The devastating effects of ad blocking · 4 days ago by Wladimir Palant
A few years ago I used to blog about some of the more ridiculous claims that ad blocking opponents make and take them apart. Fortunately, I no longer have to. Other people do this now and they are much more successful expressing their opinions. So I don’t really need to write about the recent article at Ars Technica on the effects of ad blocking. I do so mostly to link to the responses so that I can find them again.
Content Security Policy enabled on adblockplus.org · 7 days ago by Wladimir Palant
If you are using Gecko 1.9.3 Alpha 2 (Mozilla Developer Preview) or even Firefox nightly builds then your browser already supports Content Security Policy. This is a mechanism to prevent attacks on a website like Cross-Site Scripting or Clickjacking. While I believe that adblockplus.org isn’t vulnerable to any of these attacks, I certainly like having an additional layer of protection and switched on Content Security Policy on this site. A possible side-effect is that some things which used to work fine might fail to load now — if you see something like that please let me know.
Linux New Media Award for Adblock Plus · 8 days ago by Wladimir Palant
I was at CeBIT today, collecting the Linux Media Award for the best open source Firefox extension. I just want to repeat what I said there: I really didn’t expect to come that far. After all, initially I only intended to quickly improve Adblock and find somebody to maintain the new codebase. And now, four years later, I am still continuing to improve Adblock Plus and there is much more work to be done. This is largely the “fault” of the passionate community who has been a great motivator. So: everybody who helped me and supported the project in all these years (you know who you are and I cannot possibly mention everybody) — thank you!
How are supported applications chosen for Adblock Plus? · 29 days ago by Wladimir Palant
It is time to formalize how I choose which applications/application versions to support in Adblock Plus. There are several categories here:
- Applications with very high user numbers (particularly with high numbers of users testing Adblock Plus development builds): that’s currently only Firefox. Supporting multiple application versions is possible, bugs will usually be caught by the community before an Adblock Plus release. Still, once a Firefox version gets close to end-of-life (Mozilla will no longer ship security updates) its user numbers drop considerably and it gets harder to get Adblock Plus properly tested there. Which is one reason why I am targeting mostly the versions supported by Mozilla (currently Firefox 3.5 and 3.6) and drop support for outdated versions eventually (Firefox 3.0 support is currently being phased out).
About.com Reader's Choice Awards - Adblock Plus needs your vote! · 38 days ago by Wladimir Palant
Don’t have enough polls to participate in? Good news for you: About.com started its Reader’s Choice Awards program and you might know some of the finalists. Now it all depends on your vote. Head over to the poll page, page 4 is particularly interesting — it lists Adblock Plus as one of the finalists in the “Best Overall Add-On” category. You certainly want to go to page 2 as well and vote for Firefox in the “Best Major Desktop Browser” category. If you already had a chance to use Firefox Mobile (Fennec), maybe even with Adblock Plus installed, page 3 is where you can vote for it.
Getting screen coordinates for an HTML element · 41 days ago by Wladimir Palant
Yes, getBoxObjectFor() is deprecated, we all know that. And there is getBoundingClientRect() now which is much better anyway. But what should I do if I need the screen coordinates of an HTML element? getBoundingClientRect() won’t provide them and translating doesn’t seem possible (window.screenX is not the screen position of the window’s client area). Google found only a newsgroup discussion yet I already knew that popups can be positioned relative to a node automatically. I need to update the position of a popup that is already open and there doesn’t seem a way to realign the popup with its anchor node without closing it (at least not in Firefox 3.5).
Why Adblock Plus on download.com isn't being updated · 42 days ago by Wladimir Palant
- Dear CNET, so you own download.com? Very easy to remember, nice for you.
- No, I am not really interested in publishing my software there, addons.mozilla.org suits my needs much better.
- Oh, somebody already uploaded my software and I only need to keep it updated? Ok, I guess this won’t be too much of a problem.
- Why did you subscribe me to this newsletter? I didn’t ask for it!
One way to get outdated plugins on your computer · 43 days ago by Wladimir Palant
Only two days ago I wrote how browser plugins are the biggest security risk today. And yesterday I experienced first-hand how one would get outdated and insecure plugins installed. I installed Lexware Steuer 2009 (for the German readers: yes, that’s the one you get at Aldi and that always gets good marks in software tests). And then Secunia PSI went berserk warning me about various security threats on my computer. Turned out, this application installed without even telling me: Java Runtime Environment 1.6.0 Update 2 (released July 2007, current version is 1.6.0 Update 18), Flash Player ActiveX 9.0.124.0 (released April 2008, current version is 10.0.42.34), MSXML 4.0 SP2 (released June 2003, current version is 4.0 SP3).
The new browser security landscape · 45 days ago by Wladimir Palant
Brian Krebs came across one of those websites throwing a battery of exploits at users and took a close look at its administration page. It lists seven exploits, the two most successful ones being for Adobe Reader and Java, followed by two Internet Explorer exploits. At the far end of the list two Firefox exploits can be found as well. From what I understand, only one Adobe Reader vulnerability was unpatched at that time, all other vulnerabilities have been fixed already. For example, the Java exploit targets a security hole that was closed in December 2008, the exploited Firefox vulnerabilities have been closed in Firefox 1.0.5 and 1.5.0.5 respectively.
More extension signing adventures · 81 days ago by Wladimir Palant
Things got significantly better since the last time I tried to sign Adblock Plus. Firefox 3.5.6 will now show my name instead of “Author not verified” even if the organization field of the certificate is empty (thanks, Boris). And StartCom certificates are accepted by all main applications that Adblock Plus needs to support (meaning Firefox 3.0 starting with 3.0.12, Firefox 3.5/3.6/3.7, SeaMonkey 2.0 and Thunderbird 3.0). So I started signing development builds again and even released Adblock Plus 1.1.2 as a signed XPI a little more than a week ago.