Slashdot Mirror

I seriously question the web expertise of anyone who snubs w3schools as a "terrible", "painful" resource for web development. If you are looking for a copy-paste reference of best practices, w3schools isn't it. Nor is w3schools.com a definitive guide. However, there isn't a resource that is more user-friendly than w3schools on many of the web topics.
http://www.w3schools.com/jsref/obj_location.asp V https://developer.mozilla.org/en-US/docs/DOM/window.location

Moreover, w3schools.com does a fantastic job in maintaining the big picture of web development by separating its components in its reference pages; DOM, JavaScript, CSS, HTML, etc..
Anyone stating otherwise is full of it. The tutorials, layout, and "Try it Out' execution environment are quick and fantastic for those not interested in reading a blog. 95% of the reference needed w3schools.com has. The other 5%, as a seasoned web developer you should see blog entries, quirksmode, msdn, mdn, etc. and/or investigate in an execution environment such as firebug.
The subtle nuances, nit-picky details, over-simplification, or the lack of mention of say "getBoundingClientRect" doesn't invalidate the awesomeness of w3schools, and it certainly doesn't make it suck. Mastering a topic shouldn't turn you into a snob.
I strongly recommend w3schools.com to anyone who wants to get a good grasp of web development without diving into the advanced topics or anyone who wants a quick reference look up.

Just my two cents!

The problem with Thunderbird is you can't push tasks to other people, which would probably be the #1 thing you want to do in a small business (delegation).

Seems like that's possible - just a matter of assigning which calendar it goes on, and with Lightening you can have multiple calendars. Of course, you might run into the issue where the Calendar software you are using doesn't support tasks. There is a bug open for Google Calendar Task Support though...and there is a plug-in - haven't tried it though.

That said, as a small business you're probably not doing a lot of that stuff on-line - you're probably doing it mostly in meetings where things will be a lot more fluid depending on needs, etc and you don't likely have a secretary that can go in and update everyone's electronic copies. So it's probably more productive to not do the on-line task management thing regardless of what you're using.

if the organisation or some other hardware company sold a super cheap board with open source federated social networking software on it and supported it they would do very well perhaps.

they are basically value adding.
its easy for people.
they buy the hardware, its delivered and they plug it in and then fill in a few details and thats it.

i really think this is the way to get it of the ground.

Raspberry Pi foundation of some other foundation can do this.

--

Other hardware makers will see it take off and can do the same.

---
Will there be forks by other hardware companies ? Sure there will.
But in order to be attractive to end users, people will buy a fork that is HTTP API compatible with the other forks.
I think one of the web standards is the Social API or something ??
https://wiki.mozilla.org/Labs/SocialAPI

If they dont, then there offering will be much less attractive.

Eventually things will just work,

g

Not sure if you noticed (try browsing with adblockplus and click "Open Blockable Items"), but Google is almost everywhere on the web in one way or another.

Whether it be via doubleclick, google analytics, or AJAX hosting, Google likely tracks about 90% of the sites you visit, and that's not counting your email to friends on gmail or the phone calls you unknowingly make to or receive from Google Voice subscribers. That's also not counting some of the services (like Chrome without privacy tweaks) that send almost 100% of the pages you visit in order to check for fraud or whatever.

To even attempt to avoid them, you can try using firefox with adblockplus with the EasyPrivacy+EasyList settings, but you still have to tweak it a little (like blocking google analytics and unchecking "Allow some non-intrusive advertising").

Not sure if you noticed (try browsing with adblockplus and click "Open Blockable Items"), but Google is almost everywhere on the web in one way or another.

Whether it be via doubleclick, google analytics, or AJAX hosting, Google likely tracks about 90% of the sites you visit, and that's not counting your email to friends on gmail or the phone calls you unknowingly make to or receive from Google Voice subscribers. That's also not counting some of the services (like Chrome without privacy tweaks) that send almost 100% of the pages you visit in order to check for fraud or whatever.

To even attempt to avoid them, you can try using firefox with adblockplus with the EasyPrivacy+EasyList settings, but you still have to tweak it a little (like blocking google analytics and unchecking "Allow some non-intrusive advertising").

