mozilla :: #firefox

14 Jul 2017
00:53solenodicjust want to say I'm satisfied that the issue of non-disablable GA in about:addons was resolved so quick:
00:56kode54that reminds me, the next major version of Safari is eliminating the DNT option
02:53blebHey how do I add a security exception when I get a SEC_ERROR_EXPIRED_CERTIFICATE error? I see no button to override the warning.
02:54Daggerthere should be a button, unless the site is using HSTS
03:19blebDagger: does HSTS make it impossible to connect, or is that an anti-feature of firefox?
03:24est31bleb: ignoring HSTS is not implemented, just as SSL version 1.0 is not implemented in firefox, for security reasons
05:10blebest31: Is "ignoring HSTS" something that you would need to implement? Or would it literally just be a button?
05:10AbrahamLZAs a Jewish man it saddens me to actually believe that the Holocaust is a lie. I have relatives who claimed it was real and that it actually happened and told me details of horrors they've experienced. I think this is a setup to help out our Zionist cause. Why do I believe this? Simply put, after the war it became illegal to question, research, or talk about the holocaust other than it was fact. P
05:10AbrahamLZeople who wanted to find out what happened or how were put in jail or had their careers ruined if their findings did not follow the narrative. Also, there are people out there, fellow Jews, who claimed to have experienced the horrors and have been proven to be liars. This makes me truly think that the Holocaust is a story that my people made up to help us gain an advantage in the world. It saddens
05:10AbrahamLZ me that we did it this way and not in a more honest way. The gas chambers were destroyed and rebuilt after the war was over. Fellow Jews who were in Auschwitz claim that they had orchestras and food at the canteen like in prison. Also, the mass genocide makes me wonder what did they do with all those bodies. There would be a lot of remains after our people got murdered. The census records also do
05:10AbrahamLZn't make sense as we somehow managed to reproduce in a relatively short amount of time. What I don't understand is how they managed to kill 6 million of us AND still have the time to go to war.
05:10AbrahamLZPlease no trolling. I want to have a serious discussion.
05:15markhAbrahamLZ: this is not only the wrong channel for this, it's the wrong IRC network
05:15markhglob: you around?
05:16globmarkh: just sat down
05:16markhgood timing then :)
05:26est31bleb: no idea
05:27est31bleb: if the site enables HSTS, it tells the browser a strong message "dont allow unencrypted connections to me"
05:27est31thats what HSTS is about
05:27est31to tell that to the browser
05:28est31now if the browser allowed any way to bypass that to the user, the security of the site would be worse
05:28est31e.g. take some evil government which wants to spy on your internet traffic
05:29est31lets assume they can't forge a certificate for your site, so no MITM attack possible
05:29est31then a good way to get to your data is to simply destroy any tls handshake
05:30est31while allowing through http traffic
05:30est31so anyone who wants to use a certain website over that network
05:30est31has the choice: either not use the website
05:30est31or use it unencrypted
05:31est31and most if not all people will just say "I don't care" and use it unencrypted
05:31est31bleb: also, I think the HSTS RFC requires that the site is only reachable via HTTPS not HTTP
05:31est31so you *must* make an encrypted connection
05:32est31because the site doesn't offer you any http
05:33globest31: i don't think that's correct. i have a ton of sites that use HSTS and provide http->https redirects
05:33est31glob: that's what I've meant by "only reachable via https"
05:33est31any request sent over http gets answered with a "please use https instead" aka a redirect
05:34globyes, but in that case the site _is_ reachable via http
05:35est31its a SHOULD here it seems
05:35globest31: i suspect what's happened here is we have different definitions of "reachable"
05:36globfor me that's "responds on port 80", even if that response is a redirect to https :)
05:36globi agree that sites that offer https should automatically redirect http --> https
05:37est31for me its "responds on port 80 with the site's content"
05:37est31at least in this context
05:37* glob nods
05:37globsorry about the confusion!
05:37est31no prob
05:38est31glob: this is of relevance:
07:13blebest31: but that scenario is only a security risk if you're using a website interactively and sending data to it right? encrypting a connection to a static web page makes no difference, no?
