Project

General

Profile

Activity

From 07/03/2021 to 08/01/2021

08/01/2021

02:18 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> In case you want to devote some time to improve this fix, here[1] is one video page that doesn't work. I assume it ... jahoti

07/31/2021

11:24 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> You did it- it works!
In case you want to devote some time to improve this fix, here[1] is one video page that d...
koszko
11:19 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
Oh, and- while it's definitely not relevant for the preview- I'm working on `pcspecialist.co.uk`.
(the reverted La...
jahoti
11:15 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
You did it- it works! Technically the video never actually played on TBB, given how painfully slow the network is, ye... jahoti
11:07 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> I'll do this right now.
No need to hurry - I already have a screenshot sufficient for the preview.
I would be...
koszko
10:52 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> No, it's not what I meant :D
> I was referring to "would that need a settings screenshot too". I meant an addition...
jahoti
01:16 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> > I don't think this is needed.
>
> OK- I've stripped that out entirely and just left the `ask ubuntu` (is that ...
koszko
12:31 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> I don't think this is needed.
OK- I've stripped that out entirely and just left the `ask ubuntu` (is that what y...
jahoti
12:22 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> Making `losedows phone exchange` the main `stackexchange` example, and then using `ask ubuntu` to show how Hachette... koszko
02:32 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
While applying the modifications, I also made some changes to try and differentiate the examples:
* Removing the `ba...
jahoti
02:24 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> > One would expect that Google's CSP rule from http-equiv tag would be blocking our injected script - but it doesn'... koszko
11:36 AM Feature #14: test with more browser forks (Abrowser, newest Parabola IceWeasel, LibreWolf)
Other major ones left are Abrowser, Pure Browser (even though Pure OS by itself is misbehaving), maybe also Brave and... koszko
03:14 AM Feature #37 (Closed): prepare some website fixes usable with this extension
<https://git.koszko.org/hachette_fixes_tmp>
IMO, there's enough fixes available now to consider this complete.
jahoti
03:11 AM Feature #64 (Closed): Plan the update system
jahoti