Does Firefox ask for DNT to be enabled? No. You have to go to Tools>Options>Privacy and enable it.

http://support.mozilla.org/en-US/kb/how-do-i-turn-do-not-track-feature

Since it is OFF by default, tracking is allowed by default.

Now, whether or not this is the wishes of users, I have no idea. And I'm guessing any survey would have significant biases.

When implementing RESTful APIs, I've found this Firefox plugin to be quite useful. It allows you to use DELETE and PUT requests (amongst others) from your browser.

https://addons.mozilla.org/en-US/firefox/addon/restclient

Actually, it was ES4 (ES3 is implemented in all browsers, sorry for the misremembering there!) ; But: slashdot did a post a story on it dying. Short version: politics. Less short version: the type annotations and inference system were being pushed by people from the functional programming camp, and some of the other ECMAScript editors thought the features would be difficult for Javascript programmers and were ultimately useless (because there were existing, seriously more hackish ways, to achieve similar ends). I still think it would have been useful: at the very least the core language and libraries would have been well typed (and more clearly defined)... This mailing list post has a lot of details, but it's written from the side of the victors.

Suggestion: Add SmartReferer and Request Policy to that list. It's fairly simple to track using pure HTML and 1st party cookies.

SmartReferer - strips the HTTP_REFERER header from requests to third party webservers.

Request Policy - is essentially NoScript for all third party DOM elements. (It doesn't replace NoScript, as it's not specialized for Javascript.)

Suggestion: Add SmartReferer and Request Policy to that list. It's fairly simple to track using pure HTML and 1st party cookies.

SmartReferer - strips the HTTP_REFERER header from requests to third party webservers.

Request Policy - is essentially NoScript for all third party DOM elements. (It doesn't replace NoScript, as it's not specialized for Javascript.)

Adblock allows 'some ads' by default. I'm not recommending it. There's a fork Adblock Edge that is a fork in protest to the 'some ads' by default.

https://addons.mozilla.org/en-US/thunderbird/addon/adblock-edge/

Do these people really believe that advertising only works without tracking ?

Most of the things they do now, they can do without tracking:

https://air.mozilla.org/tracking-not-required/

I think your understanding is wrong. See https://blog.mozilla.org/blog/2012/07/02/firefox-mobile-os/ (yes, it's basically a press release, but it's a convenient one-stop shop for a list of people who have plans, theoretical or not, to ship Firefox OS devices).

[rant...]
5. Whoever came up with a six week release schedule needs to be placed into a monastery where they measure time by the seasons to gain some perspective. This places a heavy burden on enterprises and is a support burden. No other software product has this kind of release schedule and it goes against industry best practice.

Simmer down and go here:
http://www.mozilla.org/en-US/firefox/organizations/all.html

Why would you say that ? It can run on an Android Linux kernel or even the less obvious choice of running it on the Raspberry Pi:

https://developer.mozilla.org/en-US/docs/Mozilla/Boot_to_Gecko/B2G_build_prerequisites

http://www.tomshardware.com/news/Firefox-OS-Mozilla-Raspberry-Pi,16883.html

You did not read Slashdot yesterday ?:

http://mobile.slashdot.org/story/12/07/06/1551237/telefonica-shows-prototype-firefox-os-phone

The plan is to release a phone early next year:
http://crave.cnet.co.uk/mobiles/firefox-os-will-be-on-zte-phones-early-next-year-50009258/

I can't figure out how you got +5 interesting when the replies amount to "WTF are you talking about?"

As far as I can tell, this is the issue. Bug 368255 which was opened early 2007, and still has comments as of March of 2012.

I don't know for sure that's what slow turtle was talking about, and I can't tell from the bug discussion exactly what it means.

I don't know how to set the cookie to 0, or to set it to something random to make Google's data any more fishy than I already am making it (by searching for random terms from a safe dictionary at set intervals via a cron job and some scripting). And by safe I mean not likely to be on any watch list anywhere.

