TechByter Worldwide

Speak softly and carry a large microphone

 

March 06, 2016

Arm Wrestling with Firefox

Mozilla recently added a feature to Firefox so that only approved add-ons can be installed. This feature is aimed at ensuring security, but it means the many perfectly safe add-ons are locked out at least until the developers expend the effort required to have Mozilla certify their work. When Firefox updates, valid extensions are frequently disabled. There's a way around this and I'll explain later in this week's program because you'll probably want to know how to get around the restriction after you hear about some of the features you can add to Firefox with add-ons.

Firefox and Chrome both have large numbers of extensions. Some exist for Internet Explorer. Microsoft Edge doesn't yet allow extensions. I can't imagine using Firefox without extensions. I haven't installed all of the ones I'll describe today and some of the extensions I've installed aren't currently used because I haven't found them to be useful to me. Even so, they have capabilities that I admire and they have loyal followings.

Pocket

Press ESC to close.Pocket is one of the ones that I don't use even though I thought that I would. The extension makes it possible to save articles, videos, and just about anything else you find for later reading or viewing. Save something to Pocket and it will be available on your computer, phone, and tablet.

It's been around for a while, too -- since 2007. Clearly, lots of people find it to be useful because Pocket has more than 22 million users. It works with well over 1000 on-line services and apps and is available for most browsers on most platforms, including both Android and Apple portable devices.

https://getpocket.com/

LastPass

Press ESC to close.It was just a couple of weeks ago that I recommended LastPass. Not long after that, a new version of Firefox rendered it inoperative. That's what led me to find a way to turn off the protection that Mozilla has built in to Firefox.

If you remember one LastPass password, LastPass will remember all of your other passwords. Because LastPass is in charge of passwords, you can make them long, complex, and unguessable. I use LastPass many times every day.

https://lastpass.com/

Social Fixer

Press ESC to close.Possibly the only thing more annoying that Firefox's unending updates that break plug-ins are Facebook's unending updates that only occasionally improve the service for users. Social Fixer's developer has been fighting to keep the plug-in functional as Facebook keeps changing and to have Mozilla certify it for use with Firefox.

If you use Social Fixer, you'll probably have to disable Firefox's protections. How to do that is coming up.

Social Fixer eliminates much of the clutter that is Facebook these days. It seems that few Facebook users really like Facebook, but they keep using it despite the ads and other junk that Facebook pushes to your screen.

Social Fixer was originally called Better Facebook and the name was descriptive. It has a huge number of features and that can make it a bit confusing, but it's useful even if you never modify any of the settings. And if you take some time to look through the options though, you'll find that Social Fixer can make Facebook almost usable.

I have Social Fixer installed on one computer, but not on another, and the difference is remarkable. I'm not sure how I managed to forget to install Social Fixer on the Surface computer, but before this week is out, it will be there.

Social Fixer makes it possible to create rules for your news feed. Hide stories and authors you don't want to see. Organize your feed with tabs so that posts are categorized. Hide post you've already seen so that they don't come back. You can even hide parts of the page. If there's a Facebook "feature" that you don't like, look for a small X near the upper right corner of the feature. Click the X and that Facebook component vanishes.

The author asks for donations occasionally and I'm always glad to give them.

http://socialfixer.com/

NoScript

Press ESC to close.Most websites, including TechByter Worldwide use the Javascript scripting language to control some of the site's operations. Javascript can, however, introduce some vulnerabilities. NoScript is a security application that stops dangerous operations such as cross-site scripting.

The problem is that the NoScript interface is so complicated that even some experienced users become frustrated with its frequent false alarms.

I like the reasoning behind NoScript, but I've found that the application gets in the way of too many legitimate functions on sites that are safe.

https://noscript.net/

AdBlock Plus

Press ESC to close.Advertisements are a fact of life. They're in newspapers and magazines. They're on radio and television. Websites use them because nobody wants to pay for information that's on-line. Not all ads are created equal. Some are legitimate and reasonably unobtrusive. Then there are others that distract from everything else that's on screen. And, of course, there are ads from several well known organizations that accept ads even from companies that seem slightly less than ethical.

