OVH et les headers HTTP

Friday, January 15th, 2016

Si un soir d’hiver, il vous prend l’envie d’envoyer des headers HTTP à votre back-end hébergé chez OVH (i.e., si vous êtes aussi cinglés que moi), alors ma petite histoire devrait vous intéresser (en tout cas la conclusion)!

Comme j’ai une forte tendance à vouloir expérimenter, j’ai mis en place un petit système de jetons basés sur les JSON Web Tokens (JWT), de façon à pouvoir en générer à la volée, vérifier leur validité, les renouveler, etc.

Comme je n’ai toujours pas de serveur dédié (à vot’ bon coeur :p), j’ai implémenté ça en PHP (cfr mon post précédent) et j’ai uploadé ça sur un hébergement OVH.

J’avais évidemment tout développé/testé en local et j’étais plutôt content de moi. Or voilà, une fois déployé sur OVH, mon premier essai a été un échec total. Tellement foireux même que j’ai crû à une éclipse lunaire.

Après avoir retourné le bouzin pendant une bonne demi heure, je viens de me rendre compte qu’OVH ne passe pas les headers HTTP sans les chatouiller un peu au passage.

En effet, mon joli header “Authorization” disparaît pûrement et simplement à l’arrivée, tandis qu’une version plus exotique telle que “X-Authorization” devient quand à elle “X_Authorization”.

Alors je m’imagine bien qu’OVH fait ça pour de super bonnes raisons (que je suis curieux de découvrir), mais j’avoue que pour le coup ils ont réussi à me donner la nausée :)

Bref, vous êtes prévenus!

PHP composer and… Bash!

Sunday, December 20th, 2015

Bash bash bash!

It’s been a very long while since I’ve last played with PHP.
I’m not really willing to start a new career as PHP integrator, but it’s still cool to see that the language and the tooling around has evolved quite a lot.

Atwood‘s law states that any application that can be written in JavaScript will eventually be written in JavaScript. One could also say that any language will ultimately get its own package manager (hello npm, NuGet, Maven, …).

So here I am, needing multiple PHP libraries and willing to try a PHP package manager :).

Apparently, composer is the coolest kid around in PHP-land. As you know I still like BASH … on Windows, so here’s a quick guide to get PHP and composer available in your Windows bash universe.

First, you need to download the PHP binaries for Windows; you can get those here (always prefer the x64 version).
Once you have the archive, unzip it where you wish then, in the folder, make a copy of “php.ini-development” and call it php.ini. That’s the configuration file that php will load each time it runs on the command line.

Edit php.ini and in it you need to uncomment the following things (for starters):

  • extension_dir = “ext”
  • extension=php_openssl.dll

With the above, you’ll have SSL support and PHP will know where to find its extensions.

Now, create a folder in which you’ll place PHP extensions. In my case, I’ve created a “php_plugins” folder and placed it right next to the folder containing the PHP binaries (I like to keep things clean).

Next, open up you bash profile and add something along those lines:

alias php7='export PHP_HOME=$DEV_SOFT_HOME/php-7.0.1-Win32-VC14-x64;append_to_path ${PHP_HOME}; export PHP_PLUGINS_HOME=$DEV_SOFT_HOME/php_plugins;'
alias php='php.exe'

Make sure to call ‘php7’ at some point in your profile so that PHP is actually added to your path. Personally, I have a “defaults” alias in which I list all the things that I want to be loaded whenever my shell is loaded:

alias defaults='php7; ...'

# Initialization
defaults # Load default tools

Close and reopen your shell. At this point you should have php at your disposal anywhere you are (eeeewwwww scary :p).

Now you’re ready to get composer. Just run the following command to download it:

curl -sS https://getcomposer.org/installer | php

Once that is done, you should have a “composer.phar” file in the current folder; grab it and move it to your “php_plugins” folder.