07:13est31its still a risk
07:14blebwhat is the risk
07:14est31e.g. a software download
07:14est31there could be malware inside
07:14est31also, you are always sending data, namely the request URL
07:15est31its not trivial to find out which sites you visit
07:15est31for a third party
07:15est31except if its not encrypted :)
07:16blebright so that would be a MiTM attack, I was referring to the scenario where MiTM is not possible
07:17blebdoes HTTPS obscure your requests?
07:17Mardegeverything after the ? in a URL, yes.
07:17globbleb: it doesn't obscure requests, it encrypts them
07:17blebI thought the fact that you made an HTTPS request to a website is still unencrypted?
07:17blebcant your ISP still see which websites you visit with HTTPS
07:18globbleb: yes and no..
07:18globyour entire conversation with a web site is encrypted - request and response
07:18globhowever your browser performs a dns lookup to find the site first
07:18globif you're using your ISP's nameservers they will see that request
07:19globto be clear..
07:19blebbut even then your ISP can see see that you are making a connection to a given IP address
07:19globthey will see your request for the ip address of the domain you visited
07:19globbut not the request your browser sent to the web server
07:20blebso they know which site you visited but not which pages on that site
07:20globsometimes. it's pretty common to have multiple domains on the same ip address
07:21globbut, yes, your isp has access to some privileged information about your browsing habits
07:21globalong the same lines as a postal service has with regards to snail mail
07:21Mardegthis is the whole reason the Tor Browser Bundle exists, for those who want that level of paranoia
07:21globor a teleco and phone calls
07:22globMardeg: indeed
07:22blebright, tor makes sense because it actually obscures your browsing habits. too many people act as if HTTPS solves this, but with tor it's just a superfluous layer that slows things down
07:22globa vpn would hide this traffic from your isp, shifting your trust relationship from your isp to your vpn provider. tor works differently
07:23globhttps goes a long way towards solving it with minimal user effort and impact. eg. your isp can't see your google searches
07:24globfor most people i suspect that's good enough
07:24blebmost people dont care if their isp can see their google searches
07:25* glob nods
07:25* glob has to go
07:25blebbesides if your ISP is google then they can see your google searches ;)
07:26Caspy7"if your ISP is google" then all bets are off :)
07:27Caspy7a company whose main income comes from its advertising and tracking is now your ISP
07:29blebagreed its dubious but all user data available to your ISP may already be collected and stored, by the NSA if not by the ISP itself
07:29blebwe'll be there soon if we're not there already
07:30blebthen HTTPS basically moves the trust to unaccountable certificate authorities that are in principle no more trustworthy than google or your ISP
07:56Exagone313Hi, I have a problem with proxying (socks), I think it's a bug. If I enter anything not empty (like "test" or a real domain) in the "No proxy for" field, it stops to use proxy for and ::1 (all ports afaik). I use firefox 54.0.1, self-built, on ArchLinux. Haven't found a bug concerning with on the bugtracker. Can you try to reproduce it? Thanks for your help.
07:57Exagone313concerning that*
08:06Exagone313I'll compile a nightly to see if it's fixed
08:08heftighmm, why isn't `ui.use_activity_cursor` enabled on linux?
08:27steve-_--Mregarding the fix for I am not sure if DNT will still be a thing in 5 years from now
08:27steve-_--Malso is DNT enabled by default in FF?
08:44Corksteve-_--M: it was never a thing, it was a gimmick from the start and still is
08:44steve-_--MCork: so you consider the solution for that issue appropriate?
08:44Corksteve-_--M: also setting that option by default in a browser makes it completely useless
08:45steve-_--Mwhat I was trying to say it's not only not a thing, little support it has is even crumbling
08:45steve-_--Mso what? not on by default?
08:46steve-_--Mso how is the issue solved then?
08:46Corkif it was it would mean the 0.0001% of sites following it would stop
08:46Corksteve-_--M: ppl that don't want the tracking checks the box in the options dialog
08:46steve-_--Mso we agree it's broken by design?
08:46steve-_--Myou think?
