Domain: mozilla.org
Stories and comments across the archive that link to mozilla.org.
Comments · 17,579
-
Re:And you think the same for MS formats?
> Care to stand up for your words, and file a bug against
> Firefox to add ActiveX support?I don't need it. If your point was to show that Mozilla rejected such a bug, why didn't you just post a link? BTW, you picked a really bad example. It's obvious that the Firefox developers might understand that not having ActiveX support limits Firefox's interoperability with respect to Internet Explorer, but they might have good reasons to decide not to implement it anyway (for example: [1] ActiveX vulnerabilities have been some of the most exploited security holes in the history of the Internet; [2] there is no way to support it under non-Windows operating systems). (There is an experimental plugin which adds that, if you are really interested.)
> If, in practice, it turns out that all existing ODF solutions in fact
> implement a not-quite-compatible, effectively "proprietary" dialect of
> ODF, then someone has clearly failed somewhere.Perhaps. If ODF were already perfect then they wouldn't have to work on version 1.2. The fact that it isn't perfect doesn't mean that we should laud Microsoft for intentionally implementing the imperfect standard in a way which impedes interoperability. In fact, the contrary should be obvious. But then, there will always be fanboys, eh?
-
Re:Maybe it was bad back in 1996
Display only the full-size image. This hotlinking, and is considered worse than framing.
Err, no. Hotlinking means including content on a web page that's loaded from another site without permission. I think that the word and concept of "hotlinking" is completely retarded ("oh noes, someone's stealing my dataz on the intarweb!") but there it is.
If Google simply linked directly to the image instead of making you click through a link on a useless frame, I fail to see what harm would occur, except that website operators wouldn't get their precious pageview when someone found an image they were interested in via Google. The CustomizeGoogle Firefox extension has an option to automatically enable this behavior. The search results still have a link to the page where Google found the image, so no functionality is lost.
-
Re:Maybe it was bad back in 1996
That's what RefControl is for.
-
what would be required for a rewrite
After spending some time looking into this, here's some info I've collected about a possible fork or alternative tool.
There are intros here and here on how to write extensions for Firefox. You use javascript and XUL (an XML grammar that describes GUI widgets).
TFA has comments by Wladimir Palant saying "I have pity with anybody who tries to fork NoScript, the code is a huge mess. It is much better to rewrite it from scratch."
NoScript is actually pretty complex. It does a lot of complicated stuff to try to guard against XSS attacks, etc. It also has something called "surrogates." The idea is that some sites serve up ads, and use javascript to detect whether the ads have been served. If the ads haven't been served, then it uses javascript to prevent the content of the page from being displayed properly. Surrogates are scripts that set the same flags or whatever that would have been set by the ad script, making it appear that the ad has been served. This requires that Giorgio Maone engage in an arms race with the people whose sites do this kind of thing.
So AFAICT the only sane thing to do would be not to fork NoScript but to write an alternative version from scratch. At least initially, the alternative version should be nothing more than a whitelisting mechanism for javascript. If that was done, then one could look at whether to go on and reproduce the security and surrogates stuff that NoScript has. My guess would be that that would simply be a bad idea. Better to avoid the bloat, and also to avoid the situation where one has to spend a huge amount of time actively maintaining it. I'm guessing that the reason Maone feels justified in his actions is that he really does have to devote a lot of time to actively tending all the bells and whistles, and that suggests that the OSS model may just not be well suited to biting off that much. Eliminating surrogates would break some sites, but only those that use aggressive measures to try to force you to view their ads.
If you look on the NoScript forums and FAQ, there seems to be a huge amount of support work involved. Someone reports that some feature on foo.com breaks, and then Maone has to look into it and see if that's really a bug in NoScript. The need for intensive support is probably another thing driving Maone's sense of entitlement to his ad revenue, and it's probably another good reason that an alternative project should avoid all the fancy stuff and just concentrate on making a simple and well-designed whitelist for javascript.
I've clicked around for a long time on the noscript site trying to find the source code, and I can't find it. I've seen posts by others here on slashdot saying the same thing. It must be publicly available somewhere, but I'm darned if I can find it.