I have looked through enough of the Firefox codebase while bug-hunting for ReactOS that I am unwilling to investigate this further. It was a nightmare, and while I assume it has been cleaned up a bit, I fear going back there again.

For firefox, use this excellent add-on for white-listing sites to allow cookies. Block all cookies by default, then only click to allow when you need it (login, shopping cart, etc.) A few poorly-coded websites "require" cookies; luckily Cookie Monster has a "Temporary Allow" which lasts for the current browser instance - or until you "Revoke" the temporarily allowed cookies.

https://addons.mozilla.org/en-US/firefox/addon/cookie-monster/

Firefox also.

I wasnt insulting Debian, the second-oldest and one of the most respected distributions around. I do use it fairly often. I disagree with the underlying philosophy behind much of the system design (making the system reliant on a complicated database in order to track dependencies is creating a potentially massive problem to avoid very minor ones) but that doesnt mean that I see a 'bug' to report - Debian is a great distro. Just not my favourite. That's not a rant, or an attempt to report a bug, just a statement of fact with a little explanation.

Now, if you want to hear a rant about bugs, let's talk about Firefox. They have show stopper bugs that have been sitting ignored in bugzilla for 10 years now!

Thanks you! You just made my point! My laptop gets 8-15FPS while running this HTML5 web demo in H/W accel. Firefox. When I run the Native version of Cube I get over 100FPS.

Do you see the problem now? My laptop is much more powerful than that hardware they are targeting, but all of the built in and downloaded apps will be gimped by this HTML "technology".

For those of you interested, try it out yourself:
Cube 2: Sauerbraten:
http://cubeengine.com/files.php4
Firefox HTML5 Cube 2 port:
https://developer.mozilla.org/en-US/demos/detail/bananabread

https://wiki.mozilla.org/WebAPI

Exposing some new APIs via Javascript isn't black magic. Phone, SMS, Camera, WebRTC, WebGL, all Javascript APIs that exist and can be tested today and have been in the works for a year or more. All the hardware access you would want is available in Javascript (for sufficiently authorized apps, obviously).

Writing a Spotify client as an OpenWebApp in pure-javascript is quite possible today. Preferably using something like Opus for audio, of course.

https://wiki.mozilla.org/WebAPI

Exposing some new APIs via Javascript isn't black magic. Phone, SMS, Camera, WebRTC, WebGL, all Javascript APIs that exist and can be tested today and have been in the works for a year or more. All the hardware access you would want is available in Javascript (for sufficiently authorized apps, obviously).

Writing a Spotify client as an OpenWebApp in pure-javascript is quite possible today. Preferably using something like Opus for audio, of course.

Yes, kind of like Tizen and Windows 8 Metro too.

Although the difference is, all those platforms do have native applications. Boot2Gecko really is just Linux kernel and some userspace code to talk to hardware (think of: wpa_supplicant) and their browser core:

https://wiki.mozilla.org/B2G/Architecture

I believe these devices are called "Otoro", because that is what it says on this page:

"Otoro
        Otoro is a phone being used as a test and development platform as a low-to-midrange smartphone. Most core Firefox OS developers are working on Otoro."

https://developer.mozilla.org/en-US/docs/Mozilla/Boot_to_Gecko/B2G_build_prerequisites

These people are just being alarmist.

You can even do targetted ads without tracking:

https://air.mozilla.org/tracking-not-required/

You can visualize that with the Firefox plugin Collusion

Those of us with extensible browsers can do better than DoNotTrack, which relies on the good nature of the site you visit.
Try getting a browser plugin to modify your headers and set it to filter or change your Referer header (I like to set mine to something snarky, in case the site I'm visiting is watching).
I've yet to have anything noticeable break as a result of this little hack.
Steps 2 and 3? Disable Cookies and Javascript. Of course, that can take quite a bit of fun and functionality out of HTTP services, but it's your privacy.

