Slashdot Mirror

You can create a custom browser user agent .

(Reposting, logged in this time.)

If you're using Firefox then this bug is/will be fixed in Firefox 3.6, so that it will report the correct website when things are slow instead of saying "Waiting for *.google-analytics.com. See https://bugzilla.mozilla.org/show_bug.cgi?id=487638 for the details; "status bar blames wrong resource when downloading slow responding resource" is the title of that bug.

If you're using other browser(s), let me know which.

Full disclosure: Google is my employer (and I care about making sure Google Analytics isn't slow).

I am surprised that so many Slashdot users are actually waiting on ads. Why bother with them at all when you can run AdBlock, NoScript, and Flashblock to remove them? I have absolutely no qualms about doing this; the advertisers don't respect us so why should we respect them? Internet ads are for neophytes and chumps, not those with the knowledge and skill to evade them.

I am surprised that so many Slashdot users are actually waiting on ads. Why bother with them at all when you can run AdBlock, NoScript, and Flashblock to remove them? I have absolutely no qualms about doing this; the advertisers don't respect us so why should we respect them? Internet ads are for neophytes and chumps, not those with the knowledge and skill to evade them.

I am surprised that so many Slashdot users are actually waiting on ads. Why bother with them at all when you can run AdBlock, NoScript, and Flashblock to remove them? I have absolutely no qualms about doing this; the advertisers don't respect us so why should we respect them? Internet ads are for neophytes and chumps, not those with the knowledge and skill to evade them.

NoScript is great for this.

https://addons.mozilla.org/en-US/firefox/addon/722

If you use Firefox, upgrade to version 3.5+ and install Better Privacy and you can blow away these nasties (each one can be up to 100kb binary data by default, with no expiration, ever), which btw are OS- and browser-independent. You will be shocked at the baggage they've saddled you with till now...

Thanks for the tip - I am installing it right now.

I have FlashBlock, but that doesn't stop sites from using Flash cookies, whether or not a flash movie is even played.

If you use Firefox, upgrade to version 3.5+ and install Better Privacy and you can blow away these nasties (each one can be up to 100kb binary data by default, with no expiration, ever), which btw are OS- and browser-independent. You will be shocked at the baggage they've saddled you with till now...

Top 3 addins for privacy: Better Privacy, AdBlock Plus, and NoScript, hands down imo.

You said you don't have anything at home to tunnel through. Assuming that VPN really isn't a viable option, you can use ssh with a hosting provider like dreamhost (or a buddy's state-side server) to run a SOCKS proxy. The downside is that whatever app you're running (afaik) needs to understand how to use a SOCKS proxy, which Firefox/Safari/IE all do, as well as several of the more well-known IM apps like GAIM.

from your local system: $ ssh -D1080 yourserver.dreamhost.com (or use PuTTY if you're on windows, and set up a dynamic port forward)

If you're in OS X, use your system>network settings to set up a global SOCKS proxy, which Safari will automagically use. If you're in Windows, use Firefox's proxy settings (Tools > Options > Advanced > Network > Settings > Manual Proxy Config)

your SOCKS host is localhost, and the port is 1080 (or whatever you pick when you're creating the tunnel).

There are a couple of tricks to this. One is that you can't connect to anything as long as your settings specify to use a SOCKS proxy and the tunnel isn't open. For the places that have the "welcome to our intarweb access" redirects, you'll want to disable the SOCKS proxy settings until you get through that finished. Otherwise, you won't be able to open the tunnel, and it will appear as if you can't connect to anything. Firefox has a QuickProxy addon which makes this easier.

The second is that you can make sure that the proxy is active by a) visiting a "check my IP address" site to make sure it is showing up as your hosting provider or b) killing the tunnel and all web traffic should stop working.

more info

For example, the HTTP Referrer sent by my browser always gives the site its own homepage no matter what the actual referrer would have been

Want that. Is that a released add-on or did you just patch and recompile the source?

I use the FireFox addon RefControl to handle the HTTP Referrer.

With the web developer toolbar you can disable referrers.

