Haketilo

10/11/2021

10:51 PM Support #95: Add JShelter in wiki: comparison with other extensions

I've attached an update version of the chart with assumptions listed and footnotes. I've also included the html file ... 0gitnick

10/08/2021

10:07 AM Support #95: Add JShelter in wiki: comparison with other extensions

> (Also, how did you put that together without knowing Ruby? Was there an existing solution that *was* XSS-safe and y... koszko

10/07/2021

06:58 AM Support #95: Add JShelter in wiki: comparison with other extensions

> Btw, I patched /usr/share/redmine/lib/redmine/wiki_formatting/macros.rb on hydrillabugs to allow colors. I added th... jahoti

10/05/2021

09:47 AM Support #95: Add JShelter in wiki: comparison with other extensions

How exactly do we define the "enhances user freedom" category?
How about we make "security" and "privacy" separa... koszko

10/04/2021

05:57 AM Feature #96: Facilitate checking that extension contents haven't been replaced by Mozilla during signing

> Btw, I think I know how to avoid the dependency on python:
Ah, thank you! I've updated the script to reflect tha... jahoti

05:14 AM Support #95: Add JShelter in wiki: comparison with other extensions

> Thoughts/comments/critiques on the attached chart?
Nice! I like it.
On a tangential note, we probably also need... jahoti

10/03/2021

07:40 AM Support #95 (In Progress): Add JShelter in wiki: comparison with other extensions

Thoughts/comments/critiques on the attached chart?
koszko wrote:
> We could even have separate rows for "Haketilo... 0gitnick

10/02/2021

11:59 AM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS

> For reCAPTCHA I think the data that get extracted (maps from challenge code to displayed text) is constant at least... koszko

04:05 AM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS

> In case of important data only being available in external scripts (btw, I think this is the case with reCAPTCHA wh... jahoti

11:56 AM Feature #96: Facilitate checking that extension contents haven't been replaced by Mozilla during signing

jahoti wrote:
> The attached script should be able to confirm whether the workings of the extension have been modifi... koszko

03:52 AM Feature #96: Facilitate checking that extension contents haven't been replaced by Mozilla during signing

Definitely not!
The attached script should be able to confirm whether the workings of the extension have been modi... jahoti

04:12 AM Feature #73: [Roadmap 6] Implement a permissions system

> As to otherwise drawing from it... It might be an option, although it'll still require a serious bit of work. I per... jahoti

10/01/2021

10:29 PM Feature #96 (Rejected): Facilitate checking that extension contents haven't been replaced by Mozilla during signing

I see no reason we should blindly trust another party here, be it Mozilla or someone else. Right now it seems Mozilla... koszko

04:28 PM Feature #71: [Roadmap 5][Milestone] Make it possible for injected scripts to bypass CORS

In case of important data only being available in external scripts (btw, I think this is the case with reCAPTCHA whic... koszko

12:12 PM Support #95: Add JShelter in wiki: comparison with other extensions

> The table is a great idea!
Indeed, a brilliant one :D
We could even have separate rows for "Haketilo (with sc... koszko

04:14 AM Support #95: Add JShelter in wiki: comparison with other extensions

The table is a great idea! Just to make sure you're aware, however, it will need to be an image or at least use image... jahoti

03:28 AM Support #95 (Rejected): Add JShelter in wiki: comparison with other extensions

The FSF just announced JShelter to combat nonfree JS:
https://www.fsf.org/news/fsf-announces-jshelter-browser-add-on... 0gitnick

12:05 PM Feature #73: [Roadmap 6] Implement a permissions system

If JSHelter turns out to be able to also work properly on sites modified by Hachette, running it in parallel would be... koszko

05:21 AM Feature #73: [Roadmap 6] Implement a permissions system

Could potentially draw from or just use <https://jshelter.org/> alongside Haketilo (still experimental). jahoti

09/29/2021

03:03 AM Feature #13 (Closed): find some way not to require each chrome user to modify manifest.json

This is now in master. jahoti

09/28/2021

06:48 AM Feature #94 (In Progress): Add support for extension auto-updating

Support for setting an update URL in the extension is now included in the jahoti-update branch. jahoti

