Activity
From 07/03/2021 to 08/01/2021
08/01/2021
- 02:18 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > In case you want to devote some time to improve this fix, here[1] is one video page that doesn't work. I assume it ...
07/31/2021
- 11:24 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > You did it- it works!
In case you want to devote some time to improve this fix, here[1] is one video page that d... - 11:19 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- Oh, and- while it's definitely not relevant for the preview- I'm working on `pcspecialist.co.uk`.
(the reverted La... - 11:15 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- You did it- it works! Technically the video never actually played on TBB, given how painfully slow the network is, ye...
- 11:07 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > I'll do this right now.
No need to hurry - I already have a screenshot sufficient for the preview.
I would be... - 10:52 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > No, it's not what I meant :D
> I was referring to "would that need a settings screenshot too". I meant an addition... - 01:16 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > > I don't think this is needed.
>
> OK- I've stripped that out entirely and just left the `ask ubuntu` (is that ... - 12:31 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > I don't think this is needed.
OK- I've stripped that out entirely and just left the `ask ubuntu` (is that what y... - 12:22 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > Making `losedows phone exchange` the main `stackexchange` example, and then using `ask ubuntu` to show how Hachette...
- 02:32 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- While applying the modifications, I also made some changes to try and differentiate the examples:
* Removing the `ba... - 02:24 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > > One would expect that Google's CSP rule from http-equiv tag would be blocking our injected script - but it doesn'...
- 11:36 AM Feature #14: test with more browser forks (Abrowser, newest Parabola IceWeasel, LibreWolf)
- Other major ones left are Abrowser, Pure Browser (even though Pure OS by itself is misbehaving), maybe also Brave and...
- 03:14 AM Feature #37 (Closed): prepare some website fixes usable with this extension
- <https://git.koszko.org/hachette_fixes_tmp>
IMO, there's enough fixes available now to consider this complete. - 03:11 AM Feature #64 (Closed): Plan the update system
07/30/2021
- 11:31 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > One would expect that Google's CSP rule from http-equiv tag would be blocking our injected script - but it doesn't....
- 10:56 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > There are only really two small changes I can suggest, which I can make if you want
Go on with all you suggested... - 10:49 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > What do you think of the pdf in its current form?
It genuinely looks *amazing*, and the summaries are really eff... - 06:23 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- What do you think of the pdf in its current form?
https://koszko.org/preview.pdf
EDIT: Also, I put all the fi... - 06:23 PM Support #68 (In Progress): Prepare some screenshot documenting sites fixed using Hachette
- 12:00 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > File attachment here seems to be timing out for me
Probably not really the matter of time. Apache log:
```
[Fr... - 10:12 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- Those are looking good- nevertheless, I'll probably leave styling to you, seeing as I am terrible at it! File attachm...
07/29/2021
- 10:14 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- I started composing this attachment as a PDF. I will need to work on the styling, though (or you can do this if you w...
- 07:33 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- You might also want to look at my new Google sheets fix. The initial portion of the sheet that is served as HTML is s...
- 03:38 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > That works really well!
Surprising, isn't it?
One would expect that Google's CSP rule from http-equiv <meta> ... - 09:21 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- That works really well!
Unforeseen circumstances meant I haven't done much on this so far, unfortunately; however,...
07/28/2021
- 07:19 PM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- > [...] and perhaps write some more (quick and dirty) fixes of various kinds, that might help get the point across ev...
- 11:09 AM Support #68: Prepare some screenshot documenting sites fixed using Hachette
- I think it's a great idea! If we try and get as many browsers as possible too, and perhaps write some more (quick and...
- 10:38 AM Support #68 (Closed): Prepare some screenshot documenting sites fixed using Hachette
- I thought we could attach some examples of fixed sites in an attachment to the appliction. What do you think about it...
- 12:18 PM Feature #48: Load default_setting.json using XMLHttpRequest
- > > Also, the practice of linking one git repo from another could be useful here.
>
> How do you mean?
https:... - 11:11 AM Feature #17: enable the extension to automatically fetch script substitutes from the repo
- > By "automatically fetch script substitutes" I don't mean just downloading scripts that have URL+sha256sum provided ...
- 09:11 AM Feature #17 (In Progress): enable the extension to automatically fetch script substitutes from the repo
- jahoti wrote:
> Hasn't this been addressed?
Actually, I am working on this right now. By "automatically fetch scr... - 07:30 AM Feature #17: enable the extension to automatically fetch script substitutes from the repo
- Hasn't this been addressed?