The book is "in stock" in Amazon, and Invisible Hand showed me links to at least 4 other sites where they're selling it... So WTF?

After the search is where it gets better.

Not really. After re-branding Live Search as "Bing", to leave the baggage associated with the old name, they also struck a deal so that Bing is a front-end for Wolfram Alpha plus whatever Live Search might have had. So to get those results unmodified, you don't have to go through M$ filter, you can go straight to Wolfram Alpha skipping the middle man. Not difficult.

There are even meta-search engines that can cross-search both Google and Wolfram Alpha for you. For Firefox there is the Goofram add-on which lets you search both at the same time. If you're on Opera, Safari or Chromium, there are also search customization options there, too.

As a key product in a proprietary OS, why would you want to run nightly builds of IE? With Firefox my browser may be unstable, but at least the rest of my system stays stable, but with IE a lot of Windows components use Trident and that isn't going to be a good thing.

WebKit is heavily used in OS X too, AFAIK, but they still provide nightlies. It doesn't replace the existing version on your system, it's an extra one that you can manually run as part of specific programs. So you'd use the nightly build to test, but other programs would keep using the standard system build.

It also doesn't have to be called "Internet Explorer". It could be called something different, like "Trident Development Version" or something. Firefox nightlies are called Minefield.

Plus, with Firefox if you file a bug they appreciate that and generally fix it right away

You must have only filed really trivial or critical bugs, then. I've filed five bugs. One is WORKSFORME (turned out to be a broken font), one is DUPLICATE (to a bug rated critical and open since 2002), and the other three remain open. No project under the sun is able to fix most reported bugs quickly; there are just too many things to do.

WTF? Most companies don't release nightly builds of their software.

Not when it comes to web browsers. You can get nightlies from every single other major browser, except for IE.

• Firefox
• Safari (WebKit)
• Chrome (Chromium)
• Opera (ok weeklies, but still)

HTML 5 not a standard yet .... Like HTML 4 was not a standard until 2000, but supported in every browser well before this, including IE (with IE only extensions)

And IE *still* does not fully support ISO HTML (HTML 4.01) Nine years later .....

Neither does Mozilla/Firefox. In fact, they never will, because the Mozilla developers have chosen to not implement full support for col and colgroup by not supporting certain attributes on them, such as align.

I know you're joking, but Mozilla was already working on a hardware accelerated canvas system before IE. Even better, it will tie into OpenGL ES so someone could code a FPS engine into a web page.

https://wiki.mozilla.org/Canvas:3D

Xreal for instance is a pretty impressive engine coded in OpenGL ES.

http://www.xreal-project.net/

https://addons.mozilla.org/en-US/firefox/addon/2275

Bing could make it easy if they so cared. The OpenSearch specification allows adding a search to Firefox (and presumably IE7+) with a click. I've seen this applied on countless sites including Amazon, Yahoo, Twitter, Dictionary.com, and so on.

https://developer.mozilla.org/en/Creating_OpenSearch_plugins_for_Firefox

This is an old one, Same-origin violation with InstallTrigger callback, but there have been later errors in XPInstall. the whole installation mechanism is unnecessarily tricky.

I would like to turn the XPI installation mechanism off completely, and only install extensions by downloading them to the local file system and installing them explicitly from a command line or menu. There doesn't seem to be a way to do this.

Also, recently found was Chrome privilege escalation in XPCVariant::VariantDataToJS(), and a few other privilege escalation attacks in Chrome.

This kind of thing makes me wish there was a good alternate gecko-based browser on Windows, like Camino on the Mac, so the whole XPI/XUL/Chrome mess could be avoided.

This is an old one, Same-origin violation with InstallTrigger callback, but there have been later errors in XPInstall. the whole installation mechanism is unnecessarily tricky.

I would like to turn the XPI installation mechanism off completely, and only install extensions by downloading them to the local file system and installing them explicitly from a command line or menu. There doesn't seem to be a way to do this.

Also, recently found was Chrome privilege escalation in XPCVariant::VariantDataToJS(), and a few other privilege escalation attacks in Chrome.

