Activity
From 09/09/2021 to 10/08/2021
10/08/2021
- 10:07 AM Support #95: Add JShelter in wiki: comparison with other extensions
- > (Also, how did you put that together without knowing Ruby? Was there an existing solution that *was* XSS-safe and y...
10/07/2021
- 06:58 AM Support #95: Add JShelter in wiki: comparison with other extensions
- > Btw, I patched /usr/share/redmine/lib/redmine/wiki_formatting/macros.rb on hydrillabugs to allow colors. I added th...
- 02:00 AM Revision 95b040ff (haketilo): Start on a makefile
- Currently includes targets for unpacked versions and zips
10/06/2021
10/05/2021
- 09:47 AM Support #95: Add JShelter in wiki: comparison with other extensions
How exactly do we define the "enhances user freedom" category?
How about we make "security" and "privacy" separa...
10/04/2021
- 05:57 AM Feature #96: Facilitate checking that extension contents haven't been replaced by Mozilla during signing
- > Btw, I think I know how to avoid the dependency on python:
Ah, thank you! I've updated the script to reflect tha... - 05:14 AM Support #95: Add JShelter in wiki: comparison with other extensions
- > Thoughts/comments/critiques on the attached chart?
Nice! I like it.
On a tangential note, we probably also need...
10/03/2021
- 07:40 AM Support #95 (In Progress): Add JShelter in wiki: comparison with other extensions
- Thoughts/comments/critiques on the attached chart?
koszko wrote:
> We could even have separate rows for "Haketilo...
10/02/2021
- 11:59 AM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS
- > For reCAPTCHA I think the data that get extracted (maps from challenge code to displayed text) is constant at least...
- 04:05 AM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS
- > In case of important data only being available in external scripts (btw, I think this is the case with reCAPTCHA wh...
- 11:56 AM Feature #96: Facilitate checking that extension contents haven't been replaced by Mozilla during signing
- jahoti wrote:
> The attached script should be able to confirm whether the workings of the extension have been modifi... - 03:52 AM Feature #96: Facilitate checking that extension contents haven't been replaced by Mozilla during signing
- Definitely not!
The attached script should be able to confirm whether the workings of the extension have been modi... - 04:12 AM Feature #73: [Roadmap 6] Implement a permissions system
- > As to otherwise drawing from it... It might be an option, although it'll still require a serious bit of work. I per...
10/01/2021
- 10:29 PM Feature #96 (Rejected): Facilitate checking that extension contents haven't been replaced by Mozilla during signing
- I see no reason we should blindly trust another party here, be it Mozilla or someone else. Right now it seems Mozilla...
- 10:05 PM Revision d7e48c58 (haketilo): Add complete firefox extension upload and download functionality
- 04:28 PM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS
- In case of important data only being available in external scripts (btw, I think this is the case with reCAPTCHA whic...
- 01:13 PM Revision ea30326e (haketilo): add shell script facilitating generation of JWT
- 12:12 PM Support #95: Add JShelter in wiki: comparison with other extensions
- > The table is a great idea!
Indeed, a brilliant one :D
We could even have separate rows for "Haketilo (with sc... - 04:14 AM Support #95: Add JShelter in wiki: comparison with other extensions
- The table is a great idea! Just to make sure you're aware, however, it will need to be an image or at least use image...
- 03:28 AM Support #95 (Rejected): Add JShelter in wiki: comparison with other extensions
- The FSF just announced JShelter to combat nonfree JS:
https://www.fsf.org/news/fsf-announces-jshelter-browser-add-on... - 12:05 PM Feature #73: [Roadmap 6] Implement a permissions system
- If JSHelter turns out to be able to also work properly on sites modified by Hachette, running it in parallel would be...
- 05:21 AM Feature #73: [Roadmap 6] Implement a permissions system
- Could potentially draw from or just use <https://jshelter.org/> alongside Haketilo (still experimental).
09/29/2021
- 03:03 AM Feature #13 (Closed): find some way not to require each chrome user to modify manifest.json
- This is now in master.