-
YesScript
If all you want to do is block a handful of specific sites I would recommend YesScript https://addons.mozilla.org/en-US/firefox/addon/4922 its essentially the exact opposite of Noscript (blacklisting instead of whitelisting) without the constant annoying updates.
-
Uninstalled it but...
This was one of the reasons I just uninstalled NoScript a few hours ago, but the main reason I did it is because this story made me check the NoScript source code, and it is a mess.
I decided to look for a replacement and found YesScript (it works as a sites blacklist), after looking the code I found that it uses Mozilla Configurable Security Policies. Too bad CSPs only allow or disallow javascripts by site, and the sameOrigin policy does not works for "*.javascript.enabled"
-
Re:Its GPL licenced, someone should fork it.
A quick and simple UI for controlling script and cookie permissions on a per-site basis should be part of the basic Firefox browser. You shouldn't have to install add-ons just to make it workable to allow scripting and cookies only when they're necessary, and protect your privacy the rest of the time.
Sadly, the developers of Firefox are never going to make it easy, probably because it would annoy too many advertisers and other corporations who have a vested interest in being able to track Joe Sixpack via cookies and hijack his browser via scripting.
-
Re:This suddenly explains a lot
I barely use noscript, except on 1 site, I'll wait for someone else to make an addon which doesn't piss me off, or simply tolerate the minor annoyance of that one site.
Then I guess YesScript might be closer to what you want.
-
Alternative extension
There's an extension called requestPolicy that seems to be a viable alternative to those who are no longer willing to use NoScript: https://addons.mozilla.org/en-US/firefox/addon/9727/ As the addons page says, it's still experimental/not publicly vetted, so "take this with a grain of salt," "caveat emptor," etc...
-
Re:Sleazy and disgraceful
This behaviour is disgraceful, and Noscript should be blocked by Mozilla (is this possible?...
Yes, read the Addons.Mozilla.Org policy page. All versions of add-ons are supposed to start out in the the Sandbox for review before they can go into the Public area. They can just as easily be kicked-back into the Sandbox if it's later shown that there's something wrong with them.
I heartily recommend that you file a complaint with the AMO editors, amo-editors_atsymbol_mozilla.org, since NoScript is clearly violating the following rule:
Do the add-on and add-on author both treat the user respectfully?
Your software should not intrude on the user unnecessarily, try to trick the user, or conceal any of its activities from the user.How the obfuscated code in NoScript's content/noscript/MRD.js file got through the Sandbox review process is a question I'd like to see answered - perhaps only the initial add-on versions are reviewed and then updates get fast-tracked. AMO reviewers are all unpaid volunteers and are probably overwhelmed by the number of submissions, so this wouldn't surprise me.
-
Re:In related news...
I browse in Linux but personally I hate the idea that my browser is giving away any information beyond the rendering engine and locale information, as such my user-agent is along the lines of Mozilla/5.0 (compatible;U;en-gb). I would recommend the firefox plugin used for this to others too.
-
Re:Because we run Linux
Dragonfly = Firebug (http://www.w3schools.com/browsers/browsers_opera.asp)... well, kinda. But it's a step in the right direction.
Right on point with YSlow.
ColorZilla > ColorPicker IMHO
Also check out "Web Developer" by Chris Pederick - https://addons.mozilla.org/en-US/firefox/addon/60.
Opera's "shiny stuff" is nice, but for srs business - FF FTW. -
FF and SVG fonts
"what is Firefox doing? Making Javascript faster instead of working on SVG fonts"
It says here on this Mozilla SVG Project site that Firefox can render SVG fonts since version 1.5
--
trawl.bugzilla.troll.slashdot -
Re:Just fix FF's stability damnit
It's not normal for either Firefox 3.0.x or 3.5 beta to crash on ajax sites. If you are getting crashes, look up your crash reports and search for your crash signature on Bugzilla.