- 11:06 AM Feature #64: Plan the update system
- > EDIT: Actually, I noticed the issue is "Plan the update system", not "implement", so we indeed can discuss this now...
- 09:17 AM Feature #64: Plan the update system
- > perhaps adding the option to update everything at once too.
That makes sense.
However, to avoid the infrastru... - 07:37 AM Feature #64: Plan the update system
- Well, I seem to have misremembered some parts of threads and can't find others, which leaves asking a much less plaus...
- 09:24 AM Feature #66: Write tests
- jahoti wrote:
> Mocking sites is definitely critical, albeit probably better done with a hijacking proxy of some sor... - 07:27 AM Feature #66: Write tests
- Mocking sites is definitely critical, albeit probably better done with a hijacking proxy of some sort (my words, not ...
07/27/2021
- 01:01 PM Bug #53: Interference with existing CSP headers
- > > Actually, when scripts are blocked, allowing CSP reports would make no sense because it would be violations of ou...
- 12:03 PM Bug #53: Interference with existing CSP headers
- Firstly, header-signing is working OK on Mozilla. While headers are cached across sessions, the secret is too; unless...
- 11:30 AM Bug #53: Interference with existing CSP headers
- > > As to CSP violation report blocking - should we do that unconditionally? Perhaps there are some legitimate use ca...
- 06:45 AM Bug #53: Interference with existing CSP headers
- > I just notices one possible problem: what if Mozilla caches headers across browser sessions? If so, our "signing" o...
- 11:46 AM Feature #67 (Rejected): Document `common/sanitize_JSON.js`
- This 400-line js file in `koszko` branch implements a declarative way of enforcing some format on JSON we parse. Unfo...
07/26/2021
- 04:13 PM Feature #66 (Closed): Write tests
- It seems problematic to test software that is meant to run as a browser extension - and it indeed is, especially when...
- 12:15 PM Bug #65 (Closed): When a site fails to load, for example due to its IP address not being found, the injected value with settings remains in the URL
- 12:13 PM Bug #53: Interference with existing CSP headers
- > The patch awaiting merge still doesn't address the CSP we inject *into* the page on Chromium, however. That will re...
- 09:22 AM Feature #48: Load default_setting.json using XMLHttpRequest
- > Not necessarily.
>
> I think reference to how Arch packaging works might be useful here. Arch PKGBUILD script use... - 08:44 AM Feature #48: Load default_setting.json using XMLHttpRequest
- > On the other hand, that could prevent offline builds; IDK.
Not necessarily.
I think reference to how Arch pac... - 09:15 AM Feature #64: Plan the update system
- > How about updating site scripts only when the user visits that site? There would only ever be a single script API r...
- 08:52 AM Feature #64: Plan the update system
- How about updating site scripts only when the user visits that site? There would only ever be a single script API req...
07/25/2021
- 09:31 AM Bug #53: Interference with existing CSP headers
- The patch awaiting merge still doesn't address the CSP we inject *into* the page on Chromium, however. That will requ...
- 09:26 AM Bug #53: Interference with existing CSP headers
- Patch committed; awaiting acceptance/rejection from master. While it's difficult to be fully confident it's clear, as...
- 09:29 AM Feature #19: check if prerendering has to be blocked
- Blocking prefetching (as is done on pages without scripts enabled for <#20>) makes prerendering impossible. While it ...
- 09:27 AM Feature #20: block prefetch
- This is implemented as part of the patch for #53 (it can be done with CSP). However, I couldn't work out how to test ...
- 09:13 AM Feature #64 (Closed): Plan the update system
- The most natural approach, especially given what we currently have, would be to request information from the server o...
- 08:58 AM Feature #48: Load default_setting.json using XMLHttpRequest
- Definitely the latter; moving fixes to the repository first would only be in order to have the build script(s) downlo...
07/24/2021
- 08:47 AM Feature #48: Load default_setting.json using XMLHttpRequest
- Depends. We can make this issue obsolete and completely move bundled settings to the repo.
Or, after moving most o...
07/23/2021
- 12:38 AM Feature #48: Load default_setting.json using XMLHttpRequest
- Preferrably preceded by: <https://hachettebugs.koszko.org/issues/59>
- 12:32 AM Feature #38: Add support to also inject css files to pages
- Perhaps part of <https://hachettebugs.koszko.org/boards/1/topics/56>.
- 12:13 AM Feature #20 (In Progress): block prefetch
- See <https://hachettebugs.koszko.org/issues/53#note-2>.
