logs archiveIRC Archive / Freenode / #firefox / 2015 / November / 11 / 1
Caspy7
you are in the #firefox channel on freenode
Cork
zetheroo: the channel isn't called mozilla
zetheroo: the #mozilla channel redirects to #firefox
cause #firefox is the only mozilla channel on freenode
the rest are on irc.mozilla.org
zetheroo
ok, yeah that's whats going on here
adrian_1908
hello. Can anyone tell me if Firefox Beta on Linux supports all the media extension stuff? I know Nightly on Windows does, but I was wondering how far that propagates.
b0at
if it's built against gstreamer or something (check about:buildconfig for "gst" or "gstreamer") and you have that installed with the same major version number, and you set media.mediasource.enabled to true in about:config, at least, it'll probably work
adrian_1908
b0at: Hmm, I'll do some more digging. Last time I tried it on regular FF/Linux (maybe half a year ago), the feature was very buggy, which the developers confirmed and with no clear roadmap in sight. I was quite surprised to find everything activated by default in Nightly/WIN and I haven't run into any issues with it.
b0at
it's all on by default in release windows, and has been for a while. and at that time, it was mostly sorta working on linux, and now it seems to have stabilized.
they moved fast.
i assume that's partly why youtube finally went to html5 by default in most cases
adrian_1908
I see, that sounds promising. Thanks.
Caspy7
adrian_1908: I spoke with a dev a little earlier about MSE on Linux. He encouraged use of 43 beta for now. Otherwise go with MSE & Webm
which is apparently in a better state on 42 than MSE & MP4
         

adrian_1908
Caspy7: ok, I'll do that. thanks.
Caspy7
sure
Cork
and to note mse is better referred to as web drm
cause that is what it is
b0at
i thought that was eme
Cork
ya, but the point of implementing mse was to support unspeced drm
Caspy7
one of the things that Flash implemented - and that Youtube used (uses) is DASH video playback. This is what MSE allows in HTML
"Why can't we yet replace Flash with HTML?"
"It doesn't have DASH-style (segmented) playback."
freehck
Hello everybody.
14:03 <freehck> btw, I've visited Andy Wingo weblog and found it has an ugly backgroud acid-red color. I could change it in CSS editor in Firefox, but of course changes are dropped after reloading page or following a link.
14:03 <freehck> Do somebody know how to make these changes persistent? :)
the question related to http://wingolog.org/
b0at
use an extension like Stylish and write a stylesheet for the page
freehck
b0at: I wanted to install it but it seems that https://addons.mozilla.org/en/firefox/addon/stylish/ is down.
Is it true for you?
b0at
yes. "HTTP/1.1 503 Service Unavailable: Back-end server is at capacity"
freehck
well, thank you anyway. At least I know it's a solution.
b0at
you can also do it from profile/chrome/userContent.css, but it's more work (writing -moz-document rules manually) and i think requires a restart for each modification. http://kb.mozillazine.org/index.php?title=UserContent.css&printable=yes
freehck
Well, I think I can wait an hour and download Stylish. :)
Caspy7
They know about the AMO issue
top men are working on it
and it's back
R0b0t1
ok
why does non-dev and non-nightly firefox not allow unsigned extensions
even as an option somewhere
like really wtf
Caspy7
R0b0t1: which build are you referring to?
R0b0t1
Caspy7: Mozilla Firefox 42.0
Caspy7
R0b0t1: I was under the impression they were not yet enforcing extension signing yet, but they will have an unbranded version for beta and release that allows unsigned extensions
R0b0t1
I came in here before and you might've been who told me what you just now said
I am now on version 42, it seems to be forced; on version 41.something I could install a nightly .xpi from the developer who had coerced it to play nice with firefox
I might see if I can install my own key and sign my own extensions
le sigh
Caspy7
R0b0t1: ...I don't think we've spoken. Not that my memory is perfect.
         

R0b0t1
https://wiki.mozilla.org/Addons/Extension_Signing
hmmm
the lack of override is still lols
Will I need to sign the custom version of an existing add-on I created with my own code changes, locale additions, etc.?
