Szerteszana²

grin agymenései
Taggalés geek

What Firefox loses while blending in

2017-10-30 09:17 írta grin

"Fuck you, Mozilla."

Don't take me wrong: I understand security, I have the knowledge to see why rewriting APIs can be good, I can see why replacing a bad internal structure with a decent, state-of-the-art one is good.

There is a difference, however, between forcing the developers to change to the new set of internal functions, and therefore force people to replace the old add-ons with the new ones -- versus removing old function calls when new ones aren't yet written and not available, alienating add-on developers with mediocre communication and inflexibility.

It is not helping that by replacing the old with the new the browser incidentally loses the flexibility of manipulations the add-ons have enjoyed, which resulted rich funcionality available from the outside developers and the core browser was not forced to accumulate millions of interesting functions which is used by some percent of the users, but they are indeed very important for that few percent.

So what Mozilla does right now? They are rewriting the internals to be faster and more secure. While doing it they create new internal access (API) for addons to be able to do their magical work within the browser; except, they haven't created all of the old APIs and recreated some (well, due to the new structure some say many) APIs with much less functionality. They started to remove the old APIs. When plugin developers complained that their old code stop working and it's not possible to write new one since there is no API for that the mozilla developers said "your problem, not mine" (well, often they simply said "fuck off" in various forms, but it's just the difference of style, really, same thing). So some developers of really important, or some really well written plugins said "sorry, there's no happy feeling to write this stuff anymore, I'm gone". Since, you have to see, these developers wrote code for good feeling, not money. No good feeling, no code.

Let me show you an example. There was a feature in mozilla which grouped the various tabs in tab groups, then was able to display a quick overview of tabs to pick from; it's essential when you work with large amounts of tabs. Then the core developers said "well we don't use it so you shouldn't either" and removed the feature and said "well this is Firefox, so if you need it code an addon!". And so that is exactly what happened, and Tab Groups addon was created with the same functionality. Happyness. Then comes new Firefox and all the APIs required for Tab Groups are either removed or changed to the extent that it's not possible to do it anymore. And the developer calls out to Mozilla to make it possible to have it rewritten. "It's not a good way to do things", says Mozilla, "we don't need that addon." Nice.

I see the Firefox Nightly channel, this is where the latest development version can be checked, tried. Eventually Nightly become Beta, then Release, then ESR (Extended Support Release), which is what most everyone uses. Right now Nightly rejects 95% of the addons I have been using. It takes half a year until Nightly become ESR. You have 6 months to get away.

Let me just show some:

Morituri

  • Tab Groups - with 570 tabs it's not possible to live without this
  • Auto unload tab - free memory used by a tab without losing its state
  • DownThemAll - download manager with brains
  • Master Password Timeout - essential security when a strong master password protects lots of not that important passwords
  • Saved password editor - what the name says, this is essential when someone uses the password db
  • PasswordMaker - create passwords with a strong master and the hash of the website address (good for some kind of use)
  • Session manager - I hate to lose browser state; firefox by itself loses it every few restarts, session manager never have lost any.
  • YouTube video and audio downloader - obviously
  • HttpFox - tracing the web traffic to hunt bugs
  • Lazarus form recovery - do you like to lose the feedback form you typed for 35 minutes? Firefox does.
  • NoScript - clickjacking, fake forms, evil javascript; we don't need those
  • Calomel SSL validation - TLS security checker, for the security geek
  • HTTP2 / SPDY indicator - I like to know
  • Tab memory usage - firefox can't say which tab eats memory
  • Stylish - when I want CSS to do what I want
  • UAcontrol - for some really braindead sites

And some small stuff not important even to me.

All of these are going to be trashed.

What works

  • uBlock origin
  • uMatrix (webext)

That's… um… not a long list.

What now?

Some addon developers still hope to kick some sense into Mozilla developers and try to create tickets to have the missing API coded by the time the new WebExtension based addons (well, those few) will trump over the old ones. Some people are creating tickets to tell mozilla about their addon usage and the loss they will experience when the shit will hit the fan. Some Mozilla developers try to help.

But in general Mozilla core developers reply that "this feature need 4th level security review so it has been delegated to committe no. 44 and it's been planned to be discussed in some future non-specific date." Which means in human language that "we do not oppose your request but we don't support it either, we put it into the TODO pile and let's hope someone's picking it up; you may code an API for it and you may even use it but you should expect us to notice and remove or change it any time". (This is what's happening to most of the security related APIs.) For some feature they said "we don't like this feature, so we try to remove everything related to it", which means that they don't just remove the API but they remove the whole feature (this may well happen to one of the most important thing Firefox have: the integrated, secure password storage).

So I expect either they delay the release of Beta, Release and whatever (until the required APIs going to be discussed and designed and accepted and coded and verified and hopefully after addon developers had some time to actually incorporate them into their code, which seems rathat unlikely) or they release it in its current crippled form, which kills off lots of addons and alienate lots of addon developers and people actually start looking for better alternatives.

And the inconvenient thing is that if Firefox addons can do exactly the same as Chromium addons then there's no point to pick Firefox; or at least out of 100 reasons to do it there are some 20 left.