- 12:12 AM Bug #53 (In Progress): Interference with existing CSP headers
- A fix is now implemented by parsing CSP headers for direct handling, which also allows removing of directives that re...
- 06:27 PM Feature #63 (Closed): Force <noscript> tags on pages where scripts are blocked
- Other extensions should already have some code for this
- 11:57 AM Feature #50 (Closed): Standardize repository APIs/data formats
- That seems good, and it's flexible enough (being JSON) to be modified as the system evolves or even if anybody disagr...
07/22/2021
- 11:18 AM Feature #50: Standardize repository APIs/data formats
- How about a JSON interface? Later on we can simply add more fields to the JSON objects described now. Please tell wha...
07/21/2021
- 11:48 PM Bug #53: Interference with existing CSP headers
- Currently working on this (albeit somewhat slowly).
- 04:23 PM Feature #50: Standardize repository APIs/data formats
- Related topic: https://hachettebugs.koszko.org/boards/1/topics/56
- 04:21 PM Feature #25 (Closed): stop always using the same script nonce on given https(s) site
- Ok, this has been merged yesterday
- 09:18 AM Feature #30 (Closed): Rename the extension and find some good icon ๐ช
- Merged to master :)
07/20/2021
- 01:05 AM Feature #30: Rename the extension and find some good icon ๐ช
- > I pushed it on my branch, waiting for your feedback
It's an emphatic "yes" from me on all counts!
(except Chr... - 12:15 PM Feature #30 (Feedback): Rename the extension and find some good icon ๐ช
- Chromium rejected SVG icons, so I made it into PNG of various sizes. I automatized this with an sh loop and an inksca...
- 11:25 AM Bug #54 (Closed): Remote-storage port(s) are disconnected while still in use
- 11:25 AM Bug #54: Remote-storage port(s) are disconnected while still in use
- Turns out it was a page_info_server error caused by a typo (missed underscore caused some storage change callback not...
- 10:26 AM Bug #54 (In Progress): Remote-storage port(s) are disconnected while still in use
- Yes, I seems to happen exclusively after "View in settings" or "Edit in settings" is used. I now know that I introduc...
07/19/2021
- 12:01 AM Feature #30: Rename the extension and find some good icon ๐ช
- Oh yes! That looks great, and after looking through the others I completely agree with picking it. Patch incoming!
- 01:12 PM Feature #30: Rename the extension and find some good icon ๐ช
- How about:
https://publicdomainvectors.org/en/tag/hatchet
Out of those, I personally liek this one the most:
htt... - 12:57 PM Feature #30: Rename the extension and find some good icon ๐ช
- Patches for renaming have been pushed to both the `jahoti` and `nonce-PoC` branches.
All that remains, if that wen... - 09:03 AM Feature #30: Rename the extension and find some good icon ๐ช
- The renaming part shouldn't take too long
- 10:18 AM Feature #27: make extension's all html files proper XHTML
- Indeed :)
07/18/2021
- 07:45 AM Feature #27: make extension's all html files proper XHTML
- Actually, not yet- should this be low priority?
- 07:42 AM Feature #27 (In Progress): make extension's all html files proper XHTML
- Working on this.
- 07:41 AM Feature #36: prepare application for NLnet fund
- Unassigning myself as it is no longer accurate or reasonable to say only one person is involved with it.
- 06:09 AM Bug #54: Remote-storage port(s) are disconnected while still in use
- The issue, it turns out, can be reproduced by opening the popup on an unprivileged page and then playing with the set...
- 02:46 AM Bug #54: Remote-storage port(s) are disconnected while still in use
- > Any additional details as to how to reproduce the error? I guess it must have something to do with closing of the s...
- 02:41 AM Feature #25: stop always using the same script nonce on given https(s) site
- >> The base URL isn't sent in the settings; instead, if the unique value doesn't match then the listener assumes it c...
07/17/2021
- 09:58 PM Bug #54: Remote-storage port(s) are disconnected while still in use
- That's possible. I've been fighting these ports also when making the popup page.
Any additional details as to how ... - 09:12 AM Bug #54 (Closed): Remote-storage port(s) are disconnected while still in use
- Potentially there are other issues with storage, and the situation may not even be limited to Gecko; however, these a...
- 02:50 PM Feature #25: stop always using the same script nonce on given https(s) site
- > * The base URL isn't sent in the settings; instead, if the unique value doesn't match then the listener assumes it ...