Finally, edit your bash profile again and add the following alias:

alias composer='php $PHP_PLUGINS_HOME/composer.phar'

Close and reopen your shell. Tadaaaaa, you can type “composer” anywhere and get the job done.. :)

Security HTTP Headers FTW

Saturday, December 19th, 2015

In the last couple of months, I’ve tried to improve the overall security of this site. I’ve started by putting my server behind Cloudflare to get HTTPS (along with other nice availability/performance improvements). Then I closed my eyes and enabled HSTS. I even dared adding this site to the HSTS preload list (i.e., the list of HSTS-enabled websites loaded in all modern browsers). Weakest-Link-Graphic Today I’m taking this a step further with the addition of some security-related HTTP headers. You might say that this was the very first thing I should’ve done and you’d be right to say so, but here comes :) From now on, if you take a look at the initial response, you’ll see that the following headers (among others) are being sent to you:

...
X-Frame-Options "SAMEORIGIN"
X-Xss-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
content-security-policy: "default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src * data:; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com https://apis.google.com https://*.linkedin.com https://platform.twitter.com https://connect.facebook.net;child-src 'self' https://accounts.google.com https://apis.google.com https://platform.twitter.com https://*.facebook.com; font-src 'self' https://fonts.gstatic.com data:; frame-ancestors 'none';report-uri https://www.dsebastien.net/csp_report.php; connect-src 'self'; form-action 'self'; upgrade-insecure-requests; reflected-xss block; base-uri https://www.dsebastien.net; object-src 'none'"

The X-* headers give additional protection against clickjacking, cross-site scripting (XSS) and preventing some user agents from doing mime type sniffing. Those are nice, but the main one is the Content Security Policy (CSP). There are tons of articles about what a CSP is and how to configure one so I won’t go into the details of that. Any security expert will quickly notice that this isn’t the strictest CSP (far from it) because it allows ‘unsafe-inline’ for scripts & styles. The thing is that adding hashes or nonces to all scripts and styles is not an easy thing to do; even less so when you inherit that from many wordpress plugins… Also, some minified code (e.g., jQuery plugins) uses eval (evil?). For now, I’ve decided to lower my security goal. I’ll surely revisit this later though (probably with the new version of the site). Notice that the CSP makes some older HTTP headers redundant (e.g., X-Frame-Options) but I’m still keeping the older variants just for the sake of wider support. These will go away over time. Here are some tips if you want to go about and create a CSP for your site/domain:

  • start with the report-only mode. It’ll only log errors in the console and will not actually block anything; this is a great starting point:
    content-security-policy-report-only: default-src 'none';
  • use tools such as the CSP extension for Fiddler or an online CSP generator
  • once you’ve got rid of all console errors, remove ‘report-only’ to make your CSP effective
  • configure a ‘report-uri’ to be aware of CSP-related issues. Just be careful with this as attackers might probably take advantage of that (i.e., do not mail yourself all violations :p)

More generally, you can use online tools such as this one to review your site’s security headers. If you look at my site there, you’ll see that I could add HTTP Public Key Pinning (HPKP) headers to improve security a bit more. I won’t do it though as I don’t want my site to break whenever CloudFlare decides to present a new certificate in front of my site…

As a side note, if you’re using Apache, you can configure security headers through .htaccess files and the headers module (mod_headers). Here’s an example:


Header always set X-Frame-Options "SAMEORIGIN"
...

I’m sure that this site still has many vulnerabilities, but there aren’t enough hours in the day for me to fix everything at once. I have other improvements in mind, but that’ll be for later! :)

Installing node and npm on Ubutun 15+

Friday, December 18th, 2015

In case you would want to use one of my recent projects (e.g., ModernWebDevGenerator or ModernWebDevBuild) on Ubuntu (or any other OS btw), you’ll need nodejs and npm.

If you’re using ubuntu and go the usual way (i.e., sudo apt-get install…) then you’re in for a bad surprise; you’ll get node 0.1x.y and also a very old npm release.

Actually, the best way to get nodejs and npm on Ubuntu is to use the node version manager (nvm).

nvm can be used to install and keep multiple versions of node in parallel, which is very useful, especially when you have to test your node-based project on multiple versions.

The installation is very straightforward:

curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.29.0/install.sh | bash

After that, close and reopen your terminal. You now have ‘nvm’ at your disposal.

nvm install 4.0
nvm install 5.0
nvm use 5.0

Just with the above, you get two versions of node (along with npm) installed. As you can see, you can use ‘nvm use’ to change the active version easily.

That’s it!

Use bash to decompile Java class files recursively

Tuesday, December 8th, 2015

Here’s a quick one. As you *might* know, I like Bash (even though I’m a Win* user..), so here’s an alias I’ve added recently:

export JAD_HOME=...
append_to_path $JAD_HOME
alias jad='(jad.exe)&'
jadr() { ("jad.exe" "-d" "." "-s" "java" "-r" "**/*.class")& }

With the above, jad will execute ‘jad’ and ‘jadr’ will recursively decompile all Java class files in the current/sub folders.

