Prepare!

One of the most elegant built-in operations in C, C++, Java, and JavaScript is the Ternary conditional operator, typically expressed as:

variable = (boolTest) ? trueExpression : falseExpression;

...which is equivalent to this 'if-then-else' pseudo-code:

if (boolTest) {
   variable = trueExpression
} else {
   variable = falseExpression;
}

Using VBScript, I've always missed the simplicity offered by Ternary conditional operators. That is, until I started using the built-in Array() function, and determining the appropriate array index based on a logical test. For example:

Dim result : result = Array("Failure", "Success")(Abs(0 = Err.Number))

In this VBScript example, the "Failure" string is the falseExpression, and the "Success" string is the trueExpression. The "(Abs(0 = Err.Number))" is the actual boolTest. Here, the built-in Abs() function must be used, because VBScript "True" is actually -1, which would return an invalid array index. Recall: We need the array indexes to be either 0 or 1 (not -1).

Although, if you need to invoke a function for the result, then use the built-in Eval() function, like so:

Function Failure()
   ' Some lines of code here
   Failure = "Error (" & Err.Number & "): " & Err.Description
End Function

Function Success()
   ' Some lines of code here
   Success = "Whatever you want it to be"
End Function

Dim result : result = Eval(Array("Failure", "Success")(Abs(0 = Err.Number)))

In this example, "Success" will be returned to the built-in Eval() function if the Err.Number is 0, which invokes the Function Success() and returns its result. Otherwise, if Err.Number is not 0, then "Failure" will be returned to the built-in Eval() function, which invokes the Function Failure() and returns the result to the variable by the same name.

At the very least, I hope these simple examples help reduce some of your VBScript code, which may be plagued by multiple lines of If-Then-Else-End If conditional blocks.

Enjoy.

Like many of you may have noticed, Facebook is way overstepping its bounds lately -- with the help of third-party web developers who insist on linking-back to Facebook.

Have you noticed Facebook boxes appearing on WashingtonPost.com? How about FoxNews.com? No? How about Wired.com? Yahoo.com? Trust me, there's plenty of examples to share, and these are just but a few prominent sites that now feature Facebook content.

This technology now seems more prevalent than web bugs (1x1 transparent GIF/PNG images) and advertising/spyware cookies. Facebook can now track you almost anywhere you go on the web. (yes, Google is just as evil) Not good, IMO. But most people just don't care.

For those of you who do care, however, how do you combat it? I've been reviewing the source code on many of these sites, and have isolated a few scripts and inline frames that seem to be key. Blocking this content with Opera, OpenDNS, or a web proxy/firewall does seem to help -- and still keeps the primary Facebook website functional.

Without further ado, here's the content I've gleaned so far -- which seems to be safe to block:

http://*.yimg.com/b/social_buttons/facebook-share-iframe.*
http://connect.facebook.net/en_US/all.js
http://media3.washingtonpost.com/wp-srv/js/saveshare/fbshare.js
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php*
http://static.ak.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php*
http://www.facebook.com/connect/connect.php?*
http://www.facebook.com/plugins/comments.php?*
http://www.facebook.com/plugins/like.php?href=http*
http://www.facebook.com/plugins/likebox.php?*
http://www.facebook.com/plugins/recommendations.php?*
http://www.facebook.com/widgets/activity.php*site=*
http://www.facebook.com/2008/fbml

--
Oh, and if you do use Opera, be sure to change your primary cookie settings to "Accept cookies only from the site I visit":


...and if you've been using Opera for more than a month, then I also advise to enable the "Delete new cookies when exiting Opera". This will auto-delete any new, temporary advertising/spyware cookies each time you exit Opera (nice).

Finally, if you do find other prominent sites that still expose Facebook content even with these content blocking rules applied, then please share. I'll take a look, and update this blog post (if warranted).

Thanks, enjoy, and be safe.

First off, would you ever visit this domain: likey.net ?

Never heard of it? Neither had I, until recently. Read on...

Would you need more evidence before visiting such a weird domain? If so, check these...

Google Safe Browsing Diagnostic:

• http://www.google.com/safebrowsing/diagnostic?site=likey.net

Part of this site was listed for suspicious activity 23 time(s) over the past 90 days.

Of the 1104 pages we tested on the site over the past 90 days, 15 page(s) resulted in malicious software being downloaded and installed without user consent.

Malicious software includes 37 exploit(s), 1 worm(s). Successful infection resulted in an average of 1 new process(es) on the target machine.

Malicious software is hosted on 32 domain(s).

6 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site.

My Web Of Trust:

• http://www.mywot.com/en/scorecard/likey.net

Adult content Quite a bit of hateful and sexual content that you can't avoid

Entertaining lusting

Phishing or other scams posts malicious link redirects on facebook.

Phishing or other scams Scam.

Phishing or other scams They post of Facebook updates of what appears to be your friends

Phishing or other scams THEY STEAL YOUR IDENTITY! BE AWARE!

Based on this evidence, there's no way in Helga that I'd visit this site!

But guess what? A lot of my Facebook 'friends' share a common interest with this site ... and it may include you!

Do you like "I live for Christ. He is my way, my ligh.." ? Of course, who wouldn't 'Like' this, right? Well, that's exactly what the scammers are hoping too! And your kids are more susceptible at "Liking" Facebook links than you (maybe not this particular one, but many, many others linked to worse domains than likey.net).