This kind of thing makes me wish there was a good alternate gecko-based browser on Windows, like Camino on the Mac, so the whole XPI/XUL/Chrome mess could be avoided.

> "Components" = plugins.

No, "components"is very much not plug-ins. Plug-ins are binary object files that are loaded by the browser and interact with the browser via NPAPI. Components are either JavaScript or binary object files that interact with the browser via XPCOM. See https://developer.mozilla.org/en/Creating_XPCOM_Components for details.

A major difference is that NPAPI is a restricted API which allows plug-ins to make certain requests of the browser (and vice versa), while XPCOM is the internal object model of the browser and allows access to most of the browser objects (including direct access to the internal layout data structures in some cases, for binary components).

Another major difference is that NPAPI has a backwards-compatible ABI, while XPCOM in general does NOT. In particular, the ABI changes in various ways with every Gecko version, and a binary XPCOM component compiled against one Gecko version will almost certainly crash if run against a different one, unless it takes some not-that-trivial precautions to avoid that.

This last is the reason for the components white-list: a number of apps have been tossing binary object XPCOM components into the Firefox install directory, and as Firefox got more popular there have been more and more of these. The old behavior was to load the components from that directory (on the possibly-naive assumption that it's the Firefox install directory and hence components in there are part of Firefox). This caused serious problems when users started upgrading from Firefox 3.0 to Firefox 3.5, because suddenly components compiled against Gecko 1.9.0 were running against Gecko 1.9.1 ... and by and large crashing. Since it looks like convincing other software vendors to not mess with your install directory is not likely, the alternative approach of hardcoding the list of components to load was taken.

Someone who wants to install a binary XPCOM component can continue to do so in an extension, with the major difference there being that extensions have version compatibility checks performed; an extension that only claims to be compatible with Firefox 3.0 won't be loaded by Firefox 3.5.

Hope that makes things clearer.

Sure you can. You can wipe sites from the history (and thus from the location database) relatively easily.

You can begin typing, highlight a search result by hovering over it with the mouse, then press the Del key to remove that result.

You can also open the history tab, type something in Search, tab into the search results list, Ctrl-A to select all, and press the Del key to remove all of them.

Finally, you can add the HistoryBlock extension which silently prevents certain sites (domains or subdomains) from being added to the history, recently closed tabs, download manager history, cache, or cookies. Blocked domains or subdomains are hashed, so there is no incriminating list, although having the HistoryBlock extension may be incriminating by itself to some people.

Christian Anti-Porn 1.0.5.

Flee sexual immorality (1Co 6:18). Christian Anti-Porn will filter links and alert the user if any porn websites are clicked. This will not block but warn every Christian that he is going to crucify Jesus Christ again if he proceeds to such websites.

Now try changing the default in Firefox from Google to *anything* else.

Doesn't seem so difficult.

http://www.firefoxfacts.com/2008/01/13/change-default-search-in-firefox/

In your address bar, type in: “about:config”

Inside of the filter search box, type in:

browser.search.defaultenginename

Double click that entry (or right click and choose “Modify”) and then type in the name of the search engine you wish to have as the default search engine. It must be one that you already have installed and also make sure you type in the name correctly.

I'm not sure what it means to have a search engine installed. Ah, here's the results of a quick search:

https://addons.mozilla.org/en-US/firefox/browse/type:4

Looks like you just hit the "add to firefox" button.

I can't say whether this is easier or harder than IE, since I don't know IE. The little warning you see when you type "about:config" is a bit scary, I guess, but the procedure looks simple enough.

There's no need for something like awesomebar to be core, is there?

Apparently, this is something the Mozilla folks thought people would like--and, indeed, many do. When used properly, the AwesomeBar nearly lets you forget about bookmarks and history. I really miss this feature in other browsers or in computer labs with older versions of Firefox.

If you don't like it (or if you're just too set in your ways), you can tweak it do be Firefox 2-ish by changing some preferences--just Google it. Also, there is the oldbar extension.

... but thats because I am a halfway knowledgeable user that uses adblock, noscript, betterprivacy, use privately encrypted TOR when about (Iron Key) and only allow certain cookies....