AdBlock Plus tries to develop a consensus from users about which ads are acceptable and which aren't. Companies can apply for inclusion in AdBlock's Acceptable Ads list and by default AdBlock Plus won't block those ads. Users still have the option to display or block ads that are on the list.

Some sites detect ad blockers such as AdBlock Plus and won't display their content until you disable the Ad Blocker. In most cases, I've found sites that do this to display a short ad in advance of whatever content you're seeking and then not to display ads later.

You can determine exactly which ads are blocked, but AdBlock Plus starts with a couple of general lists enabled: A list based on your language (EasyList) and the Acceptable Ads list. Users add or remove ad providers or select from other lists available from AdBlock Plus.

https://adblockplus.org/

Just Looking for Add-Ons?

Press ESC to close.Mozilla has several lists in the add-ons section. One that's worth looking at occasionally is the Most Popular list. This isn't an add-on in its own right, but it's a good place to check occasionally because you'll see what's popular in the Mozilla community.

ColorZilla

Press ESC to close.What color is that on the screen? Photographers and designers sometimes need to identify a color that's on the screen and ColorZilla does just that. The monitor you're looking at can probably display 256x256x256 colors (256 shades each of red, green, and blue). Do the math and you'll see that the total is 16,777,216. In other words, the chance of exactly eyeballing a color isn't very high.

ColorZilla provides an eyedropper tool that can be used to identify the exact RGB values of any color on the screen. Designers can also have the plug-in display the color as a Pantone swatch value. ColorZilla also has a gradient generator, palette viewer, and an analyzer that can examine a complete Web page.

http://www.colorzilla.com/

Readability (Like Edge)

Press ESC to close.Microsoft's new browser, Edge, has a feature that eliminates all of the clutter on a website and leaves just the words. Readability does the same thing for Firefox.

Turn Readability on and read the article immediately, save an article for later, or even send a text-only copy of the article to Kindle.

https://www.readability.com/addons

Web of Trust

Press ESC to close.Sometimes I enable Web of Trust and sometimes I turn it off. The plug-in depends on crowd-based intelligence to rate how trustworthy sites are. The problem I've found with WOT is that sometimes its recommendations seem to be based on responses from just a few people with a grudge.

Still, it's a good idea. Links are shown with icons that show whether the site is trustworthy, reliable, concerned about users' privacy, and safe for children. You can't reasonably replace anti-malware applications with Web of Trust, but you might find it to be a useful addition.

https://www.mywot.com/

Stylish

Press ESC to close.Your browser has a built-in style sheet, but most websites have their own. If you don't like the appearance of a website, you can use Stylish to change it.

The cascading style sheet (CSS) you create for viewing a website can change the appearance of the page, remove content you don't want to see, and you might even use it as a training tool to learn more about CSS. A companion site (userstyles.org) has additional styles you can use.

If you like Stylish, check out Greasemonkey. Then download some of the customized scripts from userscripts.org to change how websites display information. The scripts can automate tasks or modify the structure of a website.

https://userstyles.org/

Fasterfox

Press ESC to close.Fasterfox, as the name suggests, can speed Firefox's operations. The add-on can make changes to the browser's settings for simultaneous connections, HTTP pipelining, cache tweaking, and others. Fasterfox is also a pop-up blocker and adds improved pre-fetching to load additional site resources while you're examining the current page. You might not want this if you're on a metered connection. Otherwise, the pre-fetch function can speed browsing.

http://fasterfox.mozdev.org/

Now that you're interested in adding some of these features to Firefox, you'll need to learn how to modify Firefox to stop killing add-ons you like. And that's coming up next.

Short Circuits

Yes, I Know You're Trying to Protect Me

But really, Mozilla, do you have to keep killing add-ons that aren't the least bit dangerous? Every time Firefox receives an update, previously acceptable add-ons are disabled. Enough is too much!

I've used LastPass for years. When the browser was upgraded to version 45.0 in the beta channel, LastPass was disabled because it "could not be verified for use in Firefox." LastPass is secure. It's been validated by Mozilla previously. Yet now it can no longer be verified.

Why?

