Macslocum over at O’Reilly Answers is asking people to submit their favourite browser plugins and extensions. No prizes for guessing which one I chose!
Thursday 18th March 2010
Friday 29th January 2010
Having only just sat at Starbucks to do some programming and cleaning out my desktop (I let far too many files accumulate) I accessed the free WiFi and launched Firefox only to see the above dialog presenting me with a NoScript update. Problem is, I’m connected to the WiFi hotspot but not to the open internet! Spooked out stuff.
Thursday 21st January 2010
Hasn’t yet been officially announced, but is already available from the Mozilla Firefox FTP servers.
Thursday 26th November 2009
This picture was originally from my blog post about Monnie’s MonnieCakes.com (which I couldn’t go to because I had an exam the next day and had to study, ugh!), but it demonstrates how I use tab thingys. It’ll make sense after you read this post, trust me. I hope :).
Monday 02nd November 2009
As I said with the Ghostery Firefox extension back in May (Ghostery Mozilla Firefox extension review), it bowls me over when I go to some sites to see just how much sneaky crap is going on behind the scenes, and how most people simply have no idea. With NoScript, I’m starting to see the same thing, and it’s rapidly getting much worse.
Wednesday 16th September 2009
Whenever Mozilla has released an update for the Firefox 3.0 series recently they’ve advised us on the Welcome screen and in popups that we should consider moving up to the Firefox 3.5 series, but as far as I know the welcome screen for their latest Firefox 3.0.14 update is the first where they imply sticking with the 3.0 series may be a security risk.
Monday 14th September 2009
Nicole Loux on the Mozilla blog announced today a series of security fixes for Firefox which are now available for download, bringing their two current supported streams up to 3.5.3 and 3.0.14. If you use Firefox, you’ll want to update yourself ASASP [sic].
Perhaps even bigger news (and I can’t find the gosh darn link where I read this) is Mozilla might be officially retiring support for the Firefox 3.0.x series 30 days. For those of us holding back on upgrading to 3.5.x due to severe stability problems, we knew this day would come, but nonetheless it is disconcerting. As soon as I find out where I read this I’ll post the link.
I’ll be upgrading my machines to 3.0.14 and will continue to use it for as long as it’s supported. I’m hoping by the time it comes to upgrade to the 3.5.x series it’ll be more usable. If not, I might have to start looking for alternatives to my privacy and security plugins on other browsers. Might end up going back to zippy Camino on the Mac, not sure about FreeBSD and Debian.
Saturday 07th March 2009
So that I can reference what I use in future posts, I’ve already written a list of security and privacy extensions I use with Mozilla Firefox and commented that they’re the primary reasons I choose to use it over every other browser. Using a browser without those extensions (or equivalents) makes me feel naked and scared now! You can take that however you want.
I’ve installed far too many extensions over the years that I’ve later never used, but these are the usability ones that have stuck.
Adblock Plus
Absolutely essential, it reduces irritating distractions on pages and makes them render much faster because you’re downloading less stuff. Some people complain about Adblock Plus. I ask how many of them own a DVR which skips ads, or how many of them have a WC break or a snack instead of watching sponsors of a sports event. Enough said.
Greasemonkey
Greasemonkey ets you modify the appearance and function of individual sites and pages by clicking and automagically installing scripts from sites such as UserScripts and UserStyles. Once you have scripts installed, they work transparently and so fast you can’t tell they’re even there.
I started using this when I thought Google messed up Reader’s interface.
FireFTP
I mostly use the shell to quickly get sftp work done, but for tedious and repetitive tasks FireFTP makes it really simple. If you’re one of the few who haven’t tried it, it launches itself as a tab within Firefox and uses the split file manager metaphor like Norton Commander with the left pane showing your local drive and the right showing the remote server.
FireFTP is honestly polished enough to be a standalone application.
British English Dictionary
I find it curious that even if you explicitly download the "English (GB)" versions of Firefox, it still comes with the American spelling dictionary which battling with gets pretty old fast.
This extension is fairly old as far as extensions go, but it still works even in the lastest Firefox 3 builds. And besides, you could argue spelling doesn’t change as fast as builds of an open source project do. Wait, ignore what I just typed; that’s a Pandora’s box I would rather leave shut!
If you don’t like being scolded for not peppering your words with Zed, grab it!
FoxClocks
Adds a world clock to either your status bar or your bookmarks bar; I choose the latter.Insanely useful to have right in your browser where you’re most likely to be viewing things and conversing with people from other parts of the world.
For example, I can check just by looking at it what the time is in Singapore when I’m in Adelaide and vica versa, as well as the eastern Aussie states, the UK, Talkeetna, Toronto, Tokyo… I thought that was some clever alliteration.
LORI
The Life-of-request info extension adds a really useful monitor to your status bar that shows how many seconds, how much data and how many requests a page took to render. Supposed to be used for people who want to monitor the performance of their own websites, but I use it for everything!