So fond of fonts

Tuesday, October 6th, 2015

I can’t say that I’m in love with typography, but I do enjoy writing (code or otherwise) using a good editor and… a good looking font.

I’ve recently stumbled upon the Hack font, which has its roots in the open source world and derives from Bitstream Vera & DejaVu. I immediately liked it; it feels good to change stuff once in a while… :)  I might still choose to switch back to Consolas, but for now I’m very pleased with Hack and it gave me a reason to mess around with Bash yet again ^^.

Of course, this alone is not a sufficient justification for a blog post! As I’ve described in an earlier post, I always try to maximize the ‘portability’ of my development environment and overall configuration and changing fonts should be no exception ;-)

I do not install fonts manually in the OS; I prefer to put my fonts in a central folder of my CloudStation share (i.e., along with the rest of my configuration & tools) so that it gets replicated on all my devices (I also do the same with tons of other stuff including wallpapers).

A major issue with this is that customizing fonts can be done in plenty applications but each has its own specificities, either they give you a lot of control or you have to go through hoops to achieve what you want. More specifically, many applications will only allow you to select fonts that are available through the OS’s font system (i.e., that are registered) while others will require additional flags or even worse, will want you to copy the font files around.

Under Windows, installing new fonts requires administrator privileges due to the security risks (laugh all you want :p). Thus even if I was to register the fonts, I couldn’t do so at work which is a bummer.

Fortunately, there are programmatic ways to register fonts in a user’s session without administrator privileges. I’ve found two programs that can do this from the command line:

I’ve found regfont to be better  as it is a bit more *nix friendly, comes with a 64-bit executable and is less verbose than RegisterFont (it could use a –silent switch though). 

Using regfont, you can easily register a new font in your user session using the following:

regfont.exe --add cool.ttf

You can also add a complete folder in one go using a wildcard. As you might already know, I’m a bit of a bash fan, so indeed I added a few more aliases to my profile to automate the registration of my custom fonts whenever my bash profile is loaded. It adds a bit to the overall startup time but it’s still quite reasonable.

First things first, since I wanted to keep a clean organization in my fonts folder, I couldn’t use the wildcard flag of regfont as it doesn’t look for font files recursively. For this reason, I needed to find the files myself (using the find command) and execute regfont once for each file.

Since the find command returns *NIX paths, I needed to convert those to WIN* paths; this was easy enough with the help of StackOverflow (as always ^^):

winpath() {
	if [ ${#} -eq 0 ]; then
		: skip
	elif [ -f "$1" ]; then
		local dirname=$(dirname "$1")
		local basename=$(basename "$1")
		echo "$(cd "$dirname" && pwd -W)/$basename" \
		| sed \
		  -e 's|/|\\|g';
	elif [ -d "$1" ]; then
		echo "$(cd "$1" && pwd -W)" \
		| sed \
		  -e 's|/|\\|g';
	else
		echo "$1" \
		| sed \
		  -e 's|^/\(.\)/|\1:\\|g' \
		  -e 's|/|\\|g'
	fi
}

Later in my profile, I’ve added the following for registering the fonts:

export MY_FONTS_FOLDER=$CLOUDSTATION_HOME/Configuration/Dev/Fonts
...
export REGISTER_FONT_HOME=$TOOLS_HOME/RegisterFont
append_to_path $REGISTER_FONT_HOME

register_font(){ ("$REGISTER_FONT_HOME/regfont" "--add" "$1")& } # alternative "RegisterFont.exe" "add"
alias registerfont='register_font'
...
# Register all my fonts for the current user session
# Works also if the user is not local administrator
# Reference: http://www.dailygyan.com/2008/05/how-to-install-fonts-in-windows-without.html
register_fonts(){
	SAVEIFS=$IFS # save the internal field separator (IFS) (reference: http://bash.cyberciti.biz/guide/$IFS)
	IFS=$(echo -en "\n\b") # change it to newline
	fontsToRegister=`find $MY_FONTS_FOLDER -type f -name "*.ttf"` # recursively find all files matching the original extension

	for fontToRegister in $fontsToRegister; do
		fontToRegisterWinPath=`winpath $fontToRegister`
		#echo $fontToRegisterWinPath
		register_font $fontToRegister
	done
	unset fontToRegisterWinPath
	unset fontToRegister
	unset fontsToRegister
	IFS=$SAVEIFS # restore the internal field separator (IFS)
}

I then simply invoke the register_fonts function near the end of my profile, just before I call clear.