07/30/2021

11:31 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> One would expect that Google's CSP rule from http-equiv tag would be blocking our injected script - but it doesn't.... jahoti
10:56 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> There are only really two small changes I can suggest, which I can make if you want
Go on with all you suggested...
koszko
10:49 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> What do you think of the pdf in its current form?
It genuinely looks *amazing*, and the summaries are really eff...
jahoti
06:23 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
What do you think of the pdf in its current form?
https://koszko.org/preview.pdf
EDIT: Also, I put all the fi...
koszko
06:23 PM Support #68 (In Progress): Prepare some screenshot documenting sites fixed using Hachette
koszko
12:00 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> File attachment here seems to be timing out for me
Probably not really the matter of time. Apache log:
```
[Fr...
koszko
10:12 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
Those are looking good- nevertheless, I'll probably leave styling to you, seeing as I am terrible at it! File attachm... jahoti

07/29/2021

10:14 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
I started composing this attachment as a PDF. I will need to work on the styling, though (or you can do this if you w... koszko
07:33 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
You might also want to look at my new Google sheets fix. The initial portion of the sheet that is served as HTML is s... koszko
03:38 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> That works really well!
Surprising, isn't it?
One would expect that Google's CSP rule from http-equiv <meta> ...
koszko
09:21 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
That works really well!
Unforeseen circumstances meant I haven't done much on this so far, unfortunately; however,...
jahoti

07/28/2021

07:19 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
> [...] and perhaps write some more (quick and dirty) fixes of various kinds, that might help get the point across ev... koszko
11:09 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
I think it's a great idea! If we try and get as many browsers as possible too, and perhaps write some more (quick and... jahoti
10:38 AM Support #68 (Closed): Prepare some screenshot documenting sites fixed using Hachette
I thought we could attach some examples of fixed sites in an attachment to the appliction. What do you think about it... koszko
12:18 PM Feature #48: Load default_setting.json using XMLHttpRequest
> > Also, the practice of linking one git repo from another could be useful here.
>
> How do you mean?
https:...
koszko
11:11 AM Feature #17: enable the extension to automatically fetch script substitutes from the repo
> By "automatically fetch script substitutes" I don't mean just downloading scripts that have URL+sha256sum provided ... jahoti
09:11 AM Feature #17 (In Progress): enable the extension to automatically fetch script substitutes from the repo
jahoti wrote:
> Hasn't this been addressed?
Actually, I am working on this right now. By "automatically fetch scr...
koszko
07:30 AM Feature #17: enable the extension to automatically fetch script substitutes from the repo
Hasn't this been addressed? jahoti
11:06 AM Feature #64: Plan the update system
> EDIT: Actually, I noticed the issue is "Plan the update system", not "implement", so we indeed can discuss this now... jahoti
09:17 AM Feature #64: Plan the update system
> perhaps adding the option to update everything at once too.
That makes sense.
However, to avoid the infrastru...
koszko
07:37 AM Feature #64: Plan the update system
Well, I seem to have misremembered some parts of threads and can't find others, which leaves asking a much less plaus... jahoti
09:24 AM Feature #66: Write tests
jahoti wrote:
> Mocking sites is definitely critical, albeit probably better done with a hijacking proxy of some sor...
koszko
07:27 AM Feature #66: Write tests
Mocking sites is definitely critical, albeit probably better done with a hijacking proxy of some sort (my words, not ... jahoti

07/27/2021

01:01 PM Bug #53: Interference with existing CSP headers
> > Actually, when scripts are blocked, allowing CSP reports would make no sense because it would be violations of ou... koszko
12:03 PM Bug #53: Interference with existing CSP headers
Firstly, header-signing is working OK on Mozilla. While headers are cached across sessions, the secret is too; unless... jahoti
11:30 AM Bug #53: Interference with existing CSP headers
> > As to CSP violation report blocking - should we do that unconditionally? Perhaps there are some legitimate use ca... koszko
06:45 AM Bug #53: Interference with existing CSP headers
> I just notices one possible problem: what if Mozilla caches headers across browser sessions? If so, our "signing" o... jahoti
11:46 AM Feature #67 (Rejected): Document `common/sanitize_JSON.js`
This 400-line js file in `koszko` branch implements a declarative way of enforcing some format on JSON we parse. Unfo... koszko

07/26/2021

04:13 PM Feature #66 (Closed): Write tests
It seems problematic to test software that is meant to run as a browser extension - and it indeed is, especially when... koszko
12:15 PM Bug #65 (Closed): When a site fails to load, for example due to its IP address not being found, the injected value with settings remains in the URL
koszko
12:13 PM Bug #53: Interference with existing CSP headers
> The patch awaiting merge still doesn't address the CSP we inject *into* the page on Chromium, however. That will re... koszko