- 12:52 PM Feature #25: stop always using the same script nonce on given https(s) site
- > I was arguing for drawing a salt and deriving the nonce from salt, URL, time and secret.
That makes sense!
> ... - 11:23 AM Feature #25: stop always using the same script nonce on given https(s) site
- > Just to check, are you arguing for drawing one random value or a salt and, separately, a nonce?
I was arguing fo... - 09:42 AM Feature #25: stop always using the same script nonce on given https(s) site
- >> That would be OK- the nonce can be (and is) generated randomly for each request[...]
> And we need either salt or... - 08:33 AM Feature #25: stop always using the same script nonce on given https(s) site
- jahoti wrote:
> >> In the current PoC that would still let them whitelist the page entirely
> > Right, I missed tha... - 09:09 AM Bug #53 (Closed): Interference with existing CSP headers
- Current handling of pre-existing CSP headers needs to be refined:
* Pre-existing http-equiv embeds and actual header... - 09:02 AM Bug #52 (Closed): Headers not updated on cached requests
- Thanks for the API suggestions! It turns out the issue was indeed the same as you worked around earlier, and a minor ...
07/16/2021
- 12:25 AM Feature #25: stop always using the same script nonce on given https(s) site
- >> In the current PoC that would still let them whitelist the page entirely
> Right, I missed that. How about when s... - 12:05 PM Feature #25: stop always using the same script nonce on given https(s) site
- > >> Firstly, is there any point in drawing a random salt? It doesn't prevent a replay attack by itself
> > Not if s... - 11:32 AM Feature #25: stop always using the same script nonce on given https(s) site
- >> Firstly, is there any point in drawing a random salt? It doesn't prevent a replay attack by itself
> Not if someo... - 10:06 AM Feature #25: stop always using the same script nonce on given https(s) site
- > Firstly, is there any point in drawing a random salt? It doesn't prevent a replay attack by itself
Not if someon... - 09:03 AM Feature #25: stop always using the same script nonce on given https(s) site
- > It does actually show up, at least under Chromium, but only for a moment. Or rather it used to show up, before I co...
- 09:33 AM Bug #52: Headers not updated on cached requests
- There seem to be some APIs for that. The one that reloads a tab while bypassing cache seems to be the most promising:...
- 09:06 AM Bug #52 (Closed): Headers not updated on cached requests
- When a page is loaded from the cache (e.g. after reloading), we don't (can't?) modify the headers. That means, for in...
07/14/2021
- 12:16 PM Feature #25: stop always using the same script nonce on given https(s) site
- > Unless you get to it first, I'll try implementing it in the next 24 hours.
Go on. I am doing repo stuff right no... - 11:27 AM Feature #25: stop always using the same script nonce on given https(s) site
- I agree with doing it as a PoC with JSON-encoded settings; that was the idea I meant to communicate, even if (looking...
- 09:40 AM Feature #25: stop always using the same script nonce on given https(s) site
- > While the details should still be discussed before declaring it finalized
It's still possible to make a proof-of... - 07:28 AM Feature #25: stop always using the same script nonce on given https(s) site
- > In general, after `#' we can have the unique value used to authenticate the injected string, followed by settings s...
- 11:57 AM Feature #36: prepare application for NLnet fund
- Slightly adjusted to reflect the fact that there is now a stakeholders (ugh) section, a brief section on technical ch...
- 11:47 AM Feature #43 (Rejected): Replace common/sha256.js with crypto.subtle
- As per message#49 this is dependent on dropping the use of unfixed verifiers ("unique values"), which is properly a s...
07/13/2021
- 12:22 PM Feature #25: stop always using the same script nonce on given https(s) site
- > only question is how to fit it alongside the smuggled whitelisting code; do you have a possible scheme?
The whi... - 11:46 AM Feature #25: stop always using the same script nonce on given https(s) site
- > However, one more thing came to my mind. When rewriting headers, we could also smuggle the random nonce (or better ...
- 11:38 AM Feature #25: stop always using the same script nonce on given https(s) site
- > > Also, have you thought about deriving HTTP(s) nonce from url, tab id and frame id? This way we would not need to ...
07/12/2021
- 12:01 AM Feature #25: stop always using the same script nonce on given https(s) site
- > I think we should also add some way to forget the nonces that are not going to be used anymore (for example because...
- 02:35 PM Feature #25 (In Progress): stop always using the same script nonce on given https(s) site
- Merged into master. Honestly, I am neutral towards that unrelated patch.