With this in place, whenever my profile is loaded, I know that my fonts are registered and usable in most applications.

Just as a side note, here’s how you can manually install a custom font for use with Java-based applications such as IntelliJ, WebStorm, Netbeans, etc: you need to copy the font files to the jre/jdk lib/fonts folder.

As a second side note, ConEmu will load the first ttf file it encounters in its folder and make that one available for use.

As a third and last side node, I couldn’t find a way to load a custom font with Sublime Text 3, it only seems to be able to list system-registered ones…

So.. which font are you most fond of?

 

Quelques conseils pour vos achats en ligne

Friday, August 28th, 2015

Je ne blogue pas souvent en français, mais une fois n’est pas coutume :)

Depuis quelques années, comme pas mal de gens, j’achète de plus en plus de choses sur le Web. Pas tellement que je sois contre les commerces locaux, mais simplement car la différence de prix est souvent très importante.

J’achète principalement sur Amazon.fr car c’est souvent là que je trouve les meilleurs prix pour ce dont j’ai besoin. Si vous comptez acheter en ligne, il y a quelques bons tuyaux à connaître.

Par exemple, si vous appréciez Amazon, il faut savoir qu’ils ont plusieurs sites en Europe comme Amazon.de, Amazon.es, Amazon.it, Amazon.co.uk, … et les prix des articles sont souvent différents (parfois même de manière substantielle) entre ceux-ci! Donc mon premier conseil c’est de vérifier avant d’acheter que le produit n’est pas moins cher sur l’un des autres sites d’Amazon. Il n’y a pas de frais supplémentaires en commandant là bas.

Notez que si la barrière de la langue vous empêche d’utiliser un des sites étrangers d’Amazon, Google Chrome peut traduire les pages automatiquement pour vous (c’est approximatif mais largement suffisant pour pouvoir retrouver son chemin).

Une autre chose à laquelle faire attention sur Amazon, c’est que c’est une plateforme de vente en ligne: la société Amazon permet à d’autres sociétés de vendre leurs produits sur leur site (un peu comme sur eBay). Ca a pour conséquence que les prix peuvent varier beaucoup d’un vendeur à un autre pour un seul et même produit. Quand c’est Amazon qui vend & expédie, c’est en général le moins cher. Sur la fiche d’un produit on peut voir les différentes offres pour un produit donné en cliquant sur le lien “xx neufs”:

Neufs-01

Ce qui vous amène à la page suivante où vous pouvez voir les différentes offres et ajouter celle qui vous intéresse dans le panier:

Neufs-02

Parfois, l’offre affichée au départ sur Amazon est celle d’un tiers car Amazon n’a plus l’objet en stock; dans ces cas là il vaut souvent mieux attendre qu’Amazon vende à nouveau le produit pour bénéficier d’un meilleur prix et éviter les frais de livraison car, en général, quand c’est Amazon qui vend & expédie, il n’y a pas de frais de port, ce qui est rarement le cas avec les autres vendeurs; mais bon tout dépend du prix :)

Il serait trop facile de dire qu’Amazon est toujours le moins cher; c’est souvent le cas, mais pas toujours et parfois il y a même des différences de prix importantes pour certains produits et à certaines périodes.

De plus les prix pour un produit donné varient parfois énormément dans le temps (sur de courtes périodes). Il existe une extension très pratique pour Google Chrome & Mozilla Firefox appelée Camelizer, qui permet de voir sur un graphique l’évolution des prix pour un produit donné; c’est très utile pour voir si le prix actuel est intéressant ou non :)

Dans tous les cas, il ne faut pas hésiter à faire le tour des commerces en ligne pour trouver le prix le plus intéressant, ça tombe sous le sens, mais le tout est encore de connaître les bonnes adresses…

Une autre extension indispensable pour un shopping en ligne efficace c’est Shoptimate qui peut vous mâcher le travail; si vous êtes sur la fiche d’un produit d’un site géré par l’extension, celle-ci cherchera automatiquement le prix de cet article sur les autres sites gérés qui le vendent. De plus elle vous indiquera directement s’il existe une meilleure offre ailleurs:

Shoptimate-01

Shoptimate-02

Dans l’exemple ci-dessus, le même produit est actuellement 100€ moins cher sur Amazon.de, comparé à Amazon.fr, ce qui est assez.. énorme ;-)

Toujours dans cet exemple, le site designere_fr a l’air d’être encore moins cher, mais là ne connaissant pas le site j’ai préféré rester sur l’offre d’Amazon. J’imagine que ce site est digne de confiance puisque Shoptimate le propose, mais comme on dit, prudence est mère de sûreté ^^.