But either way, the users going to lose the functionality of the old addons. So it's going to be worse for them.

…except that I know these kind of addons are only used by geeks and hackers and coders, and the average people use addons which make buttons look like yawning cats, addons which animate the background and addons which play a merry tune when the page have loaded. Those people will not notice much. They going to write their passwords into a text file, they will click on the phishing sites' fake buttons, their memory use will be compensated by buying more RAM, and they don't give a fuck about who and how figure out what the bugs are and how to fix them.

It's the hard life of the intelligent minority versus the happily ignorant masses.

Regular Expression (regex) debugger

2016-07-01 10:50 írta grin
This is highly technical, non-geeks run away, now.

Okay, no, just kidding, this is just a bookmark entry since this is so cool.

Regular expressions are part of the Zen™© of the Programming. They are patterns which are matched against a string and check whether there is a match or not, take parts of the string or similar.

Also, regexps are highly geeky because they are an absolutely unreadable mix of all kinds of punctiation. Simple regexes are easy to write and easy to understand, however there are some whose complexity requires more understanding than one can spare for an average human lifetime.

Here come the RegEx debuggers. Funny, I almost have used none so far, maybe I like to break my brain on them. Anyway, there was one which was full of "meta matches" (?:) and recursive groups (eek), and I was looking for the easy way and googled "regex debugger". Found a lot of interesting but not that useful one, but then…

This.

Nice. Syntax diagram of the regexp.

Recording the fight won against gnuTLS

2012-02-29 22:56:11 írta grin
Maybe someone googles for this...

After an upgrade exim TLS barfs on several connection saying
 (gnutls_handshake): Could not negotiate a supported cipher suite.
or maybe
 (gnutls_handshake): An unexpected TLS packet was received.

All these are caused by the fuckin' gnutls update, which completely starts vomiting when fed by OpenSSL generated key files and/or certificates. In my case I had to regenerate the certificate of the key by:
certtool --generate-certificate --load-request host.req  --outfile host.crt --load-ca-certificate CA/cacert.pem   --load-ca-privkey CA/private/cakey.pem
but had to realise that certtol (of GNUTLS) simply cannot handle encrypted key of the CA, and keeps telling completely stupid error messages, like
certtool: importing --load-privkey: (null): Base64 decoding error.
and some may have realised that I did not even use --load-privkey option. Oh well. Turned out it's the encoded CA private key. So first it has to be decoded, not by GNUTLS of course since it chokes on it but openssl:
openssl rsa < ca.key > ca-fsck.key
which is obviosuly a very secure way to handle a CA key. Anyway, now the generate-certificate works and tries to create a new cert. Of course extended fields are a way off unless you go on and check all the possible options of the template.
After all this mess it works with the old host key and the new host certificate. Boo-hoo.

Számítógépcsereberefogadom

2011-06-06 08:23:07 írta grin
Lecseréltem a számítógépem. Pontosabban frissítettem, mert már lassan iksz éves (ahol iksz egyenlő tetszőleges, kettőnél nagyobb szám, jelenleg talán öt), és már annyi memória kellett volna bele, ami nem fért, meg amúgy is a feszültségszabályozó rész gyanúsan hideg volt, ez a régiek szerint annak a jele, hogy megszállták a dæmonok. Szóval fél évnyi lelki gyúrás után frissítettem.
Kéremszépen, műszaki lelkűeknek a specificationen (de már előre látom, hogy itt fogom mindig megkeresni, amikor elfelejtem):
  • alaplap Intel DH55HC
  • cpu Intel Core I5-760 („Intel Inside - Idiot Outside”)
  • memória (mert manapság már ennek is neve van…) Kingston KHX1600C9D3K2/8GX
  • video Zotac GT220 Zone Edition
A ház és a táp a régi (amennyiben a 3 hónapos táp az), a monitor meg egy ideje már Samsung SMBX2450.
Persze gyors, a régihez képest (12000 BogoMIPS helyett 22300), meg a 4 mag nyomja mint a meszes, meg halk is (egyelőre, még nem kapott igazi komoly terhelést). Ami igazán nyom rajta az a 8GB RAM, mivel már kezdett szűk lenni ennek a sok dög nagy memóriafalónak (de mondjuk az is igaz, hogy százezer feletti email meg 100 feletti www tab kezeléséhez kell). A video megy szépen, a hangja is okés (csak le kell húznom róla a belső hangszórót, mert nagyon viccesen kivezették rá a hangkártya PCM kimenetét, így hiába a fejhallgató, mindenki élvezi).
Amúgy tele van USB-vel (12 db), nincs benne IDE (0 db), és elő kellene kaparnom a soros porti csatlakozót is, amit láttam 5 éve valamelyik dobozban... mert azt nem adtak hozzá.
De, ahogy mondani szokták: eddig jó.

Webes animáció flash nélkül

2010-03-11 13:05:52 írta grin

Proof-of-concept, hogy 2010-ben vajon hány browser képes arra, amire a Netscape 1995-ben. :-)

Fiorefox és Chrome vette az akadályt, a többieket nem tudom.

foobar.grin.hu/shell/pushtest_jpg.pl

Taggalés geek

Szerteszana²

grin agymenései