09/28/2021
- 06:48 AM Feature #94 (In Progress): Add support for extension auto-updating
- Support for setting an update URL in the extension is now included in the jahoti-update branch.
- 06:41 AM Feature #22: supplement the build script with a makefile, also produce zipped artifacts
- The modified build system on the jahoti-update branch now has support for zip and crx generation (using Chromium; CRX...
- 02:00 AM Revision 81910556 (haketilo): Add build support for update URLs
- The 'url' parameter can now be used to provide an update URL
- 02:00 AM Revision fbf0503f (haketilo): Support building CRXs
- Chromium now builds CRXs rather than ZIPs when given a key.
09/25/2021
- 03:49 AM Feature #94 (Rejected): Add support for extension auto-updating
- See
https://developer.chrome.com/docs/extensions/mv3/linux_hosting/#update
https://extensionworkshop.com/documentat...
09/24/2021
- 02:00 AM Revision df07adb2 (haketilo): Add support for Chromium zips
- CRX and update URL support to come
- 02:00 AM Revision 853d50e5 (haketilo): Normalize CLI options
- Use saner defaults and (where suitable) environment variables
09/21/2021
- 02:00 AM Revision e7c425cc (haketilo): Add command line options (inc. build artifacts)
- Add extension packaging for Mozilla and some other treats
- 02:00 AM Revision 59fb32a3 (haketilo): Merge branch 'master' into jahoti-update
09/18/2021
- 06:19 AM Feature #90 (Closed): Make the 0.1 release
- "andyprough" has offered some outlets for spreading the news at <https://trisquel.info/en/forum/announcing-haketilo-0...
09/15/2021
- 02:45 PM Feature #90: Make the 0.1 release
- > Note: the 0.1 release is missing the default repository :/.
My fault. Updated [[Releases]].
> If you haven't ... - 12:23 PM Feature #90: Make the 0.1 release
- After a somewhat embarrassing length of time, I've come to the realization the script you posted doesn't actually do ...
- 06:49 AM Feature #90: Make the 0.1 release
- **Note**: the 0.1 release is missing the default repository :/.
- 02:00 AM Revision 960363e7 (haketilo): Add default repository to default settings
09/14/2021
- 11:48 PM Support #78: Investigate into how browsers handle files that are not HTML
- Rough estimate of progress (it's hard to tell without knowing in advance what the solution will involve)
- 11:09 PM Feature #90: Make the 0.1 release
- > > As a rather unimportant aside, however, we have yet to establish a clear difference between "Haketilo" and "Haket...
- 08:22 PM Feature #90: Make the 0.1 release
- OK, it seems all that's important is ready. Documentation will never be perfect but it's already sufficiently good. I...
- 07:20 PM Feature #90: Make the 0.1 release
- In case anyone's wondering how I automatized the generation of Chromium builds with different secres, it's this scrip...
- 04:24 PM Feature #90: Make the 0.1 release
- > As a rather unimportant aside, however, we have yet to establish a clear difference between "Haketilo" and "Haketil...
- 03:25 AM Feature #90: Make the 0.1 release
- > Right, in the documentation (at the end of Mozilla installation instructions, perhaps also in some other place(s)) ...
- 07:29 PM Revision e9b6187e (haketilo): bump version to 0.1
- 07:28 PM Revision 212b5c8e (haketilo): use default settings that only contain a demo script (the rest is available through Hydrilla)
- 03:59 AM Feature #92: Replace cookie smuggling with some safer approach
- > Actually, I thought about simply redirecting to an extension-packaged file. For basic functionality we only need 3 ...
09/13/2021
- 04:56 PM Revision 2bd35bc4 (haketilo): rename the extension to "Haketilo"
- 09:46 AM Feature #90: Make the 0.1 release
- jahoti wrote:
> OK, the Firefox account generation/management script is attached.
Thanks a lot!