08:46steve-_--MI disagree
08:46Corkdnt is broken by design yes
08:46steve-_--Mnormal users don't know shit, they go with the default
08:47Corkya, and for them it doesn't matter
08:47steve-_--Mif you explain stuff they make big eyes and start worrying
08:47steve-_--MI disagree. just because they do not know what's happening does not make them agree with opting in to GA tracking
08:47Corkso go into there settings and check the box
08:47steve-_--Mexplain to them and you will learn they do care
08:47steve-_--Mno this needs to be opt in
08:48Corkthen dnt isn't the option
08:48Corkcause dnt can't EVER be an opt in
08:48Corkit is to useless for that
08:48steve-_--Mwhich is why I do not understand how the issue can be considered closed
08:49Corkas with all tracking the server providers want the data, so they want users that notice it to have a way to disable it
08:49Corkand leave it on for the rest
08:49Corkthis site is no different
08:50Corkdnt means "if it isn't too much bother for you, and won't cost you anything please reduce the tracking of me to the amount you feel you are willing to go; or if you don't care just ignore this"
08:50steve-_--Myeah that's opt out
08:50steve-_--MI think it should be opt in
08:53DuClareDid you read the EU proposal?
08:53DuClareSo they realize the cookie law was stupid, they want to turn software into nagware now...
08:54DuClareWhere software providers would be obliged to make the software nag about privacy choices upon installation
08:54steve-_--Musers will make better choices then and this is basically opt in then
08:55DuClareIIRC that part was only concerned with cookies and other stuff stored on the user's machine
08:57steve-_--Mtalking about the EU, they will have to up their game on this. taking 10 years to come to a decision regarding that google case is just to slow in internet time. and they are aware.
09:00DuClare> providers of software enabling the retrieval and presentation of information on the internet should have an obligation to configure the software so that it offers the option to prevent third parties from storing information on the terminal equipment
09:00DuClare> To this end, it is necessary to require providers of software enabling access to internet that, at the moment of installation, end-users are informed about the possibility to choose the privacy settings among the various options and ask them to make a choice
09:01steve-_--Mso why would mozilla not fix this in a good way? it's nice they reacted quickly, but closing the issue worries me
09:09DreyI need assistance
09:10DuClareWhat is the problem?
09:11DreyUnity web player is the problem, it appears that it is not recognized by the web browser
09:11araia plugin?
09:12Dreyyes, that is a pluggin
09:12araiwhich version of Firefox are you using?
09:13Dreythe latest one
09:13araiversion number?
09:13Dreyand there is no way around it?
09:14Dreywhere do I find that?
09:14araiin "Help"
09:14araior in about:support page
09:15Drey54.0.1 (32-bit)
09:15arai"About Firefox" in "Help" shows a dialog that contains version number
09:15araiokay, it doesn't support those plugins.
09:16araiif you really need plugins, you can switch to ESR
09:16araias mentioned in the support page above, it supports
09:16Dreywell, which version supports it?
09:16arai> In case youre not yet ready for this transition to happen, the ESR (Extended Support Release) of Firefox 52 will continue to support these plugins until early 2018. Click here to download Firefox ESR.
09:16araiesr 52.x
09:18araicurrently 52.2.1 is the latest one
09:19araithat page explains the release schedule
09:19arai52.x will be supported until 2018 June
09:19araiso, plugins will keep working until that
09:20araiafter that, support for 52.x is dropped, and 59.x won't support plugins
09:21Dreywell, unity is used everywhere and you blocked it...
09:21DreyI am no longer interested in this... but thank you for your assistance!
09:22araiunity already supports alternative way (HTML5) I think
09:22Dreyonly in some cases
09:22Dreynot in most of them
09:23philipppublishers new for years that this was coming
09:25est31there will be an even bigger outrage when flash player starts disappearing from browsers
09:27est31gamedevs still use it to create *new* games
09:27est31its definitely not a legacy thing for them
10:30zetherooin Ubuntu where would the Firefox global certificates be stored?
10:33zetherooor ... where does Firefox fetch it's ssl certificates from?
10:40zetheroophilipp: thanks. do you know if there is a way to add a certificate to Firefox globally?
10:41philipp lists a couple of options
10:48zetheroook, I would like to try the 'AutoConfig via JavaScript' option but the instructions don't make much sense to me.
10:49philippuse the cck2 addon - it will generate the right autoscript for you
10:50zetheroobut if that really for the global installation of certificates?