Plugin crashes (eg. flash) are among the most common, but corrupt files and spyware on Windows machines have also been known to cause them. If you are getting a specific crash that can be reproduced, either file a bug or comment on an existing bug with details. -
Re:middle clicking to close last tab
https://bugzilla.mozilla.org/show_bug.cgi?id=486393 (one of the bug reports. there are several (open and closed) if you search for closeWindowWithLastTab in bugzilla.
-
Really?
As I appear into my crystal ball, I see that Firefox 3.5 is released and still achieves 93/100. Wow, I'm a psychic!
Ffx 3.1/3.5 has been sitting at 93/100 for over 6 months, and the devs have stated *numerous* times that achieving 100/100 on Acid3 is NOT a priority for the 3.5 release, largely because implementing SVG fonts (https://bugzilla.mozilla.org/show_bug.cgi?id=119490/) for the purpose of passing those last few Acid3 tests is a much lower priority than other things they're working on (like javascript JIT). Why your summary of the 3.5b4 release focuses on something that literally hasn't changed in several beta releases is beyond me.
So, can we please move on now or are you going to switch to Safari because of that newfangled Youtube interface that implements SVG fonts? Oh sorry, I was looking into my crystal ball again and saw the web circa 2025.
-
Re:GPL is a hindrance
The core of Firefox, Mozilla, is actually tri-licensed. Mozilla Public License, GPL or LGPL.... take your pick.
-
Re:Can we always kill javascript?
"Programatically clone a page to the end of the document."
Autopager
https://addons.mozilla.org/en-US/firefox/addon/4925
"Orgasmic."Repagination
https://addons.mozilla.org/en-US/firefox/addon/2099
"Genius."I use both in tandem. Repagination is more manual, Autopager is more automatic, both useful at different times. I assume this is what he's referring to anyway. I know there are some web pages that can do this without requiring a mod, like, oh say Slashdot! If you try the beta homepage and scroll to the bottom it will automatically add in the previous day's entries: http://slashdot.org/index2.pl
-
Re:Can we always kill javascript?
"Programatically clone a page to the end of the document."
Autopager
https://addons.mozilla.org/en-US/firefox/addon/4925
"Orgasmic."Repagination
https://addons.mozilla.org/en-US/firefox/addon/2099
"Genius."I use both in tandem. Repagination is more manual, Autopager is more automatic, both useful at different times. I assume this is what he's referring to anyway. I know there are some web pages that can do this without requiring a mod, like, oh say Slashdot! If you try the beta homepage and scroll to the bottom it will automatically add in the previous day's entries: http://slashdot.org/index2.pl
-
Re:Yes, why post this?
Well, for one thing, javascript isn't putting databases or storage on the client, maybe you mistyped that.
This is something introduced in Firefox 3, and I think other browsers are going to do the same.
-
Mozilla thinks disagrees with EFF's stance
Mozilla thinks the same way as Wikimedia and obviously disagrees with EFF.
From the official Mozilla/Firefox Trademark Policy
Domain Names
If you want to include all or part of a Mozilla trademark in a domain name, you have to receive written permission from Mozilla. People naturally associate domain names with organizations whose names sound similar. Almost any use of a Mozilla trademark in a domain name is likely to confuse consumers, thus running afoul of the overarching requirement that any use of a Mozilla trademark be non-confusing. If you would like to build a Mozilla, Firefox Internet browser or Thunderbird e-mail client promotional site for your region, we encourage you to join an existing official localization project. -
Free WSJ access!
WSJ gives free access to premium content is you are being redirected from google, facebook, digg etc. Here is a dirty little secret. The entire content on WSJ is available to you for free, if you can trick WSJ into believing that you have been directed to their webpage via digg.com!
Step1) Use firefox
Step2) Install refspoof http://refspoof.mozdev.org/
Step3) Install greasemonkey https://addons.mozilla.org/en-US/firefox/addon/748
Step4) Install this script in greasemonkey http://userscripts.org/scripts/show/42134
Step5) Profit!! -
Re:Advertisement
Ads? What ads?
Oh... right, not everybody uses adblock.