If you use it on Release or Beta, yes. You will also need to change the add-on ID in order to submit it for signing.
Caspy7
R0b0t1: this is not my expertise, but if you are developing an addon, it would be best/easiest to install an unbranded build which allows unsigned extensions - unless you're using dev or nightly
iiuc
I can tell you why there is no override if you're curious
R0b0t1
I re-found xpiinstall.signatures.required
Please do, but I'm pretty sure I already know why someone *thinks* it's a good idea to have no override
(it's not actually a good idea)
Caspy7
R0b0t1: a significant motivation (perhaps the primary one) is to prevent malware abuse in which 3rd party addons are installed and able to wreak havoc on a user's Firefox. A relic of Firefox's design is that settings are stored in a plain text file. Any setting can be changed by a 3rd party app. So having an override for the user is the same as having an override for malware
R0b0t1
sorry, last question: does the dev version of firefox differ in any major ways from the released one? I remember trying it some time ago and there was branding on it that was very obvious, and thus, annoying
Caspy7
redesigning this insecure functionality will essentially break all or most addons - and perhaps the browser to some extent
(disclaimer: I am not a dev or Moz employee )
R0b0t1: the release cycle goes Nightly, Dev, Beta, Release. Dev just happens to be the one after Nightly. It's more stable but cutting edge and branded. The branding can be removed. It used to be called Aurora.
also there is at least one added dev related addon I blieve
and some of the dev tools are made more apparent in the toolbar
oh, and I think by default it uses and alternate profile in order to be run side by side with another instance of firefox
but you can undo all that
R0b0t1
yeah that sounds more benign
Caspy7
which I did actually
I'm running Dev without the theme, etc
R0b0t1
Caspy7: the problem is any malware which is running outside of firefox can already modify firefox in a way to run unsigned addons. granted, it's harder, but it can still be done; preventing actual users who want to do it from doing it just makes the feature a nuisance.
(Action) begins attaches to Caspy7 as a debugger
alright will look at dev version, thanks
Caspy7
R0b0t1: how can malware modify Firefox to run unsigned addons?
R0b0t1
it could 1) replace the firefox executable entirely with a modified one
which is the easiest way, that any retard could do
it could 2) set itself up to run instead of firefox and launch firefox as an executable and then modify its code during execution,
which is slightly harder but gets around the case where the binary is stored in a trusted location
there was going to be a #3 but the rest of them are just the details of how to do #2
but trust me if anyone is writing malware that is intended to be run outside of firefox, they know how to do #2
Caspy7
R0b0t1: I did not implement this system nor am I the defender of it, I was explaining what I know.
I'm under the impression this will make it more difficult for malware makers to harm users
at the very least I expect more work. The easier it is to exploit, the more likely I would expect it to happen
R0b0t1
well, the reason I know it's not a good idea is that it won't accomplish what it sets out to do
if it was inconvenient but accomplished its goals I'd just grumble and move on
Caspy7
R0b0t1: can you replace the exe without user consent on Windows?
R0b0t1
yes
if someone who knows what they are doing set up the computer (<1% of people) then it would be possible to prevent the executable from being modified, but NOT be possible to prevent the malware from tricking the user into thinking they were running firefox
Caspy7
There's no dev around to mount a defense. I will be interested in seeing if there are indeed new and effective offenses mounted
auscompgeek
I would argue that the signing requirement is to prevent crapware from crapping on a user's firefox install
Caspy7
or if AV software will start keeping a signature of valid Firefox exes and tracking that
auscompgeek
indeed, it does help against malware, but any reasonably sophisticated malware could bypass such restrictions, as R0b0t1 has mentioned
Caspy7
they might already
auscompgeek
firefox releases are signed on windows
Caspy7
auscompgeek: what does that mean?
auscompgeek
Caspy7: google "code signing"
Caspy7
one of the reasons that malware were always changing the search settings and about:newtab was it was so darn easy
1 2 3 next »