10:53zetherooseems like CCK2 doesn't exist anymore!?
10:54philippits download page is here:
10:55zetheroook, but why isn't is in the addons store ... weird
10:58philippupdates in the addon store have to go through a tedious review process. self-hosting makes the life easier i guess
10:58zetherooI guess it was there at some point but was pulled
10:59zetherooso this is like a profile generator - but now I wonder .. does it add to the existing Firefox defaults or does it replace those defaults altogether?
11:00philippit can be used to override default settings
11:00zetheroofor example, I see here in the wizard that there are no certificates listed. So if I add my own and then generate this AutoConfig will it only have that one certificate that I added?
11:01philippin terms of certs i think it can just add them
11:02philippso a firefox configured like this would have all of mozilla's default certs + the ones you've specified
11:02zetherooah ok - good
11:02zetherooso this generated AutoConfig would not be replacing the FF default setup, just adding to it.
11:03zetheroolike if I don't set any Default Home Page in CCK2 wizard it will just use the FF default
11:04zetheroogreat ... will give it a whirl
11:07zetheroook, I got a nice zip file ... :)
11:08philippyes, and that's your generated autoconfig file
11:08zetheroowell there seems to be quite a lot in it
11:08zetheroodo I extract that zip to somewhere?
11:09philippplace its contents in the firefox installation directory
11:11zetheroohmm ... not sure about that in Ubuntu
11:11zetheroothe firefox executable is in /usr/bin ... but I don't think it should go in there
11:12zetheroo/usr/lib/firefox seems more promising
11:15philippim not familiar with linux but afaik it has to be in the same folder where the executable is placed
11:19zetheroook, I copied the content in there ... I guess now I just need to close and re-open FF
11:19Caspy7I think generally you want to have Firefox closed when copying/moving any files
11:20Caspy7(no idea how much is affected in this case)
11:20zetheroowell it 'failed to read the configuration file'
11:29zetherootried again with new autoconfig and FF closed - same outcome
11:32philippcck2.cfg is in the same folder as the firefox executable?
11:34zetheroocck2 directory is also in /usr/lib/firefox/
11:35zetherooand autoconfig.js is in /usr/lib/firefox/defaults/pref/
11:37philippok, so the autoconfig.js part is obviously getting picked up
11:39zetherooin /usr/lib/firefox/ there is firefox and --- both are executables
11:41philippcan you try to put a single line into the cck2.cfg file and see if firefox is starting then:
11:41philipplockPref("", true);
11:43zetheroodoes it matter where in the config?
11:43philippremove all its other content and just put in this one liner instead
11:44philippit's just to test if the fiel is placed in the right directory or if there's an issue with its content
11:45zetherooFF opens now
11:46philippand when you enter about:config into the address bar, skip the warning message, does the pref show up as locked?
11:47zetherooit's there ... but not 'locked'
11:47zetherooValue is 'true'
11:48philippand not displayed italics?
11:51philippah ok, i tried it here... the file actually needs to have 2 lines:
11:51philipp"lockPref("", true);"
11:51philipp(without quotes)
11:52philippso the error message you've received before indicates that something's up with the content of the automatically generated cck2.cfg file
11:53zetheroook, now it shows as locked
11:53zetherooI guess I can copy back the original cck2 config now
12:03zetherooin the cfg it's got the "url" area with a path beginning with "resource:// ..." - I wonder if there is an issue with that path
12:05philippyou could try to comment at when output of the cck2 extension doesn't work. mike seems fairly responsive there
12:06philippunfortunately i'll probably have to bail out if the out of the box solution/manual doesn't work
12:07philippmaybe you can also compare the automatically generated contents of cck2.cfg with what's listed at and see if you can get to a working file this way
12:08zetherooor is there a way to start FF in a more verbose way?
12:11philippnot really, here are some proposals but we've essentially already gone through the first part:
12:18zinker#file-menu {-moz-box-ordinal-group: 1 !important;} anyone familiar with it ?
12:25Corkmoving the file menu last?
12:27zinkeri want change history andbookmarks...
12:32zinkerim on 52,21 isthere userchrome supported?