The same is true for HTTPS Everywhere (a security application) and the Avast Antivirus add-on. Avast didn't bother me so much because I was converting from Avast to McAfee. Disabling HTTPS Everywhere seemed silly. But, damnit, I use LastPass many times every day. Disabling it borders on criminal stupidity.

Maybe you've encountered problems with Firefox for this reason. If so, you might welcome a workaround. I have one.

In Firefox version 43, Mozilla added a new configurable setting called "xpinstall.signatures.required". It was supposed to be discontinued in Firefox version 44, but it's still working in version 45. Possibly this is because Mozilla substantially overreached in turning off add-ons that users like, trust, and depend on.

At least until Mozilla decides to stop honoring this setting, you can eliminate the annoyances easily.

Press ESC to close.In the address bar, type "about:config". Firefox will display a warning. Click "I'll be careful, I promise!" without regard for the comma splice.

Press ESC to close.This will display a list of configuration settings and you need to find "xpinstall.signatures.required". The easiest way to do that is just to type the term into the search box at the top.

Press ESC to close.Double click anywhere on the line to change the value from "true" to "false".

Press ESC to close.When you restart Firefox, you'll be prompted to enable all of the disabled add-ons and then you'll see warning that tell you that your preferred add-on "could not be verified for use in Firefox." It will advise you to "Proceed with caution" and will offer more information.

The link to more information is a self-serving message from Mozilla that begins by stating "Add-ons that change your browser's settings without your consent or steal your information have become increasingly common. Some add-ons can add unwanted tool-bars or buttons, change your search settings or inject ads into your computer. Firefox will now verify that the add-ons you install have been digitally signed by Mozilla."

True, but when you've been using an add-on such as LastPass or AdBlock Plus for several years and that add-on has been approved in a previous version of Firefox, why would it be disabled when you update the Firefox version? Chrome offers many of the same add-ons that Firefox does and Microsoft's Edge browser will eventually allow add-ons. Is there a good reason to continue using Firefox when every version update disables add-ons that I depend on?

Maybe Chrome is the better choice. Many of the add-ons for Firefox are also available for Chrome.

Mixed Signals and Fumbled Balls in FBI vs Apple

Top items in the scuffle between the FBI and Apple this week include a court ruling that says the FBI can't use the All Writs Act of 1789 to make Apple break the encryption on an Iphone, an admission by the FBI that it was their own bungling that locked the phone in the first place, and hints from the Secretary of Defense that the FBI's request wouldn't be in the best interest of Americans.

First, the court ruling: Magistrate Judge James Orenstein in the Federal District Court for the Eastern District in New York ruled that the All Writs Act of 1789 can't be used to make Apple to unlock an Iphone. This case isn't the more famous case involving a phone owned by Syed Rizwan Farook, one of the two San Bernadino shooters, but a phone that was seized in a drug case.

There are differences between the cases in that the phone in New York is an older model with much weaker encryption. Apple has previously worked with law agencies to extract data from these phones.

The phone in California has stronger encryption and Apple has not developed technology to override it.

In California Defense Secretary Ashton Carter addressed the annual RSA Conference this week and said that he opposed the creation of what he called "back door" that could be used to sidestep encryption.

Apple is fighting a court order to create software that would break the password protection of an Iphone used by one of the shooters in the December attack in San Bernardino. The FBI says that it doesn't want anything permanent, but only a way to access the information in one phone. Unfortunately, that's not possible because, once created, the operating system modification could be used on other devices.

Carter stressed the need for security and said that a solution acceptable to both sides needs to be found. If not, he says the result could be a badly written law that would serve nobody well.

And the irony of the week came from FBI Director James Comey. "There was a mistake made in the 24 hours after the attack," he said in a congressional hearing. FBI personnel believed that resetting the Icloud password would give them access to information on the phone. Instead of asking Apple if that information was correct, they reset the Icloud password and effectively locked the phone permanently.

Lawmakers were divided on the issue with some backing Apple's concerns for privacy and security and others attacking the company saying that the position was less about privacy than in protecting its brand. Bruce Sewell, Apple's general counsel, angrily denied that the position had anything to do with sales and everything to do with setting "a dangerous precedent for government intrusion on the privacy and safety of its citizens."