First time I've heard of betterprivacy, which is VERY cool. Thanks for the tip. (Just a note: it seems, according to the BetterPrivacy addon summary, it will help ALL your browsers because LSO's like flash cookies are cross-browser, so deletion of these will generally make you much harder to track on all browsers as long as you (like me) launch FF once a day or so). Link to BetterPrivacy addon.

I've been charmed by Chrome and Safari, but plugins like this are hard to find on the other browsers... go FF!

Sorry, lack of AdBlock Plus or something similarly seamless/easy/efficient is a limitation of Chrome/Chromium, plain and simple.

FWIW, AdblockPlus on Ubuntu Firefox installs exactly like it does on Windows Firefox: like any other addon.
https://addons.mozilla.org/en-US/firefox/addon/1865

This helps:

BugMeNot 2.2

From a user perspective, a user that uses https://addons.mozilla.org/en-US/firefox/addon/2497 cookiemanager and for web sites that suck, no cookies for you. I don't really see a problem with requiring permission from the user to store a file on their computer for your use, after all I go through that process every time I browse the net and visit a web site for the first time added to that I also use http://noscript.net/ and no cookies definitely no scripts.

So should you be required to gain permission to run a script something which if often entails far greater risk than a simple limited size text file cookie. So web more web sites that didn't use script or cookies would certainly simplify my browsing time.

All browsers do content sniffing now -- apparently it's too difficult for server admins to configure MIME types. So in the example of an overloaded GIF, the browser sniffs the swf header and loads the flash plugin.

On Windows XP, Firefox cannot update itself when running in a non-admin account. (Bugzilla:407875)

This is only true if Firefox is installed in the default location under %ProgramFiles%.

A non-admin user can install Firefox anywhere they have write permission, and then updates work fine.

Use it.

That's called link pre-fetching and it has already been done.

I've found the best thing is to treat them like a corporation. Make sure their accounts are only user level, and either hold on to the Administrator password or make sure they know the real reason to use it. Done that with a few family friends I do work for and the amount of trouble i've had has dropped drastically.

Absolutely, I did this for my brother's machine, compared to my parents machine it's remained extremely tidy and worry free!

The only issue is Firefox updating. On Windows XP, Firefox cannot update itself when running in a non-admin account. (Bugzilla:407875) Probably means my brother is running a months-old Firefox..

Makes me wonder if Internet Explorer would actually be safer for him, at least it would get updated automatically.

How about trying Opera instead?

I've found the best thing is to treat them like a corporation. Make sure their accounts are only user level, and either hold on to the Administrator password or make sure they know the real reason to use it. Done that with a few family friends I do work for and the amount of trouble i've had has dropped drastically.

Absolutely, I did this for my brother's machine, compared to my parents machine it's remained extremely tidy and worry free!

The only issue is Firefox updating. On Windows XP, Firefox cannot update itself when running in a non-admin account. (Bugzilla:407875) Probably means my brother is running a months-old Firefox..

Makes me wonder if Internet Explorer would actually be safer for him, at least it would get updated automatically.

Unlike Microsoft, Mozilla has a Bugtracker, which tells everybody about each and every fixed problem... the report doesn't say how firefox' vulnerabilities were counted, but why would they bother counting Patches (which they have to for IE), if Bugzilla tells them everything they need in just minutes of selecting the report criteria?

That was what I was going to suggest. Passwordmaker has a Firefox Plugin, an Online Version (although you still need to remember your Master password and settings - Mine aren't the defaults obviously) and of course a downloadable Javascript implementation.

As long as your master password and settings are secure (I'm a bad person, I have my master password saved. It's in a truecrypt volume (with my entire FF profile), but still), you should be secure against any reasonable attack. My biggest problem is websites that either don't accept a genuinely secure password, or one that have password complexity requirements that the particular hash of master password and domain name doesn't quite match, but those are rare.

Pug

PasswordMaker is a great way to hash a master password with the URL of the website you are visiting. You only need to remember one or a few master passwords and have access to PasswordMaker. Passwordmaker supports several different hashing algorithyms as well as lots of other options, so you can customize the security of your passwords.