09:22 AM Feature #48: Load default_setting.json using XMLHttpRequest
> Not necessarily.
>
> I think reference to how Arch packaging works might be useful here. Arch PKGBUILD script use...
jahoti
08:44 AM Feature #48: Load default_setting.json using XMLHttpRequest
> On the other hand, that could prevent offline builds; IDK.
Not necessarily.
I think reference to how Arch pac...
koszko
09:15 AM Feature #64: Plan the update system
> How about updating site scripts only when the user visits that site? There would only ever be a single script API r... jahoti
08:52 AM Feature #64: Plan the update system
How about updating site scripts only when the user visits that site? There would only ever be a single script API req... koszko

07/25/2021

09:31 AM Bug #53: Interference with existing CSP headers
The patch awaiting merge still doesn't address the CSP we inject *into* the page on Chromium, however. That will requ... jahoti
09:26 AM Bug #53: Interference with existing CSP headers
Patch committed; awaiting acceptance/rejection from master. While it's difficult to be fully confident it's clear, as... jahoti
09:29 AM Feature #19: check if prerendering has to be blocked
Blocking prefetching (as is done on pages without scripts enabled for <#20>) makes prerendering impossible. While it ... jahoti
09:27 AM Feature #20: block prefetch
This is implemented as part of the patch for #53 (it can be done with CSP). However, I couldn't work out how to test ... jahoti
09:13 AM Feature #64 (Closed): Plan the update system
The most natural approach, especially given what we currently have, would be to request information from the server o... jahoti
08:58 AM Feature #48: Load default_setting.json using XMLHttpRequest
Definitely the latter; moving fixes to the repository first would only be in order to have the build script(s) downlo... jahoti

07/24/2021

08:47 AM Feature #48: Load default_setting.json using XMLHttpRequest
Depends. We can make this issue obsolete and completely move bundled settings to the repo.
Or, after moving most o...
koszko

07/23/2021

12:38 AM Feature #48: Load default_setting.json using XMLHttpRequest
Preferrably preceded by: <https://hachettebugs.koszko.org/issues/59> jahoti
12:32 AM Feature #38: Add support to also inject css files to pages
Perhaps part of <https://hachettebugs.koszko.org/boards/1/topics/56>. jahoti
12:13 AM Feature #20 (In Progress): block prefetch
See <https://hachettebugs.koszko.org/issues/53#note-2>. jahoti
12:12 AM Bug #53 (In Progress): Interference with existing CSP headers
A fix is now implemented by parsing CSP headers for direct handling, which also allows removing of directives that re... jahoti
06:27 PM Feature #63 (Closed): Force <noscript> tags on pages where scripts are blocked
Other extensions should already have some code for this koszko
11:57 AM Feature #50 (Closed): Standardize repository APIs/data formats
That seems good, and it's flexible enough (being JSON) to be modified as the system evolves or even if anybody disagr... jahoti

07/22/2021

11:18 AM Feature #50: Standardize repository APIs/data formats
How about a JSON interface? Later on we can simply add more fields to the JSON objects described now. Please tell wha... koszko

07/21/2021

11:48 PM Bug #53: Interference with existing CSP headers
Currently working on this (albeit somewhat slowly). jahoti
04:23 PM Feature #50: Standardize repository APIs/data formats
Related topic: https://hachettebugs.koszko.org/boards/1/topics/56 koszko
04:21 PM Feature #25 (Closed): stop always using the same script nonce on given https(s) site
Ok, this has been merged yesterday koszko
09:18 AM Feature #30 (Closed): Rename the extension and find some good icon ๐Ÿช“
Merged to master :) koszko

07/20/2021

01:05 AM Feature #30: Rename the extension and find some good icon ๐Ÿช“
> I pushed it on my branch, waiting for your feedback
It's an emphatic "yes" from me on all counts!
(except Chr...
jahoti
12:15 PM Feature #30 (Feedback): Rename the extension and find some good icon ๐Ÿช“
Chromium rejected SVG icons, so I made it into PNG of various sizes. I automatized this with an sh loop and an inksca... koszko
11:25 AM Bug #54 (Closed): Remote-storage port(s) are disconnected while still in use
koszko
11:25 AM Bug #54: Remote-storage port(s) are disconnected while still in use
Turns out it was a page_info_server error caused by a typo (missed underscore caused some storage change callback not... koszko
10:26 AM Bug #54 (In Progress): Remote-storage port(s) are disconnected while still in use
Yes, I seems to happen exclusively after "View in settings" or "Edit in settings" is used. I now know that I introduc... koszko

07/19/2021

12:01 AM Feature #30: Rename the extension and find some good icon ๐Ÿช“
Oh yes! That looks great, and after looking through the others I completely agree with picking it. Patch incoming! jahoti
01:12 PM Feature #30: Rename the extension and find some good icon ๐Ÿช“
How about:
https://publicdomainvectors.org/en/tag/hatchet
Out of those, I personally liek this one the most:
htt...
koszko
12:57 PM Feature #30: Rename the extension and find some good icon ๐Ÿช“
Patches for renaming have been pushed to both the `jahoti` and `nonce-PoC` branches.
All that remains, if that wen...
jahoti
09:03 AM Feature #30: Rename the extension and find some good icon ๐Ÿช“
The renaming part shouldn't take too long jahoti
10:18 AM Feature #27: make extension's all html files proper XHTML
Indeed :) koszko

07/18/2021

07:45 AM Feature #27: make extension's all html files proper XHTML
Actually, not yet- should this be low priority? jahoti