-
Re:Already there
Like Firefox? They've perfected the way they do updates.
Unless you use Windows XP and don't run as administrator.
Updates don't work for non-administrator accounts. This resulted failures where an update had been downloaded but could not be applied.
The Firefox developers "fixed" this issue by not even notifying the user when updates are available.
-
Re:Did any one else read that as...
Or you can use this extension https://addons.mozilla.org/en-US/firefox/addon/9549
-
Re:I2P vs TOR
look into linky https://addons.mozilla.org/en-US/firefox/addon/425
-
Re:Fatima
I agree, cutting and pasting URLs is for suckers.
lol wut? try this one: https://addons.mozilla.org/en-US/firefox/addon/190
no right-click BS. 800,000 people (vs. 100,000) can't be wrong.
-
Re:Fatima
I agree, cutting and pasting URLs is for suckers.
lol wut? try this one: https://addons.mozilla.org/en-US/firefox/addon/190
no right-click BS. 800,000 people (vs. 100,000) can't be wrong.
-
Re:Fatima
I agree, cutting and pasting URLs is for suckers.
-
Re:Good
Chromifox makes firefox look a lot like Chrome. Chrome is a nice toy, but it's UI is pretty lacking when you want to do something like maximize screen space on a 1024x600 screen.
-
Re:Dropping a big selling point!
And you still think it's worth it to spend effort on supporting Windows 9x, at the cost of fixing bugs and optimizing the software?
Nope. Instead, I think it's worth spending time and effort on keeping the current Win 2k and older service pack Win XP support at the cost of not doing things like Taskfox.
Indeed, I'd suggest that restoring support for Windows 9x and NT, for earlier versions of Mac OS than 10.4, and even trying to port Firefox to run directly on FreeDOS all make a whole lot more sense than overloading the address bar even further than the Awfulbar. (I mean, seriously. When does the search box get merged back in to the address bar? At least that has a relationship with web page addresses, unlike the Taskfox Use Cases.)
-
Re:have your own domain-get universal forwarding
I have my own domain- EVERYONE except family gets a different email address.
I do this too, and Thunderbird's Virtual Identity extension automatically fills in your correct FROM address when you enter the TO address. It's great:
https://addons.mozilla.org/en-US/thunderbird/addon/594I have filed two bugs at KDE asking for similar features in Kmail, but the developer's opinion seems to be that this method is too "specialized" and nobody uses it. Please comment on these two bugs to get this built into Kmail:
Use receiving email address on reply (not identity-based)
Store per-contact From address in addressbook and use it in composer -
E-mail is Preferable, it can be Filtered
Although it would be best if email marketers were simply swallowed by the earth and sent directly to wherever it is the bad people go, if they are going to continue annoying us then I would prefer that it be through email and not postal mail. At least with email they are competing on our playing field where we have a decisive technical advantage in filtering. If the choice is between them stuffing my post box with paper or trying to stuff my inbox with spam (they will fail due to ThunderBayes among others. What's the word? Thunderbird) then I say bring on the spam, we are ready.
-
Re:Annoyance
Are you red-green colourblind? If so, you can probably pass most captchas if you either separate out the colour channels or even just rotate them (e.g. swap red and blue). A few graphics packages come with tools to do this kind of transforms for arbitrary bits of the screen, and you could easily use something like the Gimp to do it on a screenshot, but with the canvas tag it would probably be relatively easy to do as a FireFox plugin as well.
This seemed so obvious I wondered if someone else had thought of it first and implemented it, and It turns out that they had.
-
Re:The extensions you need for Firefox.
I would also suggest Better Privacy to get rid of those worthless LSO "cookies" that websites using Flash add, and Flash pretending to delete them via the Flash control panel, but really doesn't. Flashblock does not prevent these "cookies" from being put on your computer either, and neither does NoScript. Just having the Flash plugin installed/enabled for your browser allows a site to set one.
I have storage set to 0kb, etc in the Flash control panel, but these things still get set. Quite often the query contained (other than the current Flash meta-data) is "What has this browser last shown via Flash?" IMHO, nunya f'ing beeswax.
