Back to top

Mozilla

Stuff related ot Mozilla, Firefox, Thunderbird, Sunbird, nVu, XULRunner, Litmus, Bugzilla, etc. etc.

Firefox Extensions that I Use

I use a lot of firefox extensions. You might call me a power user. Yeah, that's right, powerful.

Here is the list of my favorites. They are broken down into extensions that make Firefox better, those that make my general life better, things for "geeky stuff" and things for my life as a web developer/sysadmin/competitve webmaster. Yeah, I'm competitive. My stable of sites is better than yours!

Enhanced Firefox

  • Cute Menus - humans recognize colors and images faster than words.
  • Download Statusbar - I want the information compact, in an overview, and readily visible. I hate new windows.
  • Flashblock - I hate flash. It's amazing how much better the internet is without flash.
  • Google Gears - Since I'm in places without internet pretty regularly, it's nice to be able to get my Google feeds in an offline mode.
  • PageStyle2Tab - again, humans recognize colors and images faster than words.
  • Image Zoom - Firefox lets me zoom text, image zoom lets me zoom images. Duh.
  • Locationbar2 - Prettify the URL bar. Also happens to make it safer by clearly identifying the domain and downplaying the importance of subdomains (i.e. the phisher phavorite ebay.com.shadysitestealpasswords.com/enter-username is clearly visible as "www.ebay.com" as a subdomain of "shadysitestealpasswords.com". Whoohoo!

Enhanced Life

People Involved: 
timeline: 

RFC - Security Bounties in Open Source

The other day I broached the idea of a security bounty in the Drupal project. I had first heard about this concept from the Mozilla Foundation's Security Bug Bounty which appears to be the most famous of these.

Why Security Bug Bounty's are a good idea

This is pretty simple:

  1. It provides at least some motivation for folks to actually look at the code and find security bugs making the software more secure.
  2. More folks looking at the code is always a good thing.
  3. Just the concept and the existence of the program reminds people that we take security seriously, and informs them of the proper way to report a bug.
  4. In the case of the Drupal Association - which can't make decisions about the code based about the statutes (en pdf) (more formats/languages).

Generalized Security Bug Bounty System

This concept seems to me like it could be generalized for any software project. Here are the rules I came up with, based upon the Mozilla foundation's rules.

<

ul>

  • Security bug must be original and previously unreported.
  • Security bug must be a remote exploit.
  • Security bug is present in the most recent version of the Mozilla Suite, Firefox, and/or Thunderbird, as released by the Mozilla Foundation.
  • Security bugs in or caused by additional 3rd-party software (e.g. Java, plugins, extensions) are excluded from the Bug Bounty program.
  • Submitter must not be the author of the buggy code nor otherwise involved in its contribution to the project (such as by providing check-in reviews).
  • Employees of the project (if applicable) are ineligible.
  • If multiple people report the bug the reward will be split among them equally.
  • People Involved: 
    timeline: 

    Coming Soon to a TV Near You - Firefox Flicks Sponsored by Me

    Firefox Flicks is starting up a new sponsorship drive to get their ads on TV. If you get in early enough and for $10 then your name will appear in the ad.

    I sponsored the Daredevil add because it has such a great feeling to it. It reminds me of indulgent time spent in recreating as the sun goes down. It's the california equivalent of spending a day rock climbing in Eldorado and then coming home to a nice hot shower (and beer). And the music is pretty fun, too.

    People Involved: 
    timeline: 

    phishing test quality - Mozilla-Google vs. Microsoft - where are Lijit and Netcraft

    People Involved: 
    timeline: 

    Finding color tags and their element - the hard way

    Al wants to know - how can I get the color tags and the elements they apply to from a css file. I like the lazyweb so here's my idea, al:


    greg@gvs1 ~
    $ cat file.css
    .tabbrowser-strip {
    padding-bottom: 0px;
    background-color: #C8C8C8;
    background-image: url("chrome://browser/skin/pb-1px-hor-gray-line.gif");
    background-repeat: repeat-x;
    background-position: top left;
    border-bottom: 4px solid;
    -moz-border-bottom-colors: #535353 #A1A1A1 #BDBDBD #D9D9D9;
    }

    greg@gvs1 ~
    $ touch empty.css

    greg@gvs1 ~
    $ grep -v color file.css > empty.css

    greg@gvs1 ~
    $ diff -up empty.css file.css | grep [{}+] | grep -v +++ | grep -v @@ | sed 's/+ / /'
    .tabbrowser-strip {
    + background-color: #C8C8C8;
    + -moz-border-bottom-colors: #535353 #A1A1A1 #BDBDBD #D9D9D9;
    }

    Step one is your example. Step two creates an empty file. Step 3 takes everything BUT the color lines and outputs them into the empty. Step 4 does a diff in universal format with -p to "Show which C function each change is in.". Well, it's not a C-function but close enough. Then I did three extra greps and a sed on the end one to remove all of the lines BUT the function and "added" lines, two to get rid of the header lines, and the sed will take the plusses that were added by the diff and replace them with nothing.

    Drawbacks and Weaknesses:

    If you have plusses followed by two spaces in your css then they'll get silently removed. If you have a element named color like a <div class="colored"> then that would suck (but you can easily find those before hand...).

    Making it run through directories and do this is a fun exercise with find ./ -exec (stuff) {} \;

    Biggest drawback

    People Involved: 

    sb-ssl.google.com security domain name mismatch

    If you're one of the folks who is testing out (or using the now released) new Firefox then you've probably seen an error message saying something like "Security Error: Domain Name Mismatch" and then it says a bunch of jargony stuff and then you see that the domain is for "sb-ssl.google.com error 12263... however the security certificate presented belongs to www.google.com...If you suspect the certificate shown does not belong to sb-ssl.google.com please cancel the connection and notify the site administrator". What the heck is that?

    People Involved: 
    timeline: 

    Pages

    Subscribe to RSS - Mozilla