En parlant de sûreté, je vous conseille d’éviter les sites peu connus pour commander en ligne. Si certains vendeurs sur eBay vendent des produits neufs, ils ne sont pas nécessairement tous fiables; il en va de même pour certains sites de e-commerce… Méfiez-vous aussi des résultats de recherches Google quand vous cherchez un produit, c’est rempli de sites à éviter.

Aussi, quand j’achète sur un autre site qu’Amazon, en général j’essaie d’utiliser Paypal si possible; ça me permet d’éviter d’envoyer les informations de ma carte de crédit à tout va. Sur Paypal on l’enregistre une seule fois et les informations de la carte ne sont jamais dévoilées au site où l’on fait ses achats. En plus de ça il est même possible de faire des achats en ligne sans carte de crédit grâce à Paypal, le seul bémol étant que tous les sites de e-commerce ne supportent pas Paypal.

Je pourrais écrire un bon paquet d’articles au niveau de la sécurité informatique, mais ça sera pour une prochaine fois ^^.

Personnellement, ma liste de boutiques en ligne est assez restreinte:

  • Amazon: un peu de tout & souvent les meilleurs prix
  • bol.com: un peu de tout & parfois des prix très très bas sur certains produits (e.g., 500€ de différence sur le prix de mes enceintes!!)
  • Philibert: Jeux de société (meilleurs prix)
  • LDLC: matériel informatique & smartphones & hi-fi (très souvent plus cher)
  • Rue du Commerce: matériel informatique, smartphones & hi-fi (souvent plus cher)
  • Rue Montgallet: idem
  • Photo Erhardt: matériel photo (Allemagne)
  • Sarenza: vêtements & chaussures
  • ZooPlus: nourriture pour animaux
  • eBay: composants électroniques seulement ou trucs introuvables à l’état neuf
  • Seeed Studio: composants électroniques
  • f-mobile: Smartphones & co (parfois moins cher)

Si vous connaissez d’autres sites ou avez des tuyaux à partager, n’hésitez pas =)

Use bash to open the Windows File Explorer at some location

Wednesday, August 26th, 2015

TL;DR: don’t bother clicking your way through the Windows File Explorer, use bash functions instead! :)

I’ve already blogged in quite some length about my current Windows dev environment and I’ve put enough emphasis on the fact that bash is at the center of my workflow, together with my bash profile & more recently with ConEMU.

I continually improve my bash profile as I discover new things I can do with it, and this post is in that vein.

I often find myself opening the Windows File Explorer (Win + e) to get at some location; for that purpose, I simply pin the often used locations in the ‘Quick access’ list, although that means that I have to go the ‘click-click-click-click’ route and as we know, one can be much more efficient using only the keyboard.

To quickly open the File Explorer at locations I often need to open (e.g., my downloads folder, my movies folder & whatnot), I’ve created the following utility function & aliases:

# Aliases to open the Windows File Explorer at the current location
alias explore='explorer .' # open file explorer here
alias e='explore'
alias E='explore'

# Open File Explorer at the given location
# The location can be a path or UNC (with / rather than \)
# Examples
# openFileExplorerAt //192.168.0.1/downloads
# openFileExplorerAt /c/downloads
# openFileExplorerAt c:/downloads
openFileExplorerAt(){
 pushd $1
 explore
 popd
}

The ‘explore’ alias simply opens the Windows File Explorer at the current shell location while the ‘openFileExplorerAt’ function goes to the path given in argument and opens the File Explorer before going back to the previous shell location.

With the above, I’m able to define functions such as the one below that opens my downloads folder directly:

downloads(){
	openFileExplorerAt //nas.tnt.local/downloads
}

And since i’m THAT lazy, I just alias that to ‘dl’ ^^.