-
Re:ironic...
Already done.
-
Re:Too bad the CPU isn't the only thing drawing po
Google was contemplating compiling JavaScript to pure native code in a story I read here on
/. a while back, but how well they would maintain this for both x86 AND ARM remains another story,Yeah, God knows that nobody who has a browser that runs on x86 and a variant that runs on ARM has ever thought about compiling JavaScript to native code, and that Google haven't done more than just contemplate making a JavaScript engine that translates to machine code, much less made versions for both x86 and ARM, and, of course, the Firefox people haven't done anything like that, either.
-
Re:Dumb question here
-
Re:It's stories like this
Sounds like you need Slashdotter: https://addons.mozilla.org/en-US/firefox/addon/2175
-
Re:Oh well
With this extension you can relive OMG!!! Ponies!!! every day. Just go into the options and change the default style to OMG!!! Ponies!!!
-
Re:OMG Ponies
don't worry, https://addons.mozilla.org/en-US/firefox/addon/2175 has the classic pink theme, for great justice.
-
IETab for IE 8.1
Can I run IE Tab on Internet Explorer and make the world explode?
-
No, just fix your browser
With adblock plus or noscript. Either will do the trick, running both I had to do some work to see the add you're talking about. That's firefox.
Opera will let you block the content too, if you prefer that.
-
No, just fix your browser
With adblock plus or noscript. Either will do the trick, running both I had to do some work to see the add you're talking about. That's firefox.
Opera will let you block the content too, if you prefer that.
-
Vimperator?!
Without reading TFA, I think this addon already provides much of the functionality.
-
The nature of Open Source
It is very cyclic as you say, but its actually more like a Genetic Algorithm. Someone first writes some code that does what they need, and then someone else modifies it for additional features they want. Other people start using various versions and the one that satisfies the most situations becomes dominant. Eventually this goes a step too far and a new modification is made and splinters off the main trunk, and depending on what that new version does differently it may become the dominant version. For example, we started with Gopher, Mosaic, Netscape, Mozilla, then Firefox. Seamonkey appears to be the kitchen sink replacement for the original Mozilla while Firefox was the lighter weight version. Other lighter weight browsers (e.g. http://www.mozilla.org/projects/mozilla-based.html ) in the family come and go depending on how much support they get, which of course depends entirely on its user base.
-
Re:screenshots
I followed Ubiquity for a while, and a lot of people thought that it was what you say, an extension of bookmarks. Thing is, the main idea of Ubiquity - at least when I was using it - is subscribing to commands. These commands took keywords and could be chained together, so instead of 'map cleveland street london' you use 'map sushi on cleveland street london near theatre', and the hopefully well-written command pulls up a map of that sushi place on Cleveland Street near the theatre and insets a review. I wrote one that provided a list of links to the newest Slashdot articles. I saw another that displayed the newest xkcd comic, and could search the archives through OhNoRobot. (See: https://wiki.mozilla.org/Labs/Ubiquity/Commands_In_The_Wild)
Ubiquity tends to get overlooked by people who start out with "It's just x" or "x does the same thing".
-
Re:10.3 has universal binaries
Why drop support of their previous major version?
'Cause they don't have the manpower and/or money to support the previous major version?
They could at least provide security updates.
I daresay that they did just this for roughly six months after FF 3.0 was released.
https://wiki.mozilla.org/ReleaseRoadmap -
Not that quick, actually
I'm surprised that nobody has mentioned that the XSL issue was reported 5 months ago, and it had a patch ready to go 4 months ago. Why was a critical issue with a two-line patch not fixed immediately? A better question - if the "bad guys" searched bugzilla for unfixed critical issues, how long would it take them to strike gold?
-
Not that quick, actually
I'm surprised that nobody has mentioned that the XSL issue was reported 5 months ago, and it had a patch ready to go 4 months ago. Why was a critical issue with a two-line patch not fixed immediately? A better question - if the "bad guys" searched bugzilla for unfixed critical issues, how long would it take them to strike gold?