Now, what does "I live for Christ" have to do with likey.net? If you hover the original link for "I live for Christ", you'll see that it's from likey.net (or one of their many DNS aliases). Basically, if you "Like" these links on Facebook, you are effectively promoting the site by adding it to your "Likes and Interests" section on your profile. The more links the domain receives, the higher search rankings they receive from Google, Yahoo!, etc. The better their search rankings, the more likelihood they are to appear on the first page of search results -- improving their chances that some other unsuspecting users will click their links too! It's a vicious cycle.

Here's where the real problems can arise: If you or your friends visit the domain, and the domain links-in Facebook API scripts, then they can potentially gain access to your profile and your friend's public information. Even worse, if you allow them -- usually through means of social hacking (eg, 'Click this button to see more!') -- then these domains can even auto-post to your Facebook wall; and some malicious scripts have been known to steal credentials (well, not really steal, but rather, they phish you into entering and submitting your credentials to their domain, not Facebook). Malware Domain List has an entire collection of these Facebook phishing domains, and there's more!

So, how can you check if you're impacted? How can you remove this crap? Unfortunately, it's not straight-forward, but here's my step-by-step approach:

1. Visit Facebook and login. If you already have, then nevermind.
2. Click your "Profile" link in the blue header area in the top-right of this page.
3. Click on your "Info" tab, if visible (top-middle of the page)
4. In your "Likes and Interests" section (if visible), click the "Edit" link on the right side.
5. (Almost there). See all these blue rectangles? Click each one, and review the info on the right side.
6. If you see a gray domain name listed under the link, then it's an external domain reference. My advice: Remove it.
   If you still need help, hover the main link on the right side, and examine your status bar.
   If your browser's status bar does not indicate facebook.com, then Remove it.
7. Repeat steps 5 and 6 for ALL BLUE RECTANGLES.
   Also, if you see a "Show More" link in the section, you'll need to click it and examine all those 'Likes' too (sad, but true).
8. When finished, click the "Show Other Pages" link at the bottom (yep, there's more).
   In the "Other Pages You Like" pop-up list, hover each link and examine your browser's status bar.
   Again, if the domain for the link is not facebook.com, then my advice is to Remove the "Like"
9. !!IMPORTANT!! When finished editing your Likes, press the [Save Changes] button at the bottom of the page.
   Note: If you forget this step, your changes will not be saved, and you'll need to repeat all steps above!

Unfortunately, I've noticed that Facebook has some issues removing certain links that contain control characters, and the like (pun intended). Scammers were probably hoping for this, which is why they included hearts, smileys, skulls, etc. in their links to prevent removal. Therefore, you should repeat these steps frequently and often until only facebook.com "Likes" appear in your Facebook profile list. No sense in feeding these links to your 'friends', right?

Finally, if you have young kids, please review their "Likes" too ... and SPREAD THE WORD!

This ends my educational rant for now. Have fun, but be safe out there.

Cheers!

Go find it now...
http://books.google.com/books/magazines/language/en?rview=1

Once you find your magazine, click an issue, then be sure to click the "Browse all issues" link on the top left of the Google page .. then go back in time using the numbered Google index at the bottom of the page.

On my wide-screen displays, I definitely prefer using Google's "Two pages" view. Much easier to read, and the 2-page ad layouts actually make sense.

If interested, may I suggest the entire 137-year archive of Popular Science?!
http://books.google.com/books/serial/ISSN:01617370?rview=1&source=gbs_navlinks_s

Kinda neat, eh? Oops, apologies if you're a supporter of local libraries.

Enjoy (or not)

This endorsement not paid for by Google "The (Don't Be) Evil Empire"
Sorry, Playboy and Penthouse are not listed for your reading pleasure.

In an attempt to avoid Facebook clickjacking attempts, such as that mentioned here:

http://blog.kotowicz.net/2009/12/new-facebook-clickjagging-attack-in.html

...I present the following UserJS script to confirm external Facebook links prior to navigating to them:

To download, click here

if (document.domain.match(/^(www\.)?facebook\.com$/) || document.domain.match(/\.fbcdn\.net$/)) {
   
   window.opera.addEventListener("AfterEvent", function(e1) {
      for (var i=0,l; l = document.links[i]; i++) {
         if (l.patched) continue;
         if (!l.href) continue;
         if (!l.href.match(/^http(s)?\:\/\/(www\.)?facebook\.com\/l\.php\?u\=http/)) continue;
         l.addEventListener("click", function(e2) {
            var a = e2.srcElement;
            while (a && a.tagName != "A") a = a.parentElement;
            if (!a || !a.href) return true;
            var href = a.href;
            if (!href.match(/^http(s)?\:\/\/(www\.)?facebook\.com\/l\.php\?u\=(http[^\&]+)\&/)) return true;
            var target = unescape(decodeURI(RegExp.$3));
            if (confirm("Are you sure you want to open this content?\r\n\r\n" + target)) return true;
            e2.returnValue = false; 
            e2.preventDefault(); 
            return false; 
         }, 0);
         l.patched = 1;
      }
   }, 0);
   
}

This script enumerates all links on a Facebook page looking for a specific URL pattern identified by Facebook's external link (l.php?u=) script. When found, it adds a new onclick event handler which prompts users to confirm external links prior to navigating to it.

For those of you who visit a lot of external links on Facebook, this script may be too noisy (ala Vista UAC prompts). However, if you prefer to confirm and investigate sites beforehand (eg, on McAfee's SiteAdvisor, Norton's SafeWeb, Google's Safe Browsing, or Malware Domain List), then this script may be useful.

Enjoy.

LINK: http://arstechnica.com/microsoft/news/2009/12/mozilla-exec-urges-firefox-users-ditch-google-for-bing.ars



At the center of the controversy are comments made by Google CEO in this CNBC video.

...and the actual privacy policies between Bing vs. Google.