I think we should also add some way to fo... - 07:13 AM Feature #25 (Feedback): stop always using the same script nonce on given https(s) site
- 07:08 AM Feature #25: stop always using the same script nonce on given https(s) site
- Patch awaiting acceptance/rejection: testing on Chromium is *critical*, as there is a potential (albeit improbable) r...
- 07:14 AM Feature #44 (Resolved): Load in default settings using the build system
- 07:10 AM Feature #44 (Feedback): Load in default settings using the build system
- 07:10 AM Feature #44 (In Progress): Load in default settings using the build system
- 07:09 AM Feature #44 (Feedback): Load in default settings using the build system
07/10/2021
- 01:43 AM Feature #51 (New): [Roadmap 10][Milestone] Support internationalization
- The WebExtensions standard includes a system for supporting translation of the extension UI: <https://developer.mozil...
07/09/2021
- 05:16 PM Feature #40 (Closed): Move documentation to wiki
- jahoti wrote:
> The only issue is a few references to the build system, which treat it as hypothetical;
I think t... - 05:05 AM Feature #40 (Feedback): Move documentation to wiki
07/06/2021
- 12:26 AM Feature #50 (Closed): Standardize repository APIs/data formats
- It doesn't need to be anything formal; however, without such a standard client- and server-side development in this a...
- 12:09 AM Feature #48: Load default_setting.json using XMLHttpRequest
- (Responding here as the other issue is now resolved.)
> Btw, I am considering maintaining old build.sh alongside t... - 12:12 PM Feature #48 (Rejected): Load default_setting.json using XMLHttpRequest
- I believe XMLHttpRequest can also be used to fetch extension's own files. After fetching the default settings file, w...
- 12:05 AM Feature #44 (Resolved): Load in default settings using the build system
- 01:48 PM Feature #44: Load in default settings using the build system
- Btw, I am considering maintaining old build.sh alongside the new build.html. Plus, IMHO, changing to use XMLHttpReque...
- 12:16 PM Feature #44: Load in default settings using the build system
- That would be a very, very good idea (albeit much less relevant if the build system is rewritten in JS).
- 12:06 PM Feature #44: Load in default settings using the build system
- Perhaps we could load default_settings.json using XMLHttpRequest and this way reduce the complexity of build system a...
- 06:45 PM Feature #49 (Closed): add some nice styling to popup
- Edit html/display-panel.html and html/display-panel.js, maybe add a separace .css file.
This shall involve heavy c... - 05:10 PM Feature #11: add some nice styling to settings page
- By the way, "adding styling" is not supposed to mean just writing some CSS. Heavy changes to HTML, accompanied with u...
- 01:51 PM Feature #22: supplement the build script with a makefile, also produce zipped artifacts
- Unless we decide to keep the old build script and maintain both. Consider packaging of the extension for distros.
Ha... - 12:19 PM Feature #22: supplement the build script with a makefile, also produce zipped artifacts
- Potentially obsoleted by #47
- 12:13 PM Feature #30: Rename the extension and find some good icon ๐ช
- Adjusted in reference to https://hachettebugs.koszko.org/boards/2/topics/6
- 11:50 AM Feature #47 (Rejected): [Roadmap 24][Milestone] Rewrite the build script in a self-contained HTML file
- Details here: https://hachettebugs.koszko.org/boards/1/topics/1
[Roadmap](/projects/hachette/wiki/Roadmap#Mileston...
07/05/2021
- 04:50 AM Feature #40: Move documentation to wiki
- (Thank you for switching it to Markdown!)
The documentation is now all on the wiki, with a slight re-organization ...
07/04/2021
- 12:12 AM Bug #42 (Rejected): Nonce not set on injected scripts
- 11:05 PM Feature #40: Move documentation to wiki
- Changed to Markdown as per your request
- 05:59 AM Feature #40 (In Progress): Move documentation to wiki
- Unless anybody else wants to take this task on, I'm happy to do so (having managed to create the wiki).
However, t... - 04:50 AM Feature #37: prepare some website fixes usable with this extension
- Patch pushed to git (awaiting acceptance/rejection from master branch) changes the defaults to include a few tested f...
- 04:47 AM Feature #44 (In Progress): Load in default settings using the build system
- Patch pushed to git; awaiting acceptance/rejection from master branch.
- 04:38 AM Feature #14: test with more browser forks (Abrowser, newest Parabola IceWeasel, LibreWolf)
- Thank you for the screenshot! Now I see what you mean, and do indeed have that ability (as well as wiki page creation...
Also available in: Atom