> (except on s... - 09:12 AM Feature #90: Make the 0.1 release
- OK, the Firefox account generation/management script is attached. Some notes:
* It depends on `librecaptcha`, `reque... - 09:01 AM Feature #90: Make the 0.1 release
- > > (it's also possible they just distribute the signed extensions and package the signatures when building from sour...
- 08:02 AM Feature #90: Make the 0.1 release
- > > Also, disrtos like Debian actually have extensions in their repositories, so there is surely some way to install ...
- 08:25 AM Feature #92: Replace cookie smuggling with some safer approach
- > That said, there are several options. Apart from the obvious approach of `data:` URLs for Chromium and `contentScri...
09/12/2021
- 11:20 AM Feature #93 (Rejected): Elaborate on ethics in the documentation
- The user manual currently contains several references to what we recommend or what the reader should be doing without...
- 11:13 AM Feature #90: Make the 0.1 release
- I'm working through testing the Mozilla account-generation script now. I've removed the signing functionality rather ...
- 03:00 AM Feature #92: Replace cookie smuggling with some safer approach
- It turns out Firefox did once support redirection to `data:` URLs (prior to v60, it seems), before it was accidentall...
09/11/2021
- 12:53 AM Feature #92: Replace cookie smuggling with some safer approach
- > Jahoti, please, remind me. Why aren't we just making a synchronous AJAX call in the content script and redirecting ...
- 09:58 PM Feature #92: Replace cookie smuggling with some safer approach
- Jahoti, please, remind me. Why aren't we just making a synchronous AJAX call in the content script and redirecting it...
- 09:55 PM Feature #92 (Closed): Replace cookie smuggling with some safer approach
- Yep, we need to find something that works. `registerContentScript()` might do the job on newer browsers (and under Ma...
- 12:41 AM Feature #90: Make the 0.1 release
- > Interesting. The flag that enables unverified installs is supposedly still supported in developer edition of Firefo...
- 12:51 PM Feature #90: Make the 0.1 release
- Interesting. The flag that enables unverified installs is supposedly still supported in developer edition of Firefox:...
- 12:35 PM Feature #90: Make the 0.1 release
- >> Wait- is it possible to sign XPIs with our own key? If so that would be much better than relying on Mozilla.
>
>... - 12:22 PM Feature #90: Make the 0.1 release
- jahoti wrote:
> Wait- is it possible to sign XPIs with our own key? If so that would be much better than relying on ... - 11:54 AM Feature #90: Make the 0.1 release
- Wait- is it possible to sign XPIs with our own key? If so that would be much better than relying on Mozilla.
In an... - 11:38 AM Feature #90: Make the 0.1 release
- jahoti wrote:
> On that note (and your breakthrough with CRX on #13), do we want to sign releases?
Yes. And I'd l... - 05:03 AM Feature #90: Make the 0.1 release
- > Also, at some point we'll upload prebuilt versions of Hachette here.
On that note (and your breakthrough with CR... - 01:56 PM Revision 947fbdef (haketilo): added missing line break in options page
- 12:22 PM Support #75: ServiceWorkers
- I unfortunately couldn't test this, as I couldn't find any test cases or understand how to set one up.
- 11:44 AM Support #75: ServiceWorkers
- jahoti wrote:
> Somehow, it seems the biggest technical challenge for this project has become *blocking (unwanted) s... - 05:15 AM Support #75: ServiceWorkers
- > Ultimately, we should stop using cookies for policy smuggling, even though they initially seemed like a super good ...
- 12:17 PM Support #78: Investigate into how browsers handle files that are not HTML
- Your most recent push seems to be working well!
- 05:08 AM Support #78: Investigate into how browsers handle files that are not HTML
- Good point!
- 04:52 AM Support #78: Investigate into how browsers handle files that are not HTML
- > didn't the CSP-filtering part of StreamFilter get removed anyway?
It did, although the part that remains is stil... - 04:38 AM Support #78: Investigate into how browsers handle files that are not HTML
- > I pushed something to koszko branch.
