So, there I was, watching Firefox 3 thrash my CPU and IO, when I decided that I needed a replacement. Something elegant, fast, preferably threaded… oh! Google Chrome! So, I finally found a link to download the unstable version of the browser based on the latest revisions, of which I got version 4.0.213.1-r27053.
Now, I’ve used Chrome in Linux before, and a few things about Firefox kept me hooked. Today, though, I was on a mission to change all that. I wanted basically all the functionality I got from Firefox in my Chrome experience as well. This article should help others do the same.
Read more…
Uncategorized
addons, chrome, customization, firefox, google, themes
I recently discovered this page, which describes Mozilla’s solution for prevention of XSS (Cross-Site Scripting) available as a Firefox Extension. Here’s the HTTP response from my site:
hank@tardis:~$ wget -S http://www.ralree.com
--2009-06-30 09:52:13-- http://www.ralree.com/
Resolving www.ralree.com... 74.54.115.108
Connecting to www.ralree.com|74.54.115.108|:80... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Tue, 30 Jun 2009 13:49:54 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.7a Phusion_Passenger/2.1.3
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.8
X-Pingback: http://www.ralree.com/newblog/xmlrpc.php
Last-Modified: Tue, 30 Jun 2009 13:49:21 GMT
X-Content-Security-Policy: allow self; img-src *; object-src *.ralree.com
*.ralree.info; script-src *.ralree.com *.ralree.info pagead2.googlesyndication.com
friendfeed.com; style-src *.ralree.com *.ralree.info
Content-Length: 57457
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
As you can see, my content security policy is sent as an HTTP header on all HTTP responses from my site. I basically stole an example from this page. I’ve attached it in the .htaccess file in my site’s root, before everything else in there, like so:
<IfModule mod_headers.c>
Header set X-Content-Security-Policy "allow self; img-src *; object-src *.ralree.com *.ralree.info; script-src *.ralree.com *.ralree.info pagead2.googlesyndication.com friendfeed.com; style-src *.ralree.com *.ralree.info"
</IfModule>
I highly recommend everyone with commenting activated on their blog enable this, since XSS is a serious pain. This seems to work very well on Site5, where mod_headers was simply enabled out of the box.
Uncategorized
firefox, hacking, http, scripts, security, site5, vulnerability, xss
So, today I was invited to Google Group chat for the first time. This would be really cool on a terminal that’s not equipped with an IM client, since it’s all done through the web with flash and magic. But, since I don’t like having 2 IM clients running at the same time (Pidgin and the Flash one from Google), I decided I needed to rip out the Jabber Group Chat Room name from the invite page. I got some tips from this site, and wrote a Greasemonkey script to do so.
All you have to do is copy the room name into the Join Chat window, and put in groupchat.google.com as the server. I hope you find it useful. If anyone knows how to make this a link that GNOME will throw at Pidgin, let me know. That would be awesome.
Uncategorized
chat, code, firefox, gchat, gmail, google, google chat, greasemonkey, hack, jabber, javascript, pidgin, script
So, I tried Firefox Minefield Beta today at the suggestion of Slashdot, and I like it. It’s really speedy compared to even the previous 3.0 versions. Text shadows now work, which is really cool.
Uncategorized
benchmark, browsers, firefox, linux, test
The new July 2nd version of Flash Player 10 for Linux finally fixes the HTML overlay bug that we’ve been seeing for years. You can now see things on top of the flash elements on the page, like so:
Get it now!
Update
After trying it with YouTube and TheSixtyOne, and seeing some lame bugs, I decided to go back to Flash 9 and face the music on overlays.
Uncategorized
close source, firefox, flash, linux
I decided after reading this article, I decided to try out SWFDec instead of Adobe Flash Player. I shied away from Gnash early on since it didn’t support many newer features of Flash, and it didn’t work with YouTube. But, apparently, SWFDec works with YouTube (I just tried it), and according to the article above, my browser may use less resources now. We’ll see.
Update
Well, it turns out it crashes on my TheSixtyOne player on the right! Time to try Gnash…
Update 2
Experiment over. The OSS Flash solutions completely fail at playing the flash audio on the right. Once they get just a little more compatible, I’ll try again.
Uncategorized
firefox, flash, linux, open source
I got tired of not having my greasy friend around, so I changed the rdf file to work for all versions of Firefox 3. Here’s the result:
Uncategorized
extension, firefox, greasemonkey
So, I though it would be interesting to mimic browser behavior with error pages. I decided I needed to make a page that looked exactly like the Firefox Server-not-found page. I managed to copy the source using Firebug, and I extracted the css out of the jar files on my system. Anyway, I ended up with some source for IE and some source for Firefox.
I left little invisible links in each one (search for ‘Supplies’ on the page). I also removed all the default javascript from the Firefox version and replaced the Try Again action with a simple reload one-liner.
Then, I just wrote some awesome PHP to take care of which one to load, and called it index.php:
<?php
if (preg_match('/MSIE/i', $_SERVER['HTTP_USER_AGENT'])) {
readfile("errortest-ie.html");
} else {
readfile("errortest-ff.html");
}
?>
And we’re done. Not bad, eh?
Uncategorized
css, firebug, firefox, internet explorer, javascript, web design, web programming
So Citibank is lame – they don’t think that Firefox in Linux is a supported browser, but seem to believe that it is under Windows and OSX. Well, good thing we have Greasemonkey around.
// ==UserScript==
// @name Citibank Continue
// @namespace http://www.ralree.info
// @description Makes the Citibank browser warning page go away
// @include https://web.da-us.citibank.com/cgi-bin/citifi/portal/l/l.do
// ==/UserScript==
document.getElementsByTagName('input')[0].click;
Get it here. As you can see above, it does nothing dangerous. Just clicks the damn button for you so you never have to see the unsupported browser screen again.
Uncategorized
citibank, finance, firefox, greasemonkey, life, userscripts
Well, we went to the firefox party:
It was pretty cool – we got some swag and stuffs.
Uncategorized
creative commons, firefox, fox, mozilla, open source, oscon, party, pictures