For example, did you know a Whole Wheat Radio page heavy with images and other media renders faster than many commercial websites? Wonder if it’s faster than the RIAA or ARIA…
More Apple-esque themes
I discussed these late last year. In a nutshell, these themes make Firefox look much more Mac like. Firefox 3 was a huge improvement over version 2, but it still looks a bit kludgy.
Gnome Firefox 3 Theme
I use this theme for Firefox on my FreeBSD and Linux boxes. It replaces the default toolbar icons and styles with ones that match your other GTK+ applications. Fits really well with Xfce and window managers such as dwm or OpenBox where you’re using mostly GTK+ apps like RoxFiler and Gnumeric.
Wednesday 14th January 2009
When I initially moved back over to Firefox on my Mac so I could use Greasemonkey to make Google Reader usable again, I had no idea that in a matter of weeks I would become a Firefox addict again. Not necessarily because of the interface (on Mac the Firefox 3.0 interface is quite clumsy and certainly not as streamlined as Camino or Safari), it’s because of the extensions.
For example, yesterday CNET announced that Google’s Chrome browser would be made available for Mac OS X and Linux at some point in the next 100 years:
Showing signs that it’s working to meet requests for new developments to its Chrome browser, Google on Friday said it hopes to release versions for Mac OS X and Linux by the first half of the year, and it released a new version Wednesday that paves the way for the most requested feature: extensions.
While I was impressed initially with the Windows version as I wrote about last year, I soon yawned and moved back to Firefox. As someone who used to use KDE constantly I appreciated the fact that WebKit was being so well endorsed by being used by another vendor’s browser, but I couldn’t really see the market it was attempting to fill other than perhaps the idea that each tab is a separate process.
The fact such a large web company is also producing it does scare me a little too.
But back to extensions, now that I’ve read a few reports that Chrome will include extension abilities I’m somewhat appeased, but what I’m more immediately concerned about are the extensions themselves. While I value a few themes which make Firefox look more Mac like, I’ve become so used to using a handful of security extensions that moving to a browser that doesn’t either have similar built-in functionality or the ability to extend the browser to do the same thing would make me feel unsafe using the web.
This is probably more paranoia than anything else, but I’ve become so used to blocking all the JavaScript, suspect advertisements and cookies loaded on a page and keeping meticulous whitelists that the alternative of allowing essentially a free-for-all scares me. Which is ironic, because less than a year ago I didn’t have problems with this at all. I’d also miss the ability I have now to scrub URLs to remove unnecessary redirects, and being able to check whether or not secured certificates are using MD5 or not, or whether super cookies are active… the list goes on. This will be the topic of an upcoming post.
Who knows, perhaps Chrome will finally release versions for other OSs and allow extensions which will generate enough interest as to create replacement extensions for their equivalents for Firefox. Unfortunately this will take time, and to be honest I think Firefox and Chrome target two different groups of people, the latter of which perhaps aren’t as security obsessed. I guess time will tell.
Monday 12th January 2009
SSL Blacklist showing that Gmail doesn’t use the vulnerable MD5 algorithm, and that it’s certificate issuer isn’t on their black list.
I’m typing this post this evening on my beautiful 2002-vintage iBook with Mac OS X Tiger. Still going strong, definitely the most reliable and dependable system I’ve ever owned.
To be serious now though: it’s official folks, there is now awareness of weaknesses of the MD5 algorithm used to sign secure certificates online. Sites that use the more secure SHA1 algorithm are safer, and RapidSSL is now offering it in place of MD5. Still, some are still using MD5, meaning if you connect to them you’re not really using a secured connection.
From CodeFromThe70s.org:
An attack has been demonstrated yesterday that highlights the practicality of the well-publicized weaknesses of the MD5 algorithm. Essentially, any certificate signed with the MD5 algorithm may be counterfeit.
There is [...] a large number of CAs out there, and it is certain that some of them will continue to use MD5 for one reason or another.
Therefore it may be prudent to avoid, or, at the very least, not place much trust in websites that authenticate themselves with the help of MD5. After all, there is no way to automatically distinguish between a chain with a genuine MD5-based certificate signature and a chain with a counterfeit certificate.
A solution to this is a Mozilla Firefox plugin called SSL Blacklist which places a small certificate notice in the bottom right hand side of your browser that indicates whether a page is secured with SHA1 or not secure with MD5. This allows you to make informed decisions when using secured sites, and to let existing web hosts know that they should upgrade.
Even before this vulnerability was demonstrated this plugin was a useful addition to the security conscious internet user’s toolkit, but this lastest release makes it indispensable. If you don’t have it in other words, grab it now! This is an order!
UPDATE: Steve Gibson also goes into great detail about the exploit and the plugin to protect yourself in Security Now 177.