Rather than reply to all the commits you've made independently, I'll just n... - 12:14 PM Feature #88: [Roadmap 6][Milestone] Allow payloads to also specify CSP rules that should be used instead of the original ones served by page
- I read this thread earlier today and had been meaning to reply, yet couldn't find it again- sorry!
> In the end, I... - 12:02 PM Feature #32: Process HTML files in data: URLs instead of just blocking them
- > Btw, I've been unaware of that manifest key. It would be cool to utilize it for something else at some point :) Alt...
- 11:40 AM Feature #32: Process HTML files in data: URLs instead of just blocking them
- :/
Btw, I've been unaware of that manifest key. It would be cool to utilize it for something else at some point :) A... - 04:56 AM Feature #32: Process HTML files in data: URLs instead of just blocking them
- > It might be possible to utilize this API:
>
> <https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registe... - 11:48 AM Feature #91 (Rejected): Add an option to block HTTP "refresh"
- This concerns both the HTTP header and its respective `<meta>` tag.
https://en.wikipedia.org/wiki/Meta_refresh - 11:03 AM Feature #77 (Closed): Check LibreJS is compatible with this extension.
- Compatibility is confirmed for IceCat 60, which is sufficient assuming there are no functional differences that would...
- 05:05 AM Feature #77: Check LibreJS is compatible with this extension.
- Results will be added to the user documentation once obtained.
- 05:13 AM Feature #13: find some way not to require each chrome user to modify manifest.json
- > Unfortunately, the "Google BSD license" link is dead and I cannot check which of the BSD licenses applied to that s...
- 04:44 AM Feature #66: Write tests
- > Have you considered using UML (no, not that diagraming language, I mean User Mode Linux) to run tests inside? I'm s...
09/10/2021
- 10:07 PM Feature #90: Make the 0.1 release
- I started documenting Hachette usage. I uploaded the screenshots I made, so if you happen to come there while I sleep...
- 05:15 PM Feature #90: Make the 0.1 release
- "allow" option, CSP behavior and URL length limits are now on `koszko` branch
- 08:49 PM Feature #13: find some way not to require each chrome user to modify manifest.json
- I found details regarding the CRX file format:
http://www.dre.vanderbilt.edu/~schmidt/android/android-4.0/external/c... - 05:47 PM Support #75: ServiceWorkers
- I added unregistering code on `koszko` branch. It needs testing
- 05:46 PM Revision d658cadf (haketilo): disable service workers when scripts are blocked
- 05:34 PM Feature #32: Process HTML files in data: URLs instead of just blocking them
- It might be possible to utilize this API:
https://developer.mozilla.org/en-US/docs/Web/API/Navigator/registerProto... - 05:07 PM Feature #88: [Roadmap 6][Milestone] Allow payloads to also specify CSP rules that should be used instead of the original ones served by page
- As this is somehow related, I'll write an update regarding our recent CSP change (where we are no longer modifying ex...
- 04:50 PM Revision 5c75d744 (haketilo): Make it impossible to check "Allow native scripts" for pages with payload.
- 04:18 PM Revision 72cbfa74 (haketilo): limit allowed pattern lengths
09/09/2021
- 06:51 PM Revision ed9cc030 (haketilo): restore compatibility with IceCat 60
- 06:50 PM Revision 44e89d8e (haketilo): simplify CSP handling
- All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not mo...
- 05:35 PM Support #75: ServiceWorkers
- jahoti wrote:
> perhaps we could present some version of [this information](https://www.ghacks.net/2016/03/02/manage... - 01:52 PM Feature #66: Write tests
- Have you considered using UML (no, not that diagraming language, I mean User Mode Linux) to run tests inside? I'm sug...
- 12:51 PM Feature #34 (Closed): improve CSP injection blocking
- Can be considered done as part of #78
- 12:15 PM Support #78: Investigate into how browsers handle files that are not HTML
- > I am going to continue with this tomorrow. Btw, I realized some mistakes (including being unaware of what I just de...
Also available in: Atom