That’s it! :)

Additional Windows 10 Configuration Tips

Wednesday, August 26th, 2015

I’ve recently blogged about my Windows 10 configuration. In this post I’ll list some additional things that I could disable/tweak/configure using a new application called W10Privacy.

If you haven’t read the first part, then I recommend you to do so first as it has some interesting tips in store for you :)

First, you need to download the application here. Once downloaded, you should uncompress it and run it with administrator privileges. To have access to the list of System applications, you can also download PSExec and place the executable in the folder where W10Privacy is located.

Here’s what I’ve configured using that tool (knowing that my configuration already covers many of the settings it provides):

  • Privacy
    • Turn off SmartScreen Filter to check web content (URLs) that Windows Store apps use
    • Disable sending of information on writing behavior
    • Disable location for this device
    • Disable asking for Feedback
    • Disable the AutoLogger
    • Block Microsoft server, to which telemetry data will be sent (in the hope that this setting has additional domain names to block)
  • Search
    • Do not search online and do not include web results
    • Disable the retrieve of Bing search suggestions and web results (applies only to the actual user)
  • Network
    • Do not connect to proposed public hotspots
    • Do not connect to wireless networks shared by my contacts
    • Do not share my networks with my Outlook.com contacts
    • Do not share my networks with my Skype contacts (w t f)
    • Do not share my networks with my Facebook contacts (w t f)
  •  Explorer
    • Remove search option on the taskbar (searching by Windows key + Q is still possible)
    • File Explorer opens at “This PC” instead of “Quick Access”
    • Show a desktop icon for “Computer”
    • Show extensions for known file types in File Explorer
    • Show hidden files, folders or drives in File Explorer
    • Show protected operating system files in File Explorer
    • Turn off Windows SmartScreen
    • Remove “- Shortcut” suffix from future shortcut file names (w00t!)
  • Services
    • Disable Windows Diagnostics Tracking Service – reboot required!
  • Edge
    • Send “Do Not Track” requests
    • Do not help me protect me from malicious sites and downloads with SmartScreen Filter
  • OneDrive
    • Do not start OneDrive automatically when I sign in to Windows
    • Remove OneDrive from the File Explorer sidebar in Windows 10
  • Tasks
    • Disable the task “Microsoft Compatibility Appraiser”
    • Disable the task “ProgramDataUpdater”
    • Disable the task “Proxy”
    • Disable the task “Consolidator”
    • Disable the task “KernerlCeip Task”
    • Disable the task “UsbCeip”
    • Disable the task “Microsoft-Windows-DiskDiagnosticDataCollector”
    • Disable the task “DmClient”
    • Disable the task “FamilySafetyMonitor”
    • Disable the task “FamilySafetyRefresh”
    • Disable the task “SmartScreenSpecific”
  • Tweaks
    • Disable automatic restart, the user is instead asked to plan a restart
    • Disable updates for other Microsoft products on Windows Update (e.g., office, etc)
    • Updates and apps will no longer be distributed to other clients (disables the lower switch) (i.e., my bandwidth is my own)
    • Distribute updates and apps only on the local network (disables upper switch)
  • Background-Apps
    • Disable background functionality for … (ALL THE DAMN APPS!)
  • User-Apps
    • Uninstall the following:
      • Money
      • News
      • Sports
      • Weather
      • First Steps
      • Get Office
      • OneNote
      • Skype download
      • Groove-Musik
      • Movies and TV shows
      • Maps
      • companion phone

As you can see, W10Privacy has quite a lot of nice features. I know that disabling the privacy related features will not protect my privacy much more than it currently is (i.e., it ain’t), but it can’t do harm either and at worst it’ll just save me some CPU cycles.. ;-)

Chrome Extensions that rock

Friday, August 14th, 2015

TL;DR: I can’t live without browser extensions, here are my favourite ones

Most if not all power users rely on the presence of a number of browser extensions to satisfy their specific needs/lunacies. The fact that Internet Explorer never provided an easy/accessible way to develop & deploy extensions is one of the many reasons why it was never my default Web browser (apart from when Microsoft forced my hand with OS upgrades…).

Fortunately for us, modern Web browsers (apart from MS Edge) are very customizable and major ones such as Google Chrome & Firefox have huge catalogs of extensions. The difficulty that remains for us is to find the truly great extensions among the huge number of crappy and plain evil ones ;-)

I’ve switched from Firefox to Chrome at the time Chrome came out and was blazingly fast and I haven’t taken a look back ever since (even if I know I probably should), hence I’ll only list the Google Chrome extensions that I use, although there are counterparts for most of the ones I’m about to mention.

