Category Archives: firefox

Firefox OS dead or just resting?

So Peter-Paul Koch (Quirksmode) declares Firefox OS dead. I’m afraid he’s right. A pity really, as I loved the idea of an entirely open web-based mobile OS. Mozillians don’t agree, saying they’re just not going offer Firefox OS phones through carriers any more.

Or maybe It’s just resting?

Customer: I wish to complain about this here fox what I purchased not half an hour ago from this very boutique.
Shopkeeper: Oh yes, uh, Firefox OS …What’s,uh…What’s wrong with it?
Customer: I’ll tell you what’s wrong with it, my lad. It’s dead, that’s what’s wrong with it!
Shopkeeper: No, no, ‘e’s uh,…it’s resting.
Customer: Look, matey, I know a dead fox when I see one, and I’m looking at one right now.
Shopkeeper: No no it’s not dead, it’s restin’! Remarkable software, Firefox OS, idn’it, ay? Beautiful openness!

 

No Google fonts with NoScript

I’m not only into optimizing the speed of sites with for the benefit of their visitors, but also into speeding up all sites in my browser, to satisfy my own impatience. I already blocked Facebook, Twitter and Google+ widgets using NoScript’s ABE and now added this little snippet in ABE’s user ruleset to stop Google Fonts from being loaded;

# no google fonts
Sites fonts.googleapis.com
Deny INCLUSION(CSS,SCRIPT)

Result: less requests, less to download and faster rendering without that ugly FOUT. Because let’s face it, your fancy fonts slow down the web and they are of no interest to me.

Firefox: how to enable the built-in tracking protection

Just read an article on BBC News that starts of with the AdBlock Plus team winning another case in a German court (yeay) and ended with a report on how Firefox also has built-in tracking protection which -for now- is off by default and is somewhat hidden. To enable it, just open about:config and set privacy.trackingprotection.enabled to true. I disabled Ghostery for now, let’s see how how things go from here.

Fixing Firefox’ LessChromeHD to reclaim lost screen real estate

I had been happily auto-hiding the Firefox navigation bar on my small-screen netbook for a couple of years already, until that add-on (LessChromeHD from the Prospector series) stopped working after having upgraded to Firefox 35. So I started Firefox from the command-line and spotted this error:

addons.xpi WARN Error loading bootstrap.js for lessChrome.HD@prospector.labs.mozilla: TypeError: redeclaration of variable event (resource://gre/modules/addons/XPIProvider.jsm -> jar:file:///home/frank/.mozilla/firefox/jy6bws91.default/extensions/lessChrome.HD@prospector.labs.mozilla.xpi!/bootstrap.js:226:8)

A quick look at the source code confirmed “event” was declared twice, once on line 210 and a second time on line 226. The fix, obviously, is simple; on lines 226-228 replace all references to “event” with e.g. “shownEvent”;

let shownEvent = document.createEvent("Event");
shownEvent.initEvent("LessChromeShown", true, false);
trigger.dispatchEvent(shownEvent);

You can do this yourself by unzipping “lessChrome.HD@prospector.labs.mozilla.xpi” in your extenstions-folder, editing boostrap.js and updating the xpi. Or you could wait for the Mozillians to update LessChromeHD.

So who’ll bring me my Spanish Firefox OS phone for €69?

Spain is the first country to see a Firefox OS handset on the market. Movistar sells the -admittedly low-end- ZTE Open for a whopping €69​, which includes €30 prepaid value and a 4Gb memory card!

ZTE Open with Firefox OS

So is there anyone planning to go on holiday to Spain who would be willing to buy me an orange ZTE Open?

Thanks for reminding me about AdBlock Plus Google!

So Google removed AdBlock Plus from the Google Play Android store. That is their prerogative, off course, but it does confirm they’re not the cool technology-centric search engine everyone once thought they were. It’s kind of ironic that in December 2011 AdBlock Plus by default enabled the display of “acceptable” ads, a move that seemed to be an attempt to appease (or please) Google.

But whatever way you look at this, Google’s core business (as is Facebook’s) is displaying ads. Sure they try to do that in an intelligent manner. And sure, they have some cool technologies (App Engine, Android, Chrome, …). But at the end of the day they want us to see and click on ads. That makes Google a media company. But whereas traditional media have -at least the notion- of a wall between their editorial and advertising departments, editorial independence does not seem to exist over at Google.

I don’t like particularly like ads, I don’t like widgets snooping on my web-whereabouts and I definitively don’t like Google’s advertising department dictating what applications the editorial team in charge of Google Play should remove. So today I installed AdBlock Plus on all my devices. Maybe you should too?

Introduction to Adblock Plus

Watch this video on YouTube.

CSP: doing unsafe-inline the Firefox-way

A couple of weeks ago I sobbed because of the lack of support for “unsafe-inline” in Firefox. There’s some Mozillians working on that (for CSS, at least), but given the release-train, that’ll probably only appear around Firefox 19. While perusing CSP-related tickets in Bugzilla however, I came across an interesting comment:

Firefox expects “options inline-script eval-script” instead of “script-src ‘unsafe-inline’ ‘unsafe-eval'” which it should be per spec. Also, Firefox expects “xhr-src” instead of “connect-src”.

Come again? So I can tell Firefox to execute inline script even without support for CSP 1.0 after all? I opened up my development-version of WP DoNotTrack to rework the “proof of concept”-code into this:

function wp_donottrack_csp() {
 global $listmode;
 if ($listmode==="1")
  $whitelist=wp_donottrack_getWhiteList(true);
  $csp="default-src 'self' 'unsafe-inline' ";

  if (is_array($whitelist)) {
   foreach ($whitelist as $white) {
    $csp.=" *.".$white;
   }
  }

 // old-style options inline-script for firefox
 $csp.="; options inline-script;";

 header("X-Content-Security-Policy: " . $csp);
 header("Content-Security-Policy: ". $csp);

 // needed for chrome, but safari 5 (latest version on windows) might be broken?!
 header("X-WebKit-CSP: " . $csp);
 }
}

Based on limited testing, it indeed seems to work great this way. So maybe -if this also turns out to work in IE10 and on Safari for Windows- a next version of WP DoNotTrack can ship with CSP-support after all?