Just some random thoughts about hybrid cars…

I've always been a little interested in alternative fuels, not because I care about the environment, but because I hate the idea of giving so much of my hard-earned income to the bastards at the Big Oil companies.   After some research, I've learned two things:

1. It's very possible and not very hard to convert a normal car that runs on desiel to a a car that runs on vegetable oil. This is appealing to me because it would allow me to take vegetable oil used by restaurants, that I could presumably get for free since they normally have to pay someone to take it away, and pump it into a car to use as fuel… This would basically mean free fuel for the life of my car.  Of course, the logistics of doing this are a little more complicated.  Still, it's very possible.  By the way, as a side-effect, this causes the converted "grease" cars to get greater gas milage, too.
2. It's very possible to perform a conversion on a hybrid car to allow it to be plugged in at night, thus supplementing the power it would normally have to get from the gasoline engine.  This is interesting to me because it would give me the choice of using energy from the power grid for my travel around town, which makes up a vast majority of what I use my car for.  If I was interested in the environment, I'd probably also be thrilled with the fact that I'd be using hydroelectric, nuclear, and coal as a source of energy instead of crude oil, but again, I'm more concerned about choosing where my money goes rather than how it impacts the environment.

So here we have two very interesting but very different approaches to channeling my weekly energy tithe away from Big Oil.  You could take the latter approach a step further and get a solar panel to plug your car into, but I haven't investigated the wattage requirements of a plug-in hybrid nor the cost of a solar panel large enough to meet said requirements.

But what if they came out with a desiel hybrid?  It would then, in theory, be possible to have a vegetable-oil-powered vehicle that could be plugged-in at night.  You'd never need traditional fuel at all, and depending on your driving habits, you wouldn't really need much vegitable oil either.  Interesting stuff.

Ever wonder why it is that we have so many alternative sources of fuel but still don't see companies cropping up all over the place to promote and profit from them?  It doesn't seem to makes sense.

Well, Chris Paine, the creator of the movie Who Killed the Electric Car? seem to have a sensible answer.  Check out the plot summary from IMDB:

With gasoline prices approaching $4/gallon, fossil fuel shortages, unrest in oil producing regions around the globe and mainstream consumer adoption and adoption of the hybrid electric car (more than 140,000 Prius' sold this year), this story couldn't be more relevant or important. The foremost goal in making this movie is to educate and enlighten audiences with the story of this car, its place in history and in the larger story of our car culture and how it enables our continuing addiction to foreign oil. This is an important film with an important message that not only calls to task the officials who squelched the Zero Emission Vehicle mandate, but all of the other accomplices, government, the car companies, Big Oil, even Eco-darling Hydrogen as well as consumers, who turned their backs on the car and embrace embracing instead the SUV. Our documentary investigates the death and resurrection of the electric car, as well as the role of renewable energy and sustainable living in our country's future; issues which affect everyone from progressive liberals to the neo-conservative right.

Check out the trailer at Sony's website by clicking here.

Click here to see an interview with the film creator and a half-hour summary of the story.

Ever notice how surfing sessions with Firefox start out fast and slow to a crawl as Firefox eats more and more memory?  Well, it took a while, but I did.  As we speak, my copy of Firefox is taking up over 270MB of RAM! WTF?  A little research revealed that this is due to a memory leak that was never fixed.  Here's a list of things you can do to minimize the problem:

1. The first course of action is not a change in settings, rather the first thing you should do is check this list to see if any plugins you have installed are on them.  In my case, I was running the official copy of the Google Toolbar, which has a known memory leak.  This is most likely the true source of my memory problems, not the browser itself.  I was able to uninstall the official Google Toolbar and install the unofficial Googlebar as well as a PageRank addon , to make up for the fact that the unofficial Googlebar doesn't show PageRank.  By the way, I installed these separately instead of using the combined PRGoogleBar because the Googlebar project seems to be more up to day in terms of development.
2. Start tweaking settings.  By default, browser.sessionhistory.max_total_viewers is set to -1, which means that Firefox will try to determine a good value based on the total amount of RAM you have in your system.  The following table shows what value Firefox will choose based on your total RAM:
   
   

   32MB	0
   64MB	1
   128MB	2
   256MB	3
   512MB	5
   1GB	8
   2GB	8
   4GB	8

   I have 512MB of RAM in my Laptop/Tablet PC system, so Firefox would choose a value of 5.  The higher this value is, the more memory Firefox will consume when I use alot of tabs at one, which I do often.  Lowering this value causes less memory to be used but also causes more previously visited pages to have to be re-parsed (thus increasing their load time).  I decided to hardcode this to 2 instead.  A value of 3 may be a better idea, but I want the effects of these changes to be as clear as possible.  By the way, you can access these settings by typing "about:config" into your address bar, without the quotes, and pressing Enter.

3. There are other values that could be adjusted like browser.cache.memory.capacity and config.trim_on_minimize, but the former already has a pretty small value, and the latter only takes effect while Firefox is minimized, which isn't good enough for me.

Well, that's it.  Good luck.  Be sure to post a comment and let me know how it went.