There's a firefox extension:
https://addons.mozilla.org/en-US/firefox/addon/469

There's an open source javascript passwordmaker for when you are on the road, it runs completely client side - and you can self-host it if you are paranoid:
http://passwordmaker.org/passwordmaker.html

And, theres an Android app in the Market as well.

Someone should make a plugin like this one: surfclarity but make it just filter out FoxNews and other NewsCorp results and name it "NoMurdoch" or "Block FoxNews" or some other blatant reference to blocking out FoxNews and then distribute it far and wide...

Could be the start of a whole new way to protest. Get enough people to install and you'll see a news story out of it - and that will get Mr. Murdoch's attention.

Of course you can, just install DownloadHelper addon for Firefox. But the thing about Flash being a crapfest is spot on.

Agreed, though this doesn't work with BBC iPlayer, shamefully. Which just won't run very well on a Netbook at 800mhz (which is normal speed on battery). Surprisingly, this is one time I've seen where Flash under Linux does it a lot better than Windows!

I still don't get back the pre-awesomebar behavior. When I type in a partial URL, it still shows me matches based on the text of the web page, not just the URL.

I've not tried this myself, so I can't confirm, but under about:config (or wherever you are changing it), check out: Browser.urlbar.richResults, browser.urlbar.matchOnlyTyped and/or browser.urlbar.default.behavior - some of this can be changed as easily as from Tools -> Options -> Privacy -> Location Bar.

Have you tried this extension?: Old Location Bar 1.8 - seems just what you're after really. Oh, and if you haven't already looked, the Mozilla KB is a nice place to start too.

Or I guess you could just downgrade or hack it out the source yourself? I really hope that some of this is some help! I hate it when apps change to something you don't enjoy! =)

do you have greasemonkey and other memory hog addons?

Ad-Block Plus, and AccuWeather. But the i-user does not use either, and her sessions are even bigger than mine (lots of windows open), including Yahoo! Mail.

And you should stop visiting websites that are a memory hog (i would count slashdot among them)

What? Why should I stop visiting them? Will that fix memory leaks in Firefox?

And could you also mention the platform you are in, iirc flash is available on x86-64

I did mention the platform I'm in: FreeBSD/amd64. Last I heard, 64-bit support for Flash was alpha-quality at best (not even on Windows), and certainly not available for FreeBSD...

And coming back to the point, i am not so sure a few more visits to google maps

Whatever it is, I think, I'm already close enough to justify a) clean up of memory leaks in the app (4Gb is the hard ceiling, even if RAM were free); and b) looking into stable and official port to 64-bit. Currently, I believe, all such builds are "local" — supported by the platform-specific maintainers (such as FreeBSD's ports-team). This will involve fixing an awful lot of bugs and buglets in various parts of the code — starting at the bottom with NSPR... Here is but one example...

Whenever the (singular) memory leak problem is mentioned, always mention the memory breakdown extension and built-in about:memory on trunk builds.

The difference is that you can't download an flv when it starts skipping or outright freezing (Which happens every day.)

Of course you can, just install DownloadHelper addon for Firefox.

But the thing about Flash being a crapfest is spot on.

I can't believe it will have been 5 years in December since supporters chipped in to place an ad in the NY Times. I'd definitely help place another one if only to get my name in the paper again! I hear the NY Times needs the revenue (*cough* adblock *cough*).

There's even a Firefox plugin that automatically adds the links for you.

DownloadHelper or FlashGot download flvs fine. Although of course if they're big files it takes forever.

Then again, you were probably being sarcastic. I can never tell.

DownloadHelper or FlashGot download flvs fine. Although of course if they're big files it takes forever.

Then again, you were probably being sarcastic. I can never tell.

There's ongoing work to add gstreamer backend support to Firefox, which (if you have gstreamer-ffmpeg installed) would let you use ffmpeg codecs. I'm not sure how well it's working; the bug is marked as blocking Gecko 1.9.2, which is going to be the rendering engine of 3.6, so maybe we'll see this in 3.6 when it comes out.