07:42 AM Feature #27 (In Progress): make extension's all html files proper XHTML
Working on this. jahoti
07:41 AM Feature #36: prepare application for NLnet fund
Unassigning myself as it is no longer accurate or reasonable to say only one person is involved with it. jahoti
06:09 AM Bug #54: Remote-storage port(s) are disconnected while still in use
The issue, it turns out, can be reproduced by opening the popup on an unprivileged page and then playing with the set... jahoti
02:46 AM Bug #54: Remote-storage port(s) are disconnected while still in use
> Any additional details as to how to reproduce the error? I guess it must have something to do with closing of the s... jahoti
02:41 AM Feature #25: stop always using the same script nonce on given https(s) site
>> The base URL isn't sent in the settings; instead, if the unique value doesn't match then the listener assumes it c... jahoti

07/17/2021

09:58 PM Bug #54: Remote-storage port(s) are disconnected while still in use
That's possible. I've been fighting these ports also when making the popup page.
Any additional details as to how ...
koszko
09:12 AM Bug #54 (Closed): Remote-storage port(s) are disconnected while still in use
Potentially there are other issues with storage, and the situation may not even be limited to Gecko; however, these a... jahoti
02:50 PM Feature #25: stop always using the same script nonce on given https(s) site
> * The base URL isn't sent in the settings; instead, if the unique value doesn't match then the listener assumes it ... koszko
12:52 PM Feature #25: stop always using the same script nonce on given https(s) site
> I was arguing for drawing a salt and deriving the nonce from salt, URL, time and secret.
That makes sense!
> ...
jahoti
11:23 AM Feature #25: stop always using the same script nonce on given https(s) site
> Just to check, are you arguing for drawing one random value or a salt and, separately, a nonce?
I was arguing fo...
koszko
09:42 AM Feature #25: stop always using the same script nonce on given https(s) site
>> That would be OK- the nonce can be (and is) generated randomly for each request[...]
> And we need either salt or...
jahoti
08:33 AM Feature #25: stop always using the same script nonce on given https(s) site
jahoti wrote:
> >> In the current PoC that would still let them whitelist the page entirely
> > Right, I missed tha...
koszko
09:09 AM Bug #53 (Closed): Interference with existing CSP headers
Current handling of pre-existing CSP headers needs to be refined:
* Pre-existing http-equiv embeds and actual header...
jahoti
09:02 AM Bug #52 (Closed): Headers not updated on cached requests
Thanks for the API suggestions! It turns out the issue was indeed the same as you worked around earlier, and a minor ... jahoti

07/16/2021

12:25 AM Feature #25: stop always using the same script nonce on given https(s) site
>> In the current PoC that would still let them whitelist the page entirely
> Right, I missed that. How about when s...
jahoti
12:05 PM Feature #25: stop always using the same script nonce on given https(s) site
> >> Firstly, is there any point in drawing a random salt? It doesn't prevent a replay attack by itself
> > Not if s...
koszko
11:32 AM Feature #25: stop always using the same script nonce on given https(s) site
>> Firstly, is there any point in drawing a random salt? It doesn't prevent a replay attack by itself
> Not if someo...
jahoti
10:06 AM Feature #25: stop always using the same script nonce on given https(s) site
> Firstly, is there any point in drawing a random salt? It doesn't prevent a replay attack by itself
Not if someon...
koszko
09:03 AM Feature #25: stop always using the same script nonce on given https(s) site
> It does actually show up, at least under Chromium, but only for a moment. Or rather it used to show up, before I co... jahoti
09:33 AM Bug #52: Headers not updated on cached requests
There seem to be some APIs for that. The one that reloads a tab while bypassing cache seems to be the most promising:... koszko
09:06 AM Bug #52 (Closed): Headers not updated on cached requests
When a page is loaded from the cache (e.g. after reloading), we don't (can't?) modify the headers. That means, for in... jahoti

07/14/2021

12:16 PM Feature #25: stop always using the same script nonce on given https(s) site
> Unless you get to it first, I'll try implementing it in the next 24 hours.
Go on. I am doing repo stuff right no...
koszko
11:27 AM Feature #25: stop always using the same script nonce on given https(s) site
I agree with doing it as a PoC with JSON-encoded settings; that was the idea I meant to communicate, even if (looking... jahoti
09:40 AM Feature #25: stop always using the same script nonce on given https(s) site
> While the details should still be discussed before declaring it finalized
It's still possible to make a proof-of...
koszko
07:28 AM Feature #25: stop always using the same script nonce on given https(s) site
> In general, after `#' we can have the unique value used to authenticate the injected string, followed by settings s... jahoti
11:57 AM Feature #36: prepare application for NLnet fund
Slightly adjusted to reflect the fact that there is now a stakeholders (ugh) section, a brief section on technical ch... jahoti
11:47 AM Feature #43 (Rejected): Replace common/sha256.js with crypto.subtle
As per message#49 this is dependent on dropping the use of unfixed verifiers ("unique values"), which is properly a s... jahoti

07/13/2021

12:22 PM Feature #25: stop always using the same script nonce on given https(s) site
> only question is how to fit it alongside the smuggled whitelisting code; do you have a possible scheme?