I have built a working extension that provides 'window.mozCrypto', which does SHA2 hash, RSA keygen, public key crypto and RSA signature/verification, see: https://addons.mozilla.org/en-US/firefox/addon/domcrypt/ and source: https://github.com/daviddahl/domcrypt I plan on updating the extension once the Draft is more settled (after a first round of commentary & iteration)

You would think a "modern" browser implementing Javascript crypto would first opt to implement ECMA5 improvements like Object.seal in an effort to pre-empt those kinds of attacks.

We have Microsoft, Google and Mozilla all deeply involved in the Working Group. I expect this will be a "webkit" patch, and hopefully land in all webkit browsers. Some initial experimentation has been done by me in Gecko in bug 649154: https://bugzilla.mozilla.org/show_bug.cgi?id=649154

Maybe Firefox of 7 versions ago...
http://www.itworld.com/sites/default/files/figure2_browserfootprint.jpg

Or maybe you had a badly behaving addon, but Firefox 15 fixed almost all the addon memory leaks too.

http://blog.mozilla.org/nnethercote/2012/09/05/memshrink-progress-week-63-64/

These days, Chrome is the hog, hands down. I've tested on OX, Windows and Linux.

To be disruptive, a device has to attract developers and users.

The developers and applications already exist. It's easy to make existing HTML5 applications installable to Firefox OS. Just add an app manifest and an application cache manifest. It would be easy for ZeptoLab, for example, to make Cut the Rope installable to Firefox OS.

This one hasn't even got a hardware vendor.

You should read one of Telefonica's press releases. Firefox OS has both operators and hardware manufacturers.

To be disruptive, a device has to attract developers and users.

The developers and applications already exist. It's easy to make existing HTML5 applications installable to Firefox OS. Just add an app manifest and an application cache manifest. It would be easy for ZeptoLab, for example, to make Cut the Rope installable to Firefox OS.

This one hasn't even got a hardware vendor.

You should read one of Telefonica's press releases. Firefox OS has both operators and hardware manufacturers.

The last time I checked, Chrome required an Android 4.x device that comes with the Google Play Store, while Firefox could run on any Android 2.2/2.3 device with an ARMv7 CPU and enough RAM. Not all devices are officially upgradable to Android 4, and not all devices come with Google Play Store.

FTP

But how would people discover the hostname of the FTP server with Firefox? The old Firefox ads never gave the hostname of an FTP server, just the hostname of a web site that could be visited with an existing web browser (in this case IE). One could Google get firefox without IE to find this guide, but that too would require using IE.

USB flash drive [...] external hard drive.

Which requires bootstrapping. It's like finding someone to make a Free McBoot card for your PS2. What's the best practice for finding someone else who can provide this?

CD ROM, DVD

If you mean pressed discs, the official Mozilla store is by invitation only; I just checked today. If you mean recordable media, these have the same bootstrapping problem as above.

Posted without bonus.

I've also got Firefox set to "ask me every time" whenever someone wants to set a cookie - yeah, it was a pain for the first few weeks, but I think it's worth it.

https://addons.mozilla.org/en/firefox/addon/cookie-monster/

Love it.

It's also worth pointing out HTTPS Finder which will work for the random sites you visit that aren't in HTTPS Everywhere's default list. And of course you might want to use some other privacy-protecting addons to stop info leaking out to ad-trackers over plain old HTTP and/or alert you to a potential compromise of your HTTPS certificate chain of authority.

Google around.

around didn't provide relevant results.

But with the literal-minded housekeeper costume off, forge referer and spoof referer still don't. This page is from 2006, and this page likewise explains a flaw that has since been fixed. This page claims that it's possible to forge a referer in the visitor's browser using redirection, but only from a domain that the attacker controls. This result claims that the only way is to get the user to install a plug-in: "If you want to redirect a visitor to another website and set their browser's referer to any value you desire, you'll need to develop a web browser-plugin or some other type of application that runs on their computer. Otherwise, you cannot set the referer on the visitor's browser." A bunch of results were links to such plug-ins, but the viewer is likely to decline the plug-in installation. What am I missing?

