To provide myself with slightly more safety through separation, I run two firefox profiles simultaneously. One is the “general” browser for day-to-day viewing of random (and unauthenticated) sites, and the other is the “authenticated” browser, which contains the cookies for known sites I authenticate against. The trick for this is having a launcher that runs firefox without attempting to request a new window from the currently running profile:
bash -c "MOZ_NO_REMOTE=1 firefox -ProfileManager"
And in a recent bug-hunting session, I had a firefox profile that just kind of didn’t load javascript correctly any more (”change_feedback_state is not defined” on facebook). I have no idea what was causing the issue (something not extensions — it didn’t go away in “-safe-mode“), and so I just reconstructed the profile one bit at a time, eventually leaving all of prefs.js out. I used the migration checklist I found at mozillazine.
I’ve been having fun fighting religious battles and confusing people with in-jokes at jyte.com. Other good claims:
Or just see what’s been claimed about linux in general. Yay for silly social networking sites! :)
I spend a good bit of time reading CVEs but their entries are plain text, without links associated with their various recorded URLs. I’m annoyed at having to select/paste to load a URL, so I had to go code a work-around. :)
Since MozDev’s “linkify.user.js” was a bit heavy-handed, I wrote up a quick hack based on similar code to only look at mitre.org’s LI tags: “cve-links.user.js“.
While I can’t log into NetFlix or Amazon with OpenID (or other federated login systems), I still wanted to try it out. The goal is to easily write comments on people’s blogs, edit Wiki pages, etc, all without having to keep logging in every time. So far, so good.
First step was to decide between running my own OpenID server or not. I went with “not”, since there really isn’t an installable OpenID server yet (there are only support libraries, it seems). Since I was given a permanent account with LiveJournal for some XSS testing I did for them, I figured I’d just use their stuff. I wanted to use “outflux.net” as my login everywhere, so I just added two lines to my outflux.net HTML source:
<link rel=”openid.server” href=”http://www.livejournal.com/openid/server.bml” />
<link rel=”openid.delegate” href=”http://keescook.livejournal.com/” />
Poof. Done. I used Videntity to verify that it was all working. Nifty stuff.
My only complaint is that it’s not clear how to get an end-to-end secure login. I can log into LiveJournal securely, but the OpenID server they run doesn’t seem to operate over HTTPS. Future study is needed. :)
The house-for-sale listings that RMLSweb.com produces are very detailed, and even include a link to show a map for each house’s address. However, this link goes to MapQuest, which I find infuriatingly annoying to use. I wanted the link to at least go to Google Maps instead. Since I live near Portland, I also wanted to search the fantastic Portland Maps site at the same time. That way I could see lot dimensions, crime statistics, etc.
This was clearly a perfect job for GreaseMonkey. The result, after my usual fights with javascript, is my script to override the RMLS address mapping function.
After installing my amd64 machine and getting my desktop moved, I noticed that Firefox seemed to be running really slowly. Especially google maps. After Brian showed me the Firefox Hacks book, I decided to try and dig into the cause.
By setting the environment variable “NSPR_LOG_MODULES=all:5″ you see damn near everything Firefox is doing while it does it. I noticed that it was stalling every time it processed a new cookie (since I don’t let Google set cookies). So I started removing each of my cookie extensions.
To get myself back to a sane state, I just backed up my Firefox profile:
cp -a ~/.mozilla/firefox/*.default ~/firefox-profile
Then removed one extension, restarted Firefox, etc, until I found the busted one. Turns out “Extended Cookie Manager” was my problem, so I replaced it with “Cookie Button in the status bar”.
Tedious, but, it worked. And for some reason, getting a list of all the Firefox environment variables proves to be very difficult.
I’ve gotten all my Firefox extensions straightened out again since the 1.5 shake-up. Now that it’s sane, I wanted to report what I’m using so I’ll remember for the future, and so I can go look somewhere if I’m on my laptop or some other machine and I can’t remember which extension I was looking for.