The whi...
koszko
11:46 AM Feature #25: stop always using the same script nonce on given https(s) site
> However, one more thing came to my mind. When rewriting headers, we could also smuggle the random nonce (or better ... jahoti
11:38 AM Feature #25: stop always using the same script nonce on given https(s) site
> > Also, have you thought about deriving HTTP(s) nonce from url, tab id and frame id? This way we would not need to ... koszko

07/12/2021

12:01 AM Feature #25: stop always using the same script nonce on given https(s) site
> I think we should also add some way to forget the nonces that are not going to be used anymore (for example because... jahoti
02:35 PM Feature #25 (In Progress): stop always using the same script nonce on given https(s) site
Merged into master. Honestly, I am neutral towards that unrelated patch.
I think we should also add some way to fo...
koszko
07:13 AM Feature #25 (Feedback): stop always using the same script nonce on given https(s) site
jahoti
07:08 AM Feature #25: stop always using the same script nonce on given https(s) site
Patch awaiting acceptance/rejection: testing on Chromium is *critical*, as there is a potential (albeit improbable) r... jahoti
07:14 AM Feature #44 (Resolved): Load in default settings using the build system
jahoti
07:10 AM Feature #44 (Feedback): Load in default settings using the build system
jahoti
07:10 AM Feature #44 (In Progress): Load in default settings using the build system
jahoti
07:09 AM Feature #44 (Feedback): Load in default settings using the build system
jahoti

07/10/2021

01:43 AM Feature #51 (New): [Roadmap 10][Milestone] Support internationalization
The WebExtensions standard includes a system for supporting translation of the extension UI: <https://developer.mozil... jahoti

07/09/2021

05:16 PM Feature #40 (Closed): Move documentation to wiki
jahoti wrote:
> The only issue is a few references to the build system, which treat it as hypothetical;
I think t...
koszko
05:05 AM Feature #40 (Feedback): Move documentation to wiki
jahoti

07/06/2021

12:26 AM Feature #50 (Closed): Standardize repository APIs/data formats
It doesn't need to be anything formal; however, without such a standard client- and server-side development in this a... jahoti
12:09 AM Feature #48: Load default_setting.json using XMLHttpRequest
(Responding here as the other issue is now resolved.)
> Btw, I am considering maintaining old build.sh alongside t...
jahoti
12:12 PM Feature #48 (Rejected): Load default_setting.json using XMLHttpRequest
I believe XMLHttpRequest can also be used to fetch extension's own files. After fetching the default settings file, w... koszko
12:05 AM Feature #44 (Resolved): Load in default settings using the build system
jahoti
01:48 PM Feature #44: Load in default settings using the build system
Btw, I am considering maintaining old build.sh alongside the new build.html. Plus, IMHO, changing to use XMLHttpReque... koszko
12:16 PM Feature #44: Load in default settings using the build system
That would be a very, very good idea (albeit much less relevant if the build system is rewritten in JS). jahoti
12:06 PM Feature #44: Load in default settings using the build system
Perhaps we could load default_settings.json using XMLHttpRequest and this way reduce the complexity of build system a... koszko
06:45 PM Feature #49 (Closed): add some nice styling to popup
Edit html/display-panel.html and html/display-panel.js, maybe add a separace .css file.
This shall involve heavy c...
koszko
05:10 PM Feature #11: add some nice styling to settings page
By the way, "adding styling" is not supposed to mean just writing some CSS. Heavy changes to HTML, accompanied with u... koszko
01:51 PM Feature #22: supplement the build script with a makefile, also produce zipped artifacts
Unless we decide to keep the old build script and maintain both. Consider packaging of the extension for distros.
Ha...
koszko
12:19 PM Feature #22: supplement the build script with a makefile, also produce zipped artifacts
Potentially obsoleted by #47 jahoti
12:13 PM Feature #30: Rename the extension and find some good icon ๐Ÿช“
Adjusted in reference to https://hachettebugs.koszko.org/boards/2/topics/6 jahoti
11:50 AM Feature #47 (Rejected): [Roadmap 24][Milestone] Rewrite the build script in a self-contained HTML file
Details here: https://hachettebugs.koszko.org/boards/1/topics/1
[Roadmap](/projects/hachette/wiki/Roadmap#Mileston...
koszko

07/05/2021

04:50 AM Feature #40: Move documentation to wiki
(Thank you for switching it to Markdown!)
The documentation is now all on the wiki, with a slight re-organization ...
jahoti

07/04/2021

12:12 AM Bug #42 (Rejected): Nonce not set on injected scripts
jahoti
11:05 PM Feature #40: Move documentation to wiki
Changed to Markdown as per your request koszko
05:59 AM Feature #40 (In Progress): Move documentation to wiki
Unless anybody else wants to take this task on, I'm happy to do so (having managed to create the wiki).
However, t...
jahoti
04:50 AM Feature #37: prepare some website fixes usable with this extension
Patch pushed to git (awaiting acceptance/rejection from master branch) changes the defaults to include a few tested f... jahoti
04:47 AM Feature #44 (In Progress): Load in default settings using the build system
Patch pushed to git; awaiting acceptance/rejection from master branch. jahoti
04:38 AM Feature #14: test with more browser forks (Abrowser, newest Parabola IceWeasel, LibreWolf)
Thank you for the screenshot! Now I see what you mean, and do indeed have that ability (as well as wiki page creation... jahoti
 

Also available in: Atom