12:33zinker52.2.1 esr
12:36Corkyes, not sure for how long though, it is discussion about if it should be removed or not
12:37Cork(not from that version obviously)
12:37zinkercork ny idea change history and bookmark ,im playing for hours
12:38Corkparsing error
12:46zinkerheard of a add on doing this with 52?
12:46Corkdoing what?
12:47zinkerchanging the menu bar since uerchromenotwork
12:48firebotJust appeared in Planet Mozilla - :
12:48firebot Soledad Penades: If using ES6 `extend`, call `super()` before accessing `this`
12:58firebotJust appeared in Planet Mozilla - :
12:59firebot Soledad Penades: If using ES6 `extends`, call `super()` before accessing `this`
13:01Caspy7Cork: so far I've seen a single comment from a dev about userChrome being removed, in a "maybe" manner. Can you point me to more discussion on it?
13:02Corknot a collected conversation exist as far as i know
13:02Caspy7ok, you said discussion, and I'd be interested in reading any further discussion on the matter
13:03Corki don't think there is a definitive decision, i know there are some strongly for removing it and some strongly against
13:03Corkso it can go either way
13:04Caspy7strongly for removing it? Like I said, I'm curious to see this expression. I've only seen one comment on bugzilla saying that maybe it should go
13:05Corki've seen conversation on irc and in bugzilla in different bugs since around when the had to fiddle with select options for e10s
13:06Corkand the strong comments was from developer points of views, and that doesn't in any way mean it will go that way
13:06Corkjust that there are interests in both directions
13:12amosbirdhi, how can I record all the POST data when clicking submit
13:23zinkerof a sudden it works ...
13:23zinker@namespace html url("");
13:23zinkercould this be eason
13:30zinkerthx for inspirations , off
13:33firebotJust appeared in Planet Mozilla - :
13:34firebot Alessio Placitelli: Getting Firefox data faster: introducing the new-profile ping
14:09zinkerany way to backup history without a add on
14:17Caspy7zinker: best I can think is to make a backup of your Places.sqlite file. That contains bookmarks, history and downloads. It can't be "imported" specifically as much as if you lost your data you could get back to today's snapshot
14:18Caspy7you can however backup your bookmarks
14:18Caspy7in the bookmarks manager/libary window
14:19zinkeri did this ye places sqlite ... might ascript idea which i cn save in bookmarks does make copytoanotherfoldere?
14:19zinkerbecause imchanging profiles anda batch is noti want
14:19zinkerlong filenames and that
14:20zinkerthis damn keyboard , sorry
14:21zinkercan i save batch as bookmark ?
14:26zinkeri forgot jscript 10 years ago .)
14:26Caspy7I already shared that you can a save bookmarks backup. Open the bookmarks window, click "Import and backup", click "Backup..." and you will be allowed to save it as a JSON file
14:26Caspy7those are the options I'm aware of without using an addon
14:27Caspy7bookmarks are backed up periodically anyway, you can see this list under that same "Import and Backup" option under "Restore"
14:27zinkeri do this already i thoughtabout placesto copy by a bookmark link with a script
14:28zinkerbookmark : copy laces.sqlite to folderc:\temp and add number
14:32zinkerbookmark auto backup time is in about:config ?
14:34zinkerbut ic , it not arealproblemfor thischat igetasolution
14:35zinkertks, off
15:29firebotJust appeared in Planet Mozilla - :
15:29firebot Hacks.Mozilla.Org: Introducing sphinx-js, a better way to document large JavaScript projects
16:09Rich246Hello, I am wondering if it's possible to move the Reload button over towards the Back buttom
16:09Rich246Hello, I am wondering if it's possible to move the Reload button over towards the Back button
18:20Caspy7_awayRich246: you received several answers
18:21Rich246Sorry, I didn't go up enough
18:22Rich246I'm used to it being over by the Home button... I did search for an addon but I couldn't find one
18:26Caspy7_awayRich246: I have to go, but I think classic theme restorer will do it. It will no longer be compatible with 57 - but then you can do it on your own with 57
18:26Caspy7_awayI forget if that addon is multiprocess compatible though
18:26Caspy7_awaywhich could hurt performance
18:27Rich246Yeah, it's not something I wanna use
18:33iMacRich246 do not become addicted to Classic Theme Restorer. It will take hold of you and you will resent its absence.