I suggested something like that 10 years ago: http://lists.w3.org/Archives/Public/www-html/2002May/0021.html
http://www.mail-archive.com/mozilla-security@mozilla.org/msg01448.html
But hardly anyone was interested. If implemented it could have prevented the Hotmail, MySpace, yahoo and many other XSS worms.

There's Content Security Policy now:
https://developer.mozilla.org/en-US/docs/Security/CSP/Introducing_Content_Security_Policy

As far as I see security is not a priority for the browser and W3C bunch.

The problem is you currently can't escape everything reliably.

Why? Because the mainstream browser security concept is making sure that all the thousands of "Go" buttons are not pressed aka "escaped". But people are always introducing new "Go" buttons. If your library is not aware of the latest stuff it will not escape the latest crazy "Go" button the www/html/browser bunch have come up with.

So in theory a perfectly safe site could suddenly become unsafe, just because someone made a new "Go" button for the latest browser. Your library could also parse things differently from the victim browser.

Many years ago I proposed a tag to disable any active stuff. A "Stop" button if you like in a world full of "Go" buttons. But most of the browser and W3C people weren't interested. If they had done it, a lot of those worms (MySpace etc) wouldn't have worked at all.

Only recently they have finally come up with something called Content Security Policy: https://developer.mozilla.org/en-US/docs/Security/CSP/Introducing_Content_Security_Policy

"Stop" buttons aren't 100% but it's way easier to specify a "Stop" than it is to make sure that all the hundreds of current AND future "Go" buttons are properly escaped.

Car Analogy: before CSP, browsers were like cars with hundreds of accelerator pedals. To stop you had to make sure ALL the pedals were not pressed!

Anyone who thinks escaping is easy to do 100% should go look at the various security researcher/hackers guides on exploiting stuff. Especially if you are trying to still allow HTML content (say from advertisers or HTML email for your users). It's easy if you are only going to allow ASCII text. But once you throw in HTML and unicode, it all starts to get complicated.

Yes. Not only that, but cross-compilation of existing games to JS+WebGL. See https://hacks.mozilla.org/2012/08/mozilla-and-games-pushing-the-limits-of-whats-possible/

The Firefox ESR FAQ includes their actual release timeline, according to which we should be past version 30 in two years.

Maybe what you need for your business is Firefox Extended Support Release ?:

http://www.mozilla.org/en-US/firefox/organizations/

"The tabs don't split into multiple lines of tabs..."

Try the Tab Mix Plus extension. Choose this setting:

Tab Mix Plus > Options > Display > Tab Bar > When tabs don't fit width > Multi-row

The reason Firefox is ultra important to human development at present is that it has so many excellent extensions.

That's a common misconception. Fortunately I wrote https://blog.mozilla.org/nnethercote/2012/08/29/debunking-a-misconception-about-firefox-releases/ earlier today just for you.

Try it. Check out the user feedback near the bottom of https://blog.mozilla.org/nnethercote/2012/07/19/firefox-15-plugs-the-add-on-leaks/ -- people have experienced greatly reduced memory consumption, faster painting and scrolling, and fewer pauses.

Release target seems to be Firefox 16, according to their wiki page. I had a few issues with a couple of sites in Firefox 15, I haven't tried nightly, but mostly it's working fine.

I want my supported 3.6 back.

Grab the Firefox 10 Extended Support Release and revert to the 3.6 look-and-feel.

Which they keep breaking every few releases, and it takes several more releases before it's fixed.

For example, I have Slashdot as an RSS feed. After visiting a link, the feed doesn't get updated, unless I right-click and select "Reload Live Bookmark".

The bug is filed here: https://bugzilla.mozilla.org/show_bug.cgi?id=766799

Having run into memory problems repeatedly for years, Firefox 15 is shockingly better at memory management. They completely change the model they used to help clean up after add-ons that don't clean up after themselves and very few of them have had to be fixed to work with it. Memory usage for me has been cut by more than half.

Mozilla also went out of its way to make the updater service run with as few rights as possible with code that revokes rights that it does not need. There were about three dozen permissions explicitly dropped when it was first developed around FF12. That number may have changed slightly but it's still a long list.