06:41 AM Feature #22: supplement the build script with a makefile, also produce zipped artifacts

The modified build system on the jahoti-update branch now has support for zip and crx generation (using Chromium; CRX... jahoti

09/25/2021

03:49 AM Feature #94 (Rejected): Add support for extension auto-updating

See
https://developer.chrome.com/docs/extensions/mv3/linux_hosting/#update
https://extensionworkshop.com/documentat... jahoti

09/18/2021

06:19 AM Feature #90 (Closed): Make the 0.1 release

"andyprough" has offered some outlets for spreading the news at <https://trisquel.info/en/forum/announcing-haketilo-0... jahoti

09/15/2021

02:45 PM Feature #90: Make the 0.1 release

> Note: the 0.1 release is missing the default repository :/.
My fault. Updated [[Releases]].
> If you haven't ... koszko

12:23 PM Feature #90: Make the 0.1 release

After a somewhat embarrassing length of time, I've come to the realization the script you posted doesn't actually do ... jahoti

06:49 AM Feature #90: Make the 0.1 release

**Note**: the 0.1 release is missing the default repository :/. jahoti

09/14/2021

11:48 PM Support #78: Investigate into how browsers handle files that are not HTML

Rough estimate of progress (it's hard to tell without knowing in advance what the solution will involve) jahoti

11:09 PM Feature #90: Make the 0.1 release

> > As a rather unimportant aside, however, we have yet to establish a clear difference between "Haketilo" and "Haket... jahoti

08:22 PM Feature #90: Make the 0.1 release

OK, it seems all that's important is ready. Documentation will never be perfect but it's already sufficiently good. I... koszko

07:20 PM Feature #90: Make the 0.1 release

In case anyone's wondering how I automatized the generation of Chromium builds with different secres, it's this scrip... koszko

04:24 PM Feature #90: Make the 0.1 release

> As a rather unimportant aside, however, we have yet to establish a clear difference between "Haketilo" and "Haketil... koszko

03:25 AM Feature #90: Make the 0.1 release

> Right, in the documentation (at the end of Mozilla installation instructions, perhaps also in some other place(s)) ... jahoti

03:59 AM Feature #92: Replace cookie smuggling with some safer approach

> Actually, I thought about simply redirecting to an extension-packaged file. For basic functionality we only need 3 ... jahoti

09/13/2021

09:46 AM Feature #90: Make the 0.1 release

jahoti wrote:
> OK, the Firefox account generation/management script is attached.
Thanks a lot!
> (except on s... koszko

09:12 AM Feature #90: Make the 0.1 release

OK, the Firefox account generation/management script is attached. Some notes:
* It depends on `librecaptcha`, `reque... jahoti

09:01 AM Feature #90: Make the 0.1 release

> > (it's also possible they just distribute the signed extensions and package the signatures when building from sour... jahoti

08:02 AM Feature #90: Make the 0.1 release

> > Also, disrtos like Debian actually have extensions in their repositories, so there is surely some way to install ... koszko

08:25 AM Feature #92: Replace cookie smuggling with some safer approach

> That said, there are several options. Apart from the obvious approach of `data:` URLs for Chromium and `contentScri... koszko

09/12/2021

11:20 AM Feature #93 (Rejected): Elaborate on ethics in the documentation

The user manual currently contains several references to what we recommend or what the reader should be doing without... jahoti

11:13 AM Feature #90: Make the 0.1 release

I'm working through testing the Mozilla account-generation script now. I've removed the signing functionality rather ... jahoti

03:00 AM Feature #92: Replace cookie smuggling with some safer approach

It turns out Firefox did once support redirection to `data:` URLs (prior to v60, it seems), before it was accidentall... jahoti

09/11/2021

12:53 AM Feature #92: Replace cookie smuggling with some safer approach

> Jahoti, please, remind me. Why aren't we just making a synchronous AJAX call in the content script and redirecting ... jahoti

12:41 AM Feature #90: Make the 0.1 release

> Interesting. The flag that enables unverified installs is supposedly still supported in developer edition of Firefo... jahoti