18:49Daggerunfortunately it's a requirement for lots of things that Firefox itself gets wrong :/
20:49firebotJust appeared in Planet Mozilla - :
20:49firebot Mozilla Addons Blog: Add-ons Update 2017/07
21:04Seburotimofonic: Hi
21:05timofonicAny advanced user/dev here? My browser got a unresponsible script warning at chrome://browser/content/browser.js and I closed it
21:05Seburotimofonic: Do you mind sharing the url of the site you were trying to view?
21:06timofonicI'm using the Tor Browser Bundle, so it's like Firefox in safe mode and not using disk cache. Now I can only see the loaded page, but did dumb things trying to load google or some browser and loaded a rss. I did more dumb things and now there's an empty page.
21:06timofonicI'm in a hurrry, I came late because want to recover the URLs. I'm damn stressed :(
21:07timofonicit was tuts4u or something else, but not sure if that's relevant. I know what is the site, but I overloaded the browser with too much tabs and I suposse the lack of disk cache makes Tor Browser more prone to issues :P
21:09SeburoOk. Let me check something, hold on. But the site worked even if browser.js got closed. It's me that did dumb things and can't even find a gay to load a site or whatever. I tried with a google plus link, but it loaded in another tab that not got shoed :P
21:09timofonicI guess a memory dump could be the last hope, but I have no idea about it
21:09timofonicSeburo, Thanks
21:11SeburoOk. I think it best if we capture a copy of your profile, then try a Refresh.
21:12timofonicSeburo, Do you understand how Tor Browser works? It doesn't use cache, not sure where history gets loaded :P
21:15SeburoTo be fair, this is a #firefox channel.
21:16timofonicSeburo, I know. I'm sorry. Bit I see there's collaboration between two projects and TB changed are getting upstreamed or whatever is named the word
21:18timofonicSeburo, Is places.sqlite where the history goes? It's 10.0 MB (10,485,760 bytes)
21:19Seburotimofonic: This will walk you through the files in a Firefox profile, .
21:31UNKN0WNmerry meetings, need help on chrome:// resource:// URIs which are not working at all, FF tries prefixes www to those (ex:
21:34timofonicThere's a 2kb file in bookmarkbackups directory I copied default.profile bookmarks-2017-07-14_10_SOMECODE==.jsonlz4. Now I need to find a "forensics" tool that reads the history database. Do you know about a free one? I found mzcacheview but only works for cache. MozBackup not accepts the copied profile for some reason
21:34timofonic2kb for all?
21:36SeburoThat should open in the Firefox bookmark import/backup Restore function in the bookmark library.
21:41timofonicI'lll to it in my Nightly session, let's see...
21:43timofonicSeburo, it can only open html files :(
21:43timofonicOhh. select file
21:45timofonicIt says to replace bookmarks. Can't merge them?
21:47SeburoIf you take your existing profile out of the way, and use a clean profile, but with that file, you should be able to open it to view and save as an html. Do the same with your existing profile and you can create one html file with all the bookmarks you can import.
22:15Caspy7I'm a bit tired and just skimmed but are you trying to restore a tab sesssion?
22:16Caspy7timofonic: ?
22:59firebotJust appeared in Planet Mozilla - :
22:59firebot Robert O'Callahan: An Inflection Point In The Evolution Of Programming Langauges
23:30timofonicI'm back again. Seburo seems away. seban-M Thanks a lot and sorry for being so demanding (Did I say it correctly?). I'll try do that, but SQLite Manager addon gives me the following error when opening places.sqlite: SQLiteManager: Error in opening file firefox.exe - either the file is encrypted or corrupt
23:30timofonicException Message: Component returned failure code: 0x8052000b (NS_ERROR_FILE_CORRUPTED) [mozIStorageService.openUnsharedDatabase]
23:32Caspy7timofonic: I sort of skimmed, but was unclear on what I read. Are you looking to restore a previous browsing session?
23:33Caspy7timofonic: if so, this is a little guide I wrote on doing that
15 Jul 2017
No messages
Last message: 71 days and 18 hours ago