Also at least one other person has asked me what extensions I’m using, so maybe others would be interested. I used the following to get a human-readable list of my extensions:
egrep ':(version|name|description|type)' ~/.mozilla/firefox/*.default/extensions.rdf |
perl -pe 'print "n" if (/:version/); s/^[^=]+="//; s/"$//;' |
(read EMPTY; while read VER; do
read NAME; read DESC; read TYPE; read EMPTY;
if echo "$TYPE" | grep >2<>/dev/null; then
echo “$NAME $VER”; echo “$DESC”; echo “”;
fi;
done)
I bet there is an elegant XPath command to extract this directly with a single “perl” execution, but, uhm, I’m not an XML expert. :)
Almost all of these extensions were gotten from the Firefox extensions list:
- BugMeNot (0.9) Bypass compulsory web registration with the context menu via www.bugmenot.com.
- Tabbrowser Preferences (1.2.8.8) Enhances control over some aspects of tabbed browsing.
- Modify Headers (0.5.1) Add, modify and filter http request headers
- View Rendered Source Chart (1.2.03) Creates a Colorful Chart of a Webpage’s Rendered Source
- Gcache (0.2.1) Displays a google cached version of the webpage.
- Adblock (0.5.2.039) Filters ads from web-pages
- Word Count (0.3) Counts the number of words in selected text.
- Allow Right-Click (0.3) Defeats web sites’ right-click prevention scripts.
- JavaScript Options (1.2.2) Provides advanced JavaScript options for Firefox.
- User Agent Switcher (0.6.6) Adds a menu and a toolbar button to switch the user agent of the browser.
- Live HTTP Headers (0.11) View HTTP headers of a page and while browsing.
- Download Manager Tweak (0.7.1) A modification of the Firefox download manager that changes its appearance and allows it to be opened in a separate window, a new tab, or the sidebar.
- View Cookies (1.5) View cookies of the current web page.
- udtranslate (0.0.7) UDTranslate: a zombie translation utility for Urban Dead
- Stop-or-Reload Button (0.2) Turns the stop and reload buttons into a single one. When you can stop, you have a Stop button, otherwise you have a Reload button. (Like in Safari)
- QuickJava (0.4.1) Allows quick enable and disable of Java and Javascript from statusbar.
- Flashblock (1.5) Replaces Flash objects with a button you can click to view them.
- Greasemonkey (0.6.4) A User Script Manager for Firefox
- Fasterfox (1.0.1) Performance and network tweaks for Firefox.
- Disable Targets For Downloads (1.0) Prevents download links opening a blank window.
- QuickProxy (2005.12.04) Quickproxy creates a statusbar button to quickly turn the proxy on and off.
- DownThemAll! (0.9.8.4) The mass downloader for Firefox.
- Web Developer (0.9.4) Adds a menu and a toolbar with various web developer tools.
- Wayback (0.1.1) Displays an archived version of the webpage.
- Extended Cookie Manager (0.5.5) Change the cookie status for websites on demand.
In addition, it seems the option in TabBrowserPreferences for URL pasting into the display window to load was removed. After some Googling, I was directed to the about:config page, under “middlemouse.contentLoadURL”. Set it to true to restore the prior default behavior.
Fantasy Football isn’t something I have any idea how to play, but I thought I’d join a few friends in their league, since they seemed to have so much fun with it. It’s through Yahoo, and is pretty nifty. I’m slowly learning how to play, but I doubt I’ll ever be any good considering how much I don’t watch football. In the Yahoo interface, however, to evaluate a player’s depth (first string, second string, etc.) I have to click on the player, then the team, then the “Depth chart” link. This was annoying, so it was a perfect opportunity to learn some more javascript, xpath, and DOM manipulation. As a result, I wrote a greasemonkey script to add team links where ever a team abbreviation is seen.