So here’s my current list, in no particular order:

  • uBlock Origin: efficient AD blocker. If you need but one extension then it must be this one (light CPU/memory usage)
  • Personal Blocklist (by Google): if you want to block domains/hosts from appearing in your Google search results (e.g., shopping/comparison crap sites when you search for information about products)
  • Clickable Links: doesn’t it make you mad when websites display URLs without links? This extension fixes that automatically
  • ScriptSafe: if you want to stay in charge of what Web browser does
  • View Thru: if you’re concerned about what stands behind shortened URLs (e.g., bit.ly & the like)
  • Ghostery: if you care even a little about your privacy then this one should get your attention
  • Shoptimate: automatic price comparison: awesome extension to help you know if you’re getting the best price you can
  • The Camelizer: see historical pricing data and even get mails when prices drop
  • Page Eraser: sometimes there are things on Web pages that aren’t necessarily ads but that we just don’t care about/don’t wanna see. This extension will help you make them disappear.. for good :). I’ve developed a similar extension a while ago but I don’t maintain it anymore :p
  • Link2Clip: Copy all links in the copied text to your clipboard. Very useful when you don’t want to manually extract links from web pages
  • LinkClump: alternative that supports fast bookmarking
  • Docomplete: this extension enables autocomplete for password fields on websites that intentionally disable it (use this only if you know what that means.. ^^)
  • Lazarus: Form Recovery: automatically save everything you type in forms so that you can easily recover from timeouts, crashes & network errors
  • BehindTheOverlay: easily close overlays on any websites
  • iMacros for Chrome: automate tasks by recording/replaying macros
  • Gestures for Google Chrome: mouse gestures rock, just try it out
  • Desprotetor de Links: sometimes websites send you through link protectors & whatnot with tons of boring ads. If you’re like me then you’ll like this extension because it’ll help you go right through to the content you’re after
  • Fast Bookmark Scanner: scan your bookmarks & identify duplicate links, folders & empty ones
  • SuperSorter: alternative extension to fix your bookmarks
  • SmoothScroll: smooooooooooth scrolling is something you need even if you don’t know it yet
  • I’m a Gentleman: one click to save images
  • Neater Bookmarks: neat bookmarks tree popup with easy filtering
  • Session Buddy: save/load entire browsing sessions; useful for context switches
  • Session Manager: alternative for session management
  • Turn Off the Lights: fade the entire web page to dark in order to better appreciate videos
  • Capture Webpage Screenshot – FireShot: quickly capture a screenshot of an entire web page
  • Random Bookmark: this may sound dumb but if you have a huge backlog of bookmarks to check then this one can help :)
  • Scroll To Top: does what it says
  • Shut Up: lets you choose if comment sections should be visible or not
  • Live HTTP Headers: because it’s always useful to know what your browser is up to
  • Page Monitor: for times when you need to know as soon as a page has changed without killing your F5 key (e.g., that concert reservation page that’s about to go live)
  • Pastebin.com: put stuff on Pastebin.com easily
  • Enhanced Steam: dramatically improve the Steam website (highlight games you own, games on your wishlist, calculate bundle discounts based on the games you own, etc)
  • Play to Kodi: if you’re using XBMC errr Kodi then you need this extension to easily send content to your server
  • Google Cast: if you have a Google Chromecast, then you just need this
  • Language Immersion for Chrome: cool extension to immerse yourself in a new language. This extension switches certain words/phrases from English into a language of your choice and you can switch back and forth between the original & translated versions
  • Reddit Enhancement Suite: nice improvements for browsing Reddit
  • .torrent to Transmission: easily add torrents to Transmission (works with distant hosts as well; useful since Transmission runs on my NAS)
  • Better Usenet: if you’re a Usenet user then you’ll love this one; it adds a ton of improvements to Usenet related websites (e.g., Binnewz, Binsearch, NZBIndex, …)
  • Binnews Enhancer: another Usenet-specific extension that improves the Binnewz website
  • CouchPotato: if you use CouchPotato then you’ll like this one

Bonus: DO IT! (just in case you need some motivation

Voilà! Apart from a bunch of software development related ones, the extensions above are the ones I can’t live without!

